<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.2912" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><SPAN class=188070414-05072006><FONT face=Arial
color=#0000ff size=2>blah hit next on my google search and got this link hehe go
figure it is the first link AFTER I finally ask for help</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=188070414-05072006><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=188070414-05072006><FONT face=Arial
color=#0000ff size=2><A
href="http://windows.ittoolbox.com/documents/tutorials/integrating-samba-3-in-to-a-windows-2003-domain-1893">http://windows.ittoolbox.com/documents/tutorials/integrating-samba-3-in-to-a-windows-2003-domain-1893</A></FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=188070414-05072006><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=188070414-05072006><FONT face=Arial
color=#0000ff size=2>but if anyone has more links to share please
do</FONT></SPAN></DIV><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> centos-bounces@centos.org
[mailto:centos-bounces@centos.org] <B>On Behalf Of </B>King, John (Greg)
(LMIT-HOU)<BR><B>Sent:</B> Wednesday, July 05, 2006 9:02 AM<BR><B>To:</B>
centos@centos.org<BR><B>Subject:</B> [CentOS] Linux kerberos to Windows AD
2000/2003<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV><SPAN class=684405213-05072006><FONT face=Arial size=2>I have spent the
last 4-5 hours scrounging google articles on this and have found 2 solutions.
The problem is one of them is something that we will not do (as MS will not
support extending AD with Services For Unix(SFU)).</FONT></SPAN></DIV>
<DIV><SPAN class=684405213-05072006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=684405213-05072006><FONT face=Arial size=2>The other is simply
configuring kerberos and pam on the linux system. No problem there from what I
can tell.</FONT></SPAN></DIV>
<DIV><SPAN class=684405213-05072006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=684405213-05072006><FONT face=Arial size=2>Ticket cache:
FILE:/tmp/krb5cc_0<BR>Default principal: <A
href="userid@dom.ain">userid@dom.ain</A></FONT></SPAN></DIV>
<DIV> </DIV>
<DIV><SPAN class=684405213-05072006><FONT face=Arial size=2>Valid
starting
Expires
Service principal<BR>07/05/06 07:23:03 07/05/06 17:23:47 k<SPAN
class=684405213-05072006><FONT face=Arial
size=2>rbtgt/DOM.AIN@DOM.AIN</FONT></SPAN><BR>
renew until 07/06/06 07:23:03</FONT></SPAN></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV><SPAN class=684405213-05072006>
<DIV><BR><FONT face=Arial size=2>Kerberos 4 ticket cache: /tmp/tkt0<BR>klist:
You have no tickets cached</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><SPAN class=684405213-05072006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=684405213-05072006><FONT face=Arial size=2>The problem though
is configuring winbind from the console (all of the linux systems are nothing
more than the kernel, ssh and the few apps necessary for the system to do it's
job). All the online examples I have been able to find use the linux GUI.
</FONT></SPAN></DIV>
<DIV><SPAN class=684405213-05072006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=684405213-05072006><FONT face=Arial size=2>Does anyone know of
a document (or mind sharing) how they installed and configured the samba 3
winbind daemon to map SID's to unix uid's/gid's? That would eliminate the need
to extend the active directory schema.</FONT></SPAN></DIV>
<DIV><SPAN class=684405213-05072006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=684405213-05072006><FONT face=Arial
size=2>thanks,</FONT></SPAN></DIV>
<DIV><SPAN class=684405213-05072006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=684405213-05072006><FONT face=Arial
size=2>Greg</FONT></SPAN></SPAN></DIV></BODY></HTML>