[Samba] winbind as a name service "proxy"?
TAKAHASHI Motonobu
monyo at monyo.com
Wed May 4 04:09:22 MDT 2011
From: "Assarsson, Emil" <Emil.Assarsson at sonyericsson.com>
Date: Wed, 4 May 2011 10:37:28 +0200
> We hava a bunch of machines that needs to have the ability to look up users and groups (like with libnss_winbind) but we need to have the Kerberos and PAM stuff. We really don't want to join them to the AD. Are there any way to use one server as a proxy for name and group lookups?
>
> [dumb-node] --> [master-node-with-winbind] --> [AD]
I do not know what you exactly want.
To enable SUA on your AD and to set correctly on your every UNIX
boxes, you can look up users and groups from UNIX via LDAP or NIS (if
you enable NIS on your AD) and to set PAM and NSS craftily, you will
give auth info from Kerberos and users and groups' info from AD.
---
TAKAHASHI Motonobu <monyo at samba.gr.jp>
More information about the samba
mailing list