[Samba] Samba3 capable of AD auth. without matching Linux users?

Stefan Midjich swehack at gmail.com
Sun Jun 23 23:11:23 MDT 2013


Thanks Marc. In fact the localhost was just a precaution and I was never
sure of it, I even tried resolving localhost to make sure it worked after I
made the change.

I will test idmap backend ad later, because I think what made it all work
for me was setting up NSS. Now that NSS is setup I can even run id ad-user
in the cli and get all the information from AD. So it seems more integrated
now and I have a better understanding of NSS.

I was under the impression that rid converted the SIDs into valid UIDs and
GIDs. But if I am, as now, only needing it for authentication and now for
IO to the FS then I should logically not require the local UIDs/GIDs.


2013/6/23 Marc Muehlfeld <samba at marc-muehlfeld.de>

> Hello Stefan,
>
> Am 23.06.2013 22:44, schrieb Stefan Midjich:
>
>  I eventually got it working with the following configuration, in case any
>> googlers find it helpful.
>>
>> I wrote it all down here on this wiki
>> http://wiki.sydit.se/teknik:**ad_autentisering_foer_cifs_**med_samba<http://wiki.sydit.se/teknik:ad_autentisering_foer_cifs_med_samba>Just so I
>> would not forget until tomorrow. :)
>>
>
> I haven't fully compared, but isn't it widely the same like here:
> http://wiki.samba.org/index.**php/Samba4/Domain_Member<http://wiki.samba.org/index.php/Samba4/Domain_Member>
> Is there a reason, why you use Idmap backend rid and don't take the UIDs
> from AD?
>
>
> I don't understand swedish and what you wrote in the sentence before, but
> I think setting
> 127.0.0.1       webb01.domain.local webb01
> could maybe make problems somewhere sometime. 127.0.0.1 should be better
> resolved to localhost. If some program resolves "webb01" /etc/hosts would
> return 127.0.0.1 instead of the IP of your NIC.
>
>
>
> Regards,
> Marc
>



-- 
Hälsningar / Greetings

http://Stefan.Midjich.name


More information about the samba mailing list