* Toby Bluhm <[EMAIL PROTECTED]> [070216 07:23]: > Brijesh Shukla wrote: > >Hi Samba/Active directory List > >Can any one please let me know, how can i authenticate a user on Samba > >Machine via Active Directory. > >Let me describe my question in more detail. > >I have Active directory as a domain controller on widows 2003 Server > >on the > >same network I have Linux machine that is > >running the Samba server under the domain contrller of Active Directory. > >I have list of registerd user on Active directory but all of them is not > >having the account on Samba machine, how can > >rest of the user who is not having linux account on Samba machine can > >access > >the shared folder on Linux (Samba server). > > > >Example, if x, y, z are the registerd user on Active directory and in the > >same Domian I have Samba server. > >I have created an account for x (Add user ) in Linux Samba machine, > >now x is > >able to access the samba server > >from any machine to linux. but rest of the other user (Y and Z) can not > >access the Samba server thoug they are > >registerd in Active directory as the same previlege ad X. Suppose If i > >have > >a 1000 of account in Active directory > >then I have to create 1000 of account in Samba server to make them > >eligible > >to access shared folder on Linux is it the case.... > >While in windows-XP enviroment and one of the registerd user in Active > >Directory can access any one Machine in same domain.. > >Kindly teach me... > >Thanks & Regards > >Brijesh Shukla > > You will need to configure winbind.
I'm not sure that is true; I think one could use pam_ldap alone instead. However, I agree that winbind is a good choice. > Have you reviewed the docs at samba.org? > > Official HowTo Collection - Chapter 2 Domain Member Server, Chapter 14 > Identity Mapping. > Samba3 By Example - Chapter 7 Adding Domain Member Servers and Clients The direct answer is, 'No', you don't have to create all 1000 accounts on the Samba server (though you may still have to create the homedirs). You can use winbind instead, as Toby pointed out, and the above mentioned documentation contains all you need to know. To give you a general idea of what you'll learn from the above documentation: Essentially, winbind maps unix uids and gids to Ms.ActiveDirectory sids. Winbind offerrs 2 or 3 mutually exclusive ways to do that mapping. The simplest way is for winbind to maintain its own, unshared map, local to the samba server. The uids and gids that winbind uses in this case, are unique to the local samba server (i.e. the same mapping cannot be used on some other host). More complex ways to make winbind do its sid-> uid/gid mapping include: a) get the map from an ldap server b) get the map from an MsA.D. server that has had its schema extended with unix attributes (mssfu). I believe there is another mapping method too, that I don't know well enough to summarize. None of the winbind mapping strategies handle making home directories. If you need home dirs, you might be able to use pam_mkhomedir to make them automatically for you. -- Happy Landings, Jon Detert IT Systems Administrator, Milwaukee School of Engineering 1025 N. Broadway, Milwaukee, Wisconsin 53202, U.S.A. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
