You are correct, you will use winbind instead of NIS. Craig White has not
understood you intentions.
All you want to store in LDAP in idmap, Criag is talking about using it to store
user and group data
which would be an alternative to using winbind,
thanks Andy.
Am I missing something here? I thought winbind was supposed to act similar to
yp/NIS? That winbind is given a range of UIDs and GIDs that would be higher than
anything on the local system and winbind would translate out a passwd entry for
each Windows domain user (again, identical to NIS). That I would only have to
add a user to the windows DC, and that when that user tries to log into one of
our Linux boxes, they would be able to use the same login and password. Finally,
if I happen to have several Linux boxes, and I wanted to ensure identical
UID/GIDs, that LDAP is the only answer to make that happen.
In other words, if jskains is assigned 10000 as a UID on System A and if jskains
logs into System B (another Linux box), LDAP would be used to ensure that
jskains remains at UID 10000. In that case if System A and System B happen to
share an NFS mount, file ownerships would remain intact.
So I am basically trying to ensure a single login between Windows servers and
our Linux boxes, and I am phasing out NIS and replacing it with Winbind.
How is this an ignorant or stupid plan? Our friend Mr. Craig White seems to
think this plan is wrong and that I am clueless. Am I interpreting winbind's
intensions wrong?
JMS