Benoit Panizzon
2004-Oct-27 10:10 UTC
[Samba] Winbindd as NIS replacement in heterogen environement
Hi all We have the following environement: Microsoft ADS for Windows Users, NIS for Un*x Users. Samba 3.x Fileservers. Win2k/XP Clients which use CIFS to connect to the Fileserver. FreeBSD/Linux Clients which use NFS to connect to the Fileserver. For the moment, Windows User authenticate against the ADS and Un*x users authenticate against a NIS Server. Everything runs fine. But we would like to merge the two existing user bases into one central place. So the first idea was to get rid of NIS and start using winbind and Kerberos on all Un*x clients. But in the default settings every client would generate it's own set of user ID's and that would end up in a huge mess on the NFS servers. Is there a way to integrate the Posix Account Data in to the ADS so that it can be used by winbind or maybe something like a LDAP authenticated login on the unix clients? Or is the only way to solve this problem by setting up a openldap server and get winbindd to store username => Posix uid's into this directory? Has somebody allready got such an environement running? I'm not so interrested in theoretical possibilities to solve it, I've read them too :-) Regards -- Beno?t Panizzon, <bp@imp.ch> ------------------------------------------------------------------------ ImproWare AG, UNIXSP & ISP Phone: +41 61 826 93 00 Zurlindenstrasse 29 Fax: +41 61 826 93 01 CH-4133 Pratteln Net: http://www.imp.ch/ ------------------------------------------------------------------------
Stephen Collier
2004-Oct-27 11:08 UTC
[Samba] Winbindd as NIS replacement in heterogen environement
You could try AD4Unix and ldap. We have been using it for a couple of years with no problems. regards Stephen Collier -----Original Message----- From: Benoit Panizzon [mailto:benoit.panizzon@imp.ch] Sent: Wednesday, 27 October 2004 8:11 PM To: samba@lists.samba.org Subject: [Samba] Winbindd as NIS replacement in heterogen environement Hi all We have the following environement: Microsoft ADS for Windows Users, NIS for Un*x Users. Samba 3.x Fileservers. Win2k/XP Clients which use CIFS to connect to the Fileserver. FreeBSD/Linux Clients which use NFS to connect to the Fileserver. For the moment, Windows User authenticate against the ADS and Un*x users authenticate against a NIS Server. Everything runs fine. But we would like to merge the two existing user bases into one central place. So the first idea was to get rid of NIS and start using winbind and Kerberos on all Un*x clients. But in the default settings every client would generate it's own set of user ID's and that would end up in a huge mess on the NFS servers. Is there a way to integrate the Posix Account Data in to the ADS so that it can be used by winbind or maybe something like a LDAP authenticated login on the unix clients? Or is the only way to solve this problem by setting up a openldap server and get winbindd to store username => Posix uid's into this directory? Has somebody allready got such an environement running? I'm not so interrested in theoretical possibilities to solve it, I've read them too :-) Regards -- Beno?t Panizzon, <bp@imp.ch> ------------------------------------------------------------------------ ImproWare AG, UNIXSP & ISP Phone: +41 61 826 93 00 Zurlindenstrasse 29 Fax: +41 61 826 93 01 CH-4133 Pratteln Net: http://www.imp.ch/ ------------------------------------------------------------------------ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba