From: "Wojtak, Greg" <[email protected]> Date: Fri, 9 Sep 2011 14:47:53 +0000
> I'm working on testing out using winbind in our environment for user > info and authentication. Our 2K8 R2 AD DS set up has all of the > rfc2307 attributes populated for objects that need to appear on the > Unix machines and everything is working splendidly. One thing I'd > like to know is, we have some instances where users' AD accounts are > not the same as their unix id's (matching them up at this point is > not an option). Is there a way to tell winbind to look at the uid > attribute in AD rather than the sAMAccountName for a Unix user name? Try use idmap_id(8) and "winbind nssinfo = rfc2307". The detail syntax is pretty different between Samba versions. There is a sample suitable for Samba 3.3.0 - Samba 3.5.X, idmap config YOURDOMAIN:backend = ad idmap config YOURDOMAIN:schema_mode = rfc2307 idmap config YOURDOMAIN:range = xxxxx-xxxxx winbind nss info = rfc2307 then, these attributes are retrieved from AD: uid, gid, shell, homedir. If you are not satisfied, then as you said: > If not, I can simply use the LDAP interface into AD for those > systems, but I'd like to try and keep everything consistent, if > possible. configure nss_ldap to retrieve informations from AD, and idmap_nss(8). --- TAKAHASHI Motonobu <[email protected]> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
