> It looks like the problem is AD UID to UNIX UID mapping. The default > TDB backend will create 'virtual' UNIX accounts on demand but I don't > want this -- I want user 'foo' to map to the local user 'foo'. If I > add idmap uid and idmap gid lines the users authenticate okay but the > TDB idmap backend wants to map a new user instead of using the > existing UNIX account by the same name.
Have you looked at the 'username map' option? AFAIK you will need to map AD to UNIX users by hand if you don't want the autocreate behaviour. You might be able to script the production of the username mapping file though, which would automate it to a certain extent. Cheers, Adam. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
