news.gmane.org wrote:
Hi Steve,mappings being different on individual
I think you have two options, use winbind and bin NIS or vice versa.
If you choose to use winbind as you identified you have to worry about
Samba servers, the only way to get around this currently is to use LDAP asyour idmap backend. This stores
the UID to SID mappings centrally for multiple Samba servers to share.net groupmap to make users and
If you choose to use NIS you will have to mess around with smbpasswd and
groups visiable as valid accounts for Samba. Also your NTLM passwords willnot be sync'd to the domain but
Kerberos auth will work seemlessly. AFAIK
Thanks. I did a little more poking around and it seems like I'm leaning towards using winbind as my definitive authorization for this server and removing NIS from the fileserver. If I do this, I'll need to get LDAP up and running to control the mapping of SID -> UID so my NT SIDs map to my NIS UIDs for UNIX NFS clients that mount the volume(s). I've seen several descriptions of how to get the Samba side up (basically use the "idmap backend" option in smb.conf), but I'm completely new to LDAP, and I haven't found a simple description of how to set up an minimal LDAP server (probably using OpenLDAP) on my linux box that would just contain the SID->UID mappings.
Does anyone have a simple example configuration for OpenLDAP that they would like to share? You can post, or email me directly at: [EMAIL PROTECTED]
Thanks in advance, Steve
-- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Cell: 701-306-6254 Information Systems Consultant Fax: 701-281-1322 URL: www.ae-solutions.com mailto:[EMAIL PROTECTED]
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
