samba - Nov 2003 - Connecting Samba 3.0 to a Win 2003 domain

Hi,

Just rejoined the list after many happy years of using samba in a
production enviroment. 

I'm having problems getting my head around samba 3.0, or specifically,
the UID/GID/SID mapping. I've been RTFM'ing but am still uncertain about
the best way to go...

I have a Win 2003 controlled ADS domain with five thousand users and
just over a thousand groups. Users and groups (users and most groups
have identical names) are also in Unix /etc/passwd and /etc/group files.

Users access the Unix servers via ssh, and NFS as well as (currently)
samba 2. Passwords are authenticated against ADS/Kerberos.
 
I'm happy to write some sort of script that pulls data out of the ADS
(via LDAP) and regenerate some UID/GID/SID map somewhere. But after
RTFMing it looks like I should:

1) Set up an OpenLDAP server just to handle the sambaSamAccount
UID<-->SID mapping. This is OK but a bit strange as (it seems to me)
this info already in the ADS LDAP server. 

2) If I go with the OpenLDAP server, do I also use it to map the
GID<-->SID as well? There is an objectclass "sambaGroupMapping"
in
samba.schema that looks like this is what I should do, but as well as
the point made in 1) there doesn't seem to be anything in the how-to
about this.

3)the objectclass "sambaDomain" - I can't seem to find out what
this is
for.

Any pointers appreciated!

Thanks

Eddie

Just setting up something similar myself

Winbind is what you want - no need for ldap or anything then.

Along with a pam_mkhomedir module, it works a treat

See: "The official samba 3 howto - section 6.4 and chapter 20: Winbind
-----Original Message-----
From: samba-bounces+allen=gist.net.au@lists.samba.org
[mailto:samba-bounces+allen=gist.net.au@lists.samba.org] On Behalf Of Edward
Irvine
Sent: Tuesday, 25 November 2003 11:28 PM
To: samba@samba.org
Subject: [Samba] Connecting Samba 3.0 to a Win 2003 domain 

Hi,

Just rejoined the list after many happy years of using samba in a
production enviroment. 

I'm having problems getting my head around samba 3.0, or specifically,
the UID/GID/SID mapping. I've been RTFM'ing but am still uncertain about
the best way to go...

I have a Win 2003 controlled ADS domain with five thousand users and
just over a thousand groups. Users and groups (users and most groups
have identical names) are also in Unix /etc/passwd and /etc/group files.

Users access the Unix servers via ssh, and NFS as well as (currently)
samba 2. Passwords are authenticated against ADS/Kerberos.
 
I'm happy to write some sort of script that pulls data out of the ADS
(via LDAP) and regenerate some UID/GID/SID map somewhere. But after
RTFMing it looks like I should:

1) Set up an OpenLDAP server just to handle the sambaSamAccount
UID<-->SID mapping. This is OK but a bit strange as (it seems to me)
this info already in the ADS LDAP server. 

2) If I go with the OpenLDAP server, do I also use it to map the
GID<-->SID as well? There is an objectclass "sambaGroupMapping"
in
samba.schema that looks like this is what I should do, but as well as
the point made in 1) there doesn't seem to be anything in the how-to
about this.

3)the objectclass "sambaDomain" - I can't seem to find out what
this is
for.

Any pointers appreciated!

Thanks

Eddie
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba