[Samba] AD Auth, but Unix users and groups

Gerald (Jerry) Carter jerry at samba.org
Mon Oct 22 14:04:08 GMT 2007

Hash: SHA1

Gary Algier wrote:
> Hello All:
> I have a Samba server (running 3.0.11) that uses an LDAP SAM for
> authentication.  We now have AD (native mode) running in house.
> Since everyone has a login there, I would like to use the AD
> credentials for authentication.  However, I would like to continue
> to use the Unix user ids and group ids, etc.
> All the documentation for AD authentication talks about ID mapping, etc.
> I don't think I need this.  I already have ids.  I don't need to map
> them.
> Is there an easy way to do what I want?

Yes.  There are several ways.  In Samba 3.0.25 and later there
is the idmap_nss plugin for winbind.  Prior to that is the
"winbind trusted domains only" setting but that has some drawbacks.
or you can possible forego Winbind and use something like nss_ldap.
But you need to make sure that the user and group names in
you directory match the AD environment.

cheers, jerry
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the samba mailing list