On 3/26/03 22:17, "stscanlan" <[EMAIL PROTECTED]> wrote: > Has anybody out there had luck with LDAP or similar to enable users to share > a common logon database for Windows 2000 and Linux. Microsoft and Linux > supposedly allow authentication using LDAP, Kerberos and alternative schemes > to their native databases ie /etc/shadow/passwd and the SAM. > > Any help with this would be greatly appreciated. > > Steve S.
You can set up your linux box to import users via LDAP. You will need to make some changes to your AD schema, such as adding attributes for UniqueID, mounts (typcially vfs, vfsopts, and vfsdir). I have had problems getting a clean group management system working, but the best work around I could figure out is by adding MemberUID, userlist, and gid attributes to the AD schema as well. Unfortunately, this means adding users on the PDC to a particular group does not add them on the Unix side, instead you have to manually go in on the windows box using ADSI Edit, (or from the client side using Domain admin privileges and cli tools) and manually add in the gid's to each user name. It's a pain, but it works. There seems to be a serious dearth of information on this. Once you have LDAP authentication up and running, then you can easily set up SMB pass through authentication with no need for winbindd, though I've had some problems using secure passwords on this. Hope this helps, Beau -- Beau Hunter Technical Consultant Wedgetail Consulting www.wedgetailtechs.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
