Jim Hatfield
2005-Nov-25 10:51 UTC
[Samba] Any downsides to using MS Services for Unix NIS server?
I have both an AD domain and an existing NIS setup, and would like to merge the accounts. It would seem from reading the help files that installing Services for Unix on my domain controllers and using the AD-integrated NIS server would work well. I wouldn't need to use winbind, and I would have not only consistent but predictable ID mapping, ie I can ensure that INTERNAL\jhatfield maps to UID 115, which is what it is on the existing NIS server. Are there any downsides to doing this - it seems much simpler than deploying winbind that I feel there must be a catch!
SAMBA
2005-Dec-04 07:57 UTC
[Samba] Any downsides to using MS Services for Unix NIS server?
Other than NIS is extremely insecure, and anyone concerned with security would not use it. If you are using SFU, just use LDAP/Kerberos instead of NIS. You'll get the same results, but with more security. You don't have to use IDMAP to have GID/UID based on SID. You can manually enter it yourself as per design you're your network. Also check out PADL NSS/PAM modules. There's also I think some scripts for automating migration from NIS to LDAP. -----Original Message----- From: samba-bounces+letz_samba=realmspace.com@lists.samba.org [mailto:samba-bounces+letz_samba=realmspace.com@lists.samba.org] On Behalf Of Jim Hatfield Sent: Friday, November 25, 2005 2:51 AM To: samba@lists.samba.org Subject: [Samba] Any downsides to using MS Services for Unix NIS server? I have both an AD domain and an existing NIS setup, and would like to merge the accounts. It would seem from reading the help files that installing Services for Unix on my domain controllers and using the AD-integrated NIS server would work well. I wouldn't need to use winbind, and I would have not only consistent but predictable ID mapping, ie I can ensure that INTERNAL\jhatfield maps to UID 115, which is what it is on the existing NIS server. Are there any downsides to doing this - it seems much simpler than deploying winbind that I feel there must be a catch! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba