[Samba] Question on approach to authenticate Linux against Samba4
jonathan at buzzard.me.uk
Thu Jul 25 13:42:58 MDT 2013
On 25/07/13 17:59, dahopkins at comcast.net wrote:
> 1) will the unixHomedirectory be honored?
> 2) will I be able to easily add users so that the unix settings will
> be properly configured? I currently use the IDEALX smbldap tools.
> Being able to script account creation is very important to me ..
> adding 200+ user accounts manually each year is not very appealing.
It is scriptable, though to be honest a powershell script from Windows
probably works better at this point in time.
> 3) Will the scripting tools be able to automatically assign a unique
> uid for each unix account. Current approach uses NextFreeUnixID but
> this does not exist in the Samba4 database (the ldap entry is shown
> below )
Nope. Either maintain the accounts somewhere else where you can do that
and have a script that then creates and disables accounts as needed in
AD, or have your script look for the highest UID and increment from that.
> I have read through the recent thread on winbind and honestly I am
> not sure that I want to pursue either winbind or sssd if it is
> possible to use nss_pam_ldap which seems closest to the current
Assuming these are Linux workstations, then sssd is the way to go for
the future. If you are running a samba 3.x member file server then I
personally would use winbind. I have not looked at Samba4 yet (campus
agreements in higher education where I work make real Microsoft AD
controllers very very cheap that why would you do it), but there are
reports of issues with winbind on samba4 file servers. Then again I
would be hesitant in putting a Samba 4 file server into production. You
gain little over a Samba 3.6.x server.
Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk
Fife, United Kingdom.
More information about the samba