I've installed samba+winbind for 2k users. I had set up my stations tu use winbind for all, and the backend used is ldap. Now with a little more infos, I will probably change the authentification on computers to use krb5 + credential caching, so ppl will get a kerberos ticket and get SSO like for windows users. For changing their password, it works with kerberos, with "kpasswd [EMAIL PROTECTED]" What isn't working is the "change password at first login" set up by windows, but I didn't get further into that, only removed that.
Le Lundi 21 Mars 2005 04:46, AD. a �crit�: > Hi all, > > I am just after some opinions about the pros and cons of winbind > compared to the 'standard' kerberos and ldap methods. I've have > already got single sign on working with pam_krb5 and nss_ldap (using > SASL/GSSAPI) against SBS 2003 (with MSSFU 3.0) using Debian Sarge as > clients/'member servers', and integration of Samba is the next bit I'm > looking at. > > The impressions I get are (corrections welcome): > > Winbind should be a bit simpler to set up than the pam/nss option, and > mean a bit less work entering UIDs and GIDs etc into Active Directory > and generating keytabs etc. > > Using the standard kerberos/ldap methods should give more flexibility > for integrating with other unix based services eg consistent uid > mapping between machines (when using Active Directory at least) etc. > > Winbind users need to log on using DOMAIN\USER, while pam_krb5 users > just need to use USER for their default realm. Or am I wrong about > that one? > > Winbind users can change their AD password while pam_krb5 users can't > (at this stage). > > > Now for some questions... > > Is it possible or is there any value in using both winbind and > pam_krb5/nss_ldap together? How would they integrate? > > If it's even possible, what would I miss out on if not using winbind? > I presume there still needs to be some sort of SID mapping going on > for Samba to do its stuff? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
