I'm sorry, I still don't quite follow you. I have "security = ads", and, as far as I can tell, a working kerberos installation, so that means I'm using kerberos authentication, right? >From the messages above, that means samba should be honoring the domain portion of entries in the username map, which it is not doing. Or am I using NTLM authentication for some weird reason?
Greg On Wed, 20 Oct 2004 10:12:10 -0500, Gerald (Jerry) Carter <[EMAIL PROTECTED]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Greg Adams wrote: > | How do you choose to authenticate using kerberos instead > | of NTLM? Is that when you map as "[EMAIL PROTECTED]" > | instead of "DOMAIN\userid"? > > It depends on whether you are using 'security = ads' and > have a working kerberos installation or if you are using > 'security = domain'. > > | Is there another way for me to do user mapping than > | using the username map? I've seen some OpenLDAP method > | of doing it, but since my goal is to map a handful of > | ADS domain groups to individual unix id's, I > | figured it was easier to just use username map instead > | of setting up an LDAP schema. > > You are talking about group mapping. This does not > require LDAP, but can be stored in and LDAP directory. > > > cheers, jerry > - --------------------------------------------------------------------- > Alleviating the pain of Windows(tm) ------- http://www.samba.org > GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc > "If we're adding to the noise, turn off this song"--Switchfoot (2003) > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.4 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFBdoBKIR7qMdg1EfYRAjQ9AKC5fMb6pQGPPUj9MElWnFhP+fXCQwCgm9Dw > bUYflDdIf8LOjflh3JWcYV8= > =3HkH > -----END PGP SIGNATURE----- > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
