[CentOS] CentOS 5.4 x86_64 authenticating against AD (Server 2008r2)
craigwhite at azapple.com
Wed Feb 10 23:18:58 UTC 2010
On Wed, 2010-02-10 at 09:50 -0500, Ross Walker wrote:
> On Feb 10, 2010, at 8:11 AM, Chan Chung Hang Christopher <christopher.chan at bradbury.edu.hk
> > wrote:
> >> If you have hundreds or thousands of users and hundreds of groups,
> >> well good luck. It is extremely hard to automate assigning these
> >> uids/
> >> gids and making sure they don't collide with each other or other unix
> >> systems and doing it by hand is a torture reserved for the ninth
> >> circle of hell.
> >> If only nss_ldap had a SID->UID/GID mapping like samba has.
> > How about winbind with a ldap backend? winbind creates the uids/gids
> > and
> > the rest just run nss_ldap?
> > I currently use an ldap directory to store the rids but I don't
> > remember
> > if they have been translated to uids/gids or whether the winbind
> > modules
> > do that...
> I don't know either, but if they do, that would work.
> Can samba update uid/gidNumbers of existing LDAP directory CNs?
> I still like the RID mapping, but if samba can write back uidNumbers
> based on RID map generated uids that would solve the problem.
In essence, samba knows nothing about writing anything to LDAP but
normally people would install smbldap-tools (not part of samba) to
provide a toolset to write to LDAP.
If smbldap-tools doesn't do what you want, modify it.
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the CentOS