[Samba] Manage unix users from AD
Márcio Merlone
marcio.merlone at a1.ind.br
Tue Jan 28 04:22:36 MST 2014
Hi,
Starting a fresh new thread, the ones about sssd x winbind are getting
boring, biased and personal. :) I'd like to bring this to an admin
point-of-view to be more useful for other Samba users (aka admins).
Consider a network with about 200+ employees, most of them windows user.
Happens that one need to provide other non-windows services like e-mail,
proxy and many others to them, running on other linux servers. So, for
many of those users (not all) rfc2307 windows services for unix (SFU)
attributes are needed, to make postfix, dovecot, apache, squid and
others aware of them too.
As far as I know there are 4 possible solutions:
* Internal samba winbind
* Winbind daemon
* sssd
* nss_ldap
Which of each would bring my rfc2307 users with all their attributes
defined on SFU, *and only those users*, to my linux system? If I create
a user _without_ rc2307 means I don't want linux to know about him. If I
define a user with /bin/false as shell on SFU, bring that to linux.
That's it. As an admin, I don't care about idmapping, I already defined
an uidNumber (or wathever AD attribute is used to store it) to the user,
just use it.
Also, to ease the discussion about those solutions, how about someone
with knowledge of their internal mechanics sketch a feature matrix
comparing those, listing advantages and drawbacks? I understand Samba
team will always recommend winbind over others, but get the difference:
a - Samba team does not recommend other solutions.
b - Samba team recommend not using other solutions.
I believe (a) is true, which does not disregard others.
Best regards.
--
*Marcio Merlone*
TI - Administrador de redes
*A1 Engenharia - Unidade Corporativa*
Fone: +55 41 3616-3797
Cel: +55 41 9689-0036
http://www.a1.ind.br/ <http://www.a1.ind.br>
More information about the samba
mailing list