[CentOS] CentOS 5.4 x86_64 authenticating against AD (Server 2008r2)

Craig White craigwhite at azapple.com
Wed Feb 10 23:18:58 UTC 2010


On Wed, 2010-02-10 at 09:50 -0500, Ross Walker wrote:
> On Feb 10, 2010, at 8:11 AM, Chan Chung Hang Christopher <christopher.chan at bradbury.edu.hk 
>  > wrote:
> 
> >
> >> If you have hundreds or thousands of users and hundreds of groups,
> >> well good luck. It is extremely hard to automate assigning these  
> >> uids/
> >> gids and making sure they don't collide with each other or other unix
> >> systems and doing it by hand is a torture reserved for the ninth
> >> circle of hell.
> >>
> >> If only nss_ldap had a SID->UID/GID mapping like samba has.
> >>
> >
> > How about winbind with a ldap backend? winbind creates the uids/gids  
> > and
> >  the rest just run nss_ldap?
> >
> > I currently use an ldap directory to store the rids but I don't  
> > remember
> > if they have been translated to uids/gids or whether the winbind  
> > modules
> > do that...
> 
> I don't know either, but if they do, that would work.
> 
> Can samba update uid/gidNumbers of existing LDAP directory CNs?
> 
> I still like the RID mapping, but if samba can write back uidNumbers  
> based on RID map generated uids that  would solve the problem.
----
In essence, samba knows nothing about writing anything to LDAP but
normally people would install smbldap-tools (not part of samba) to
provide a toolset to write to LDAP.

If smbldap-tools doesn't do what you want, modify it.

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the CentOS mailing list