Gibbs, Simon
2005-Jan-20 16:00 UTC
[Samba] Active Directory integration - where to go next??
Hi, I think I've hit a bit of a brick wall with integrating Samba and Active Directory and aren't sure which direction I should go - I've had a look through the How-To and this made me doubt myself even more. At the moment I've configured a Samba domain member to authenticate users against AD. wbinfo and getent both correctly produce user/groups lists from AD and test shares/ACL's are working OK. But should I be storing the mapped Windows user ID's in some kind of DB? Ie LDAP or tdbsam? My aim is to have a second Samba member that will act as a failover. How would this affect the user mappings? I think I read somewhere that each box would map the Windows users separately, so they may not have identical UID's - which would in turn cause problems with permissions and ACL's. Is this the case?? If so do I need to create a single repository to store the user mappings that both Samba members use? Again how does this work?? And how does this get updated when new users are added to AD? Thanks for your time - I'm getting a bit frustrated and need a push in the right direction. Simon ******************************************************************************** The information contained in this email message may be confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Although this message and any attachments are believed to be free of viruses, no responsibility is accepted by T&F Informa for any loss or damage arising in any way from receipt or use thereof. Messages to and from the company are monitored for operational reasons and in accordance with lawful business practices. If you have received this message in error, please notify us by return and delete the message and any attachments. Further enquiries/returns can be sent to postmaster@tfinforma.com
Am Donnerstag 20 Januar 2005 16:59 schrieb Gibbs, Simon:> If so do I need to create a single repository to store > the user mappings that both Samba members use? Again how does this work??Don't worry. I have not done this, but thereis a paranmeter called "idmap backend". Specifying ldap and having the ?proper object classes will probably handle your challenge. Check the docs on that. hth dan