On my new samba file server I want to use security=domain, authenticating against an NT4 PDC. The file server will also server nfs requests to my UNIX clients.
Current UNIX accounts exist in LDAP (objectClass=posixAccount). Current NT accounts live in NT domain. All UNIX users have an associated account in the NT domain (same username). Few NT users have UNIX accounts. I have setup nfs on the new server so the UNIX users can use the new file store already. Initially I want to allow the UNIX users access to the server from M$ Windows machines via Samba using domain security and LDAP backends - I want to avoid using sambapasswd and tdbsam. It seems to me that the UNIX LDAP objects just need the sambaSamAccount objectClass attributes filling in using the existing NT account details - which is the best tool for this job: smbpasswd pdbedit net user add net vampire Do I also need an idmap LDAP backend? Once this is up and running I want to give all the NT users access to the filestore - but I don't want them all to have UNIX access. I suppose I just give them a shell of /dev/null so that they can't login. Again, which tool is the best to create the appropriate LDAP entries? Eventually I will migrate the NT domain to 100% samba. I plan to convert the new samba server to the PDC for the domain and add a second BDC, which will have a replica LDAP service running on it. Help/advice/examples much appreciated. -- Simon Oliver -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
