Steffen Kolbe wrote:
interesting to talk with an insider..... ;-)
Nope. I feel like an outsider :-)
.... sorry, my english ist not the best... :-)
1. What is "nestet groups" ? Means it to work with groups in groups?
"winbind nested groups". Right. Groups in groups.
2. What the enumeration makes?
Enumeration is a query for every user or group the AD knows about.
3. Do you have any ideas for linux notebooks? At the moment (in our old environment) we use ADS+SFU with the NIS-feature. On every notebook works a NIS Slave, so every Notebook user can also work offline. But whats with a winbind notebook, when the ADS is not available?
found at the PADL-Homepage, that a software called nss_updatedb and pam_ccreds is the solution with the SFU-schema in offline situations (caching).
Someone else will need to answer this. We still use NIS at the native authentication level. Or flat file accounts for non-network access. I hate being dependent on one auth mechanism. Fallbacks to fallbacks.
4. The solution with the SFU schema works fine in your environment or do you have probs?
Works OK. Use it both ways. Windows serves NFS shares too, with simple name maps.
How many users work with this?
Only 200.
Do you had trouble with the installation or works this so easy like in the HOWTO ? ;-) And do you to hack for correct working (after instalation)?
Using current Kerberos and LDAP versions was the only issue. The work of Jeremy Allison on Kerberos and what others on the samba team have done to work with MS AD is simply fantastic. I should say PFM.
Thanks and regards Steffen
Good luck. Doug
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
