On Wed, Dec 15, 2004 at 11:36:38AM +0100, Christoph Scheeder wrote: | Hi, | that behavior is logical correct, i would say. | What happens is: | the user is found from nis, and gets an userid not from the winbind-range. | As a result samba is not able to verify this uid against the AD, as it | is not an AD-user-id. | i guess to achive what you want you would have to add the nis-users to | the local smbpasswd-database with the correct username and password and | tell samba to loock up users first in local database and then in AD. | But i don't know if this is possible, i never tried it.
That's not quite correct. If you have _all_ of your ADS users in NIS (without the leading "DOMAIN\") then you can use NIS for the username->UID mapping and ADS for samba password authentication. You don't need winbind in nsswitch.conf for this. (I.e, just "passwd: files nis") The problem is if you only have _some_ of your ADS users in NIS, and want to use "passwd: files nis winbind" to take advantage of winbindd's "fake up a UID" behaviour, then you currently can't do this with samba, due to reasons I have detailed in other posts. As far as I can tell, no other "usermapper" product solves this problem either (e.g, EMC's NAS product, etc). Which doesn't make it an invalid problem, just one that hasn't been solved elsewhere. Luke.
pgpampgtbxe1R.pgp
Description: PGP signature
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
