Martin Rootes wrote:
Hi,
I'm trying to convert an old system on Solaris 10 that uses the
smbpasswd file authentication method to a system that authenticates
against Active Directory. I've managed to get winbind working but of
course this just allocates UIDs as it sees fit whereas the smbpasswd
file method used the UID from the /etc/passwd file. The user codes on
the Solaris server match the user codes in AD but if I just switch over
to winbind the UIDs will not match. If there were only a small number of
users I could simply change the ownership of the users home directories
to match the winbind allocated UID but unfortunately there are thousands
of users and so this would be a mammoth task. I've has a look at various
bits of documentation but can't get my head around the best strategy.
Has anyone needed to do something similar and if so how did you go about
it?
Also the users' home directories are distributed around multiple
directories and I would prefer to continue to use the home directory
information from /etc/passwd as opposed to using "template homedir"
(although I assume that I could leave the directories in place and just
set up links to them). I've had also had a look at the PADL nss_ldap
stuff but can't get it to compile, it seems to be looking for SASL,
would the SASL version on the Sun Freeware site work?
Would not filling out the rfc2307 information in the AD not be the way
forward? Then winbind would not be allocating UID's but using what was
set in the AD which you could match with your current settings. In
addition you could have your home directories wherever you want on a per
user basis depending on what you have set in the AD.
If you are going to be using AD then it is best not to fight it, and any
AD server after 2003 R2 has the rfc2307 scheme extensions activated, you
just need to populate the fields. Though I appreciate that sometimes
this can be easier said than done if you don't have control over the AD
servers.
JAB.
--
Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk
Fife, United Kingdom.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
