[Samba] AD authentication for local users

Adam Nielsen adam.nielsen at uq.edu.au
Tue Nov 3 20:29:17 MST 2009


> It looks like the problem is AD UID to UNIX UID mapping. The default
> TDB backend will create 'virtual' UNIX accounts on demand but I don't
> want this -- I want user 'foo' to map to the local user 'foo'. If I
> add idmap uid and idmap gid lines the users authenticate okay but the
> TDB idmap backend wants to map a new user instead of using the
> existing UNIX account by the same name.

Have you looked at the 'username map' option?  AFAIK you will need to
map AD to UNIX users by hand if you don't want the autocreate behaviour.
 You might be able to script the production of the username mapping file
though, which would automate it to a certain extent.

Cheers,
Adam.


More information about the samba mailing list