I have read with great interest the chapter on IDMAP in the Samba 3 HOWTO. I was hoping to get some clarification from someone in the know as to the feasibility of using winbind in may setup. Here is what I want to do: 1. I would like to use winbind for a single sign on (SSO) type solution for integrating my linux clients with AD. The goal here is to eliminate local accounts from my linux boxes so that I can take advantage on account policies that we have set up in AD. 2. I would be perfectly happy to use the IDMAP_RID option with winbind since it allows for consistent UID/GID mapping across multiple linux clients except for one complication... 3. We have a group of existing solaris accounts that we have already synchronized linux UID/GIDs to and I don't want to change that. We need to maintain the capability of sharing files, etc. via NFS between the Unix and Linux machines. 4. So, I want winbind to map SIDs to UIDs in a very specific way. From what I've read, IDMAP with ldap will do that for me. My question: If I use IDMAP with ldap to map SIDs to UIDs in a way that will maintain consistency with our existing unix accounts, will the Linux machines still use winbind as the authentication mechanism, or will that be handed over to ldap? I really want password policies like aging, etc to come from Active Directory, not from LDAP. All I want from LDAP is to provide the specific mapping of SIDs to UIDs for my setup. Nothing more. Is this possible? Is it the preferred way to do this? And if so, can anyone give me a brief description of the relevant setup parameters? (i.e. smb.conf, nsswitch.conf, ldap settings). I'm not looking for anything too detailed, just enough to get a reasonably knowledgeable person started down the right path. Thanks for your time. Craig -------------------- This email message is for the sole use of the intended recipient(s) and may contain privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.
