Background :
We have an existing Win2k domain, 2 Win2k domain controllers, all working just fine. I've been using Samba 2.2.x for quite a while to provide access to specific folders on *nix machines using Domain security...So I'm reasonably familiar with how file/print sharing works.
But what I'm interested in now is providing shell access to *nix machines, without having to manually create accounts on each box. Therefore, windbind....
1st, if using windbind, and all I want to do is not have to manually create users on the *nix box, do I need to configure ldap in "client" mode on the *nix box ? Or does windbind take care of looking up the user/password info without needing ldap info ?
I guess what I mean is, do I need to worry about ldap ( or kerberos for that matter ) ? We're not currently using it for any of our *nix machines...
2nd, is it possible to have *only* users in a specified AD group be granted shell access, and therefore be authenticated ? IE, I don't want *all* valid users in our domain to be granted access, I want to be able to say that only users in AD group X can loin via the shell on the specific *nix box...
If this is possible, does this require ldap configuration on the *nix side ?
Finally, does using windbind require that the application/daemon support, or be compiled to support PAM ? Some of our machines are AIX, and PAM support isn't standard until 5.2, and has only recently been back-ported to 5.1...We have 5.1, but also 4.3.3.
Or is there a good source of information on AIX's LAM and how it may work ( if at all ) with Samba/windbind ?
I've read, and re-read all the information I've been able to find on windbind, and am still a bit unclear on these things.
Thanks for any info or pointers...
-- - Matt - -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
