[Samba] authenticate Linux users to AD on Windows 2003R2

Steve Rippl rippls at woodlandschools.org
Fri May 15 04:20:14 GMT 2009 

Well, not exactly Samba related... but we have a file server that runs 
Samba for Windows clients and NFS for the Linux ones on the same 
folders.  Both authenticate against AD (we're running 2003 with SFU 3.5, 
not R2).  We have uid/gid/home folder info in AD.  Linux machines mount 
the file share /home from the files server for all home folders (fstab 
on the local machine) and then we use ldap in nsswitch to get the 
correct path to the users home folder, which is then there for them and 
they have access to once they've logged in.  _GOT_ to make sure your 
uid/gid info in AD matches the uid/gid info on the nfs share, we use 
wbinfo and "idmap=rid" in smb.conf to script consistent uid/gids for our 
folders (Perl is your friend!)

We use ldap in nsswitch because we have a "non-samba" layout for our 
home folders, ie. it's not /home/yourdomain/username, but if you can 
have that setup then you can simplify things a bit by using winbind in 
nsswitch and you get the "standard" path for your home folder.  As I 
said, just make sure you've already mounted the /home on the client 
through fstab.  There are pretty good tutorials out there on most parts 
of this for Debian/Ubuntu if you Google it (probably other Distros too, 
I'm just biased!).

Of course I'm running a Linux File server, you'll need to use Server 
2003 R2's nfs abilities which I've never tried, but it claims to be able 
to do it.  Or you could move your file server over to Linux/Samba/nfs!!

Let me know how it works out!  I can give you more specific details if 
you want, but probably best off list I would think as it's not exactly 
Samba...

Steve


James D. Parra wrote:
> Hello,
>  
> I have enough details on how to have Linux users authenticate to a 2003r2
> AD, but I need help getting their home dir's to automatically mount to a
> windows share. Any details would be greatly appreciated.
>  
> Many thanks,
>  
> James 
>   

-- 
Steve Rippl
Technology Director
Woodland School District
360 225 9451 x326

More information about the samba mailing list