[Samba] using winbind to map existing unix to AD users

Tom Lieuallen toml at engr.orst.edu
Tue Feb 24 16:23:57 GMT 2009

On our campus, we have an AD forest.  Our particular department has a 
number of samba servers that authenticate to one tree of that AD forest.
All of our users have accounts in LDAP for unix and AD for windows.
We don't want/need winbind for authentication.  However, we would like the 
ability of setting ACLs on the samba server from windows clients.  So, I 
assume I need a mapping of unix uid to AD SID.

It seems winbind is the solution for this, however it seems to want to 
generate the uids rather than using getpwent to look that up.

Is there something simple that I'm overlooking?  Otherwise, I'm 
considering using idmap_ldap and pre-filling that ldap directory base
with the mappings myself.  :-(  Perhaps setup winbind with anon bind
or something so that it _can't_ add anything itself; just look things up.

I also saw one can use a 'net' command to pre-fill gid->sid mappings.
That might be nice/easy too, but I don't see anything similar for
uid->sid mappings.

thank you

Tom Lieuallen
Oregon State University

More information about the samba mailing list