From: "Wojtak, Greg" <GregWojtak at quickenloans.com>
Date: Fri, 9 Sep 2011 14:47:53 +0000
> I'm working on testing out using winbind in our environment for user
> info and authentication. Our 2K8 R2 AD DS set up has all of the
> rfc2307 attributes populated for objects that need to appear on the
> Unix machines and everything is working splendidly. One thing I'd
> like to know is, we have some instances where users' AD accounts are
> not the same as their unix id's (matching them up at this point is
> not an option). Is there a way to tell winbind to look at the uid
> attribute in AD rather than the sAMAccountName for a Unix user name?
Try use idmap_id(8) and "winbind nssinfo = rfc2307".
The detail syntax is pretty different between Samba versions.
There is a sample suitable for Samba 3.3.0 - Samba 3.5.X,
idmap config YOURDOMAIN:backend = ad
idmap config YOURDOMAIN:schema_mode = rfc2307
idmap config YOURDOMAIN:range = xxxxx-xxxxx
winbind nss info = rfc2307
then, these attributes are retrieved from AD: uid, gid, shell,
homedir.
If you are not satisfied, then as you said:
> If not, I can simply use the LDAP interface into AD for those
> systems, but I'd like to try and keep everything consistent, if
> possible.
configure nss_ldap to retrieve informations from AD, and
idmap_nss(8).
---
TAKAHASHI Motonobu <monyo at samba.gr.jp>