search for: mssfu30

...nis-domain: > > Correct > > > > > ERROR: Both --gid-number and --nis-domain have to be set for a > > RFC2307-enabled group. Operation cancelled. > > > > What value should I put for nis-domain? Just the workgroup name? > > AFAICS it ends up in the "msSFU30NisDomain" attribute but I don't > > know what this is used for, or why it's mandatory. > > It was added because this is what ADUC does when adding Unix attributes. > Microsoft AD emulates NIS+ (ex Yellow Pages). NIS are organised in domains. For that they added some upd...

...currently using NIS for directory/authenitication services, and all users (2000+) have existing UIDs/GIDs that need to be maintained (due to being spread out all over the place; we don't think we could do any kind of controlled migration of this data, etc). Our directory schema already has the msSFU30 schema added. I've done extensive research, and it seems my options are: 1) implement services for unix on a windows server 2) use straight LDAP auth (LDAP NSS, LDAP pam) 3) use LDAP in NSS and kerb in pam 4) use LDAP in NSS and winbind in pam >From what I undrestand, there is no feesable...

...system with Samba/NFS). All users on my network have AD accounts. Only about 25% of those users also have UNIX accounts. They have the same username. I installed SFU on our domain controllers and ran a script against our NIS and automatically populated all Windows users with UNIX accounts with the msSFU30* information from NIS. Now the problem I'm having. I can start winbind, but "getent passwd" won't reveal any information from Active Directory. I have set the winbind and idmap debug level to 10, and I see entries like this in winbind.log: [2009/07/16 16:01:15, 10] winbindd/idma...

...gid-number for the group it rejects the request unless I also pass in a --nis-domain: > ERROR: Both --gid-number and --nis-domain have to be set for a RFC2307-enabled group. Operation cancelled. What value should I put for nis-domain? Just the workgroup name? AFAICS it ends up in the "msSFU30NisDomain" attribute but I don't know what this is used for, or why it's mandatory. (3) It's traditional in Unix circles to have a primary group per user with the same name as the user, as this makes it feasible to use umask 0002 and easy file sharing. Does this approach have t...