thanks a lot for pointing that out. There might be multiple domains I have to take care of so I probably need a ldap backend. Is there any chance I can use an existing Active Directory domain controller with SFU or 2003 R2 (with ADAM)? Theoretically it should work fine with ADAM as this is a plain ldap database.. but I need people not having any knowledge of ldap to take control of users - so I would really appreciate a solution based on the R2/SFU schema extensions. But since I couldn't find any schemas for this solution I doubt it's possible, is it?
regards, Roman 2006/1/20, Gerald (Jerry) Carter <[EMAIL PROTECTED]>: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Roman Sommer wrote: > > > what was this thread called originally? It seems to be interesting. > > This is the original thread. > > > It looks like it covers pretty much what I am about to do. > > I never came across any information about > > 'idmap backend = ad' (uses the uid and gid information > > from active directory) or 'winbind nss info' (uses > > the home directory and shell information from AD). > > > > I want winbind to automatically assign both uid and gid to a user that > > logs onto a unix machine for the first time. > > The ad backend for winbindd does not allocate ids. It simply reads them > from an AD extended with the SFU schema. To have winbindd allocate & > store, use either tdb or ldap. If you only have one domain, look at the > rid backend which performs a direct mapping from the user/group- RID to > a uid/gid. > > > > > cheers, jerry > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFD0Q3oIR7qMdg1EfYRAhxGAJ9UKJ2pz/rwY0EuUfOJL2xp3bl6QgCff3qn > tBkjgTSOSXE1rYci5P61hFE= > =/hu8 > -----END PGP SIGNATURE----- > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
