From: "Assarsson, Emil" <[email protected]> Date: Wed, 4 May 2011 10:37:28 +0200
> We hava a bunch of machines that needs to have the ability to look up users > and groups (like with libnss_winbind) but we need to have the Kerberos and > PAM stuff. We really don't want to join them to the AD. Are there any way to > use one server as a proxy for name and group lookups? > > [dumb-node] --> [master-node-with-winbind] --> [AD] I do not know what you exactly want. To enable SUA on your AD and to set correctly on your every UNIX boxes, you can look up users and groups from UNIX via LDAP or NIS (if you enable NIS on your AD) and to set PAM and NSS craftily, you will give auth info from Kerberos and users and groups' info from AD. --- TAKAHASHI Motonobu <[email protected]> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
