What I did was create the users in /etc/passwd with the same username as you would find in the AD.
Then, its just a matter of enabling Kerberos authentication, and using the Domain Controllers as KDC's.
Maybe not what you're looking for, but its simple and effective. No samba involved.
On Jan 31, 2008 3:51 PM, Milton Calnek milton@calnek.com wrote:
Hello all,
I'm trying to authenticate shell login's against an MS-ADS. I don't have admin access to the ADS, but I can talk to the admins.
I have gotten as far as getting authentication working, but the uid's depend on the order of login. ie: the first guy to login gets 10000, the next gets 10001, etc. The problem I have with this is that I want to share the home directories via nfs, which means everyone has to have the same id.
Is anyone else doing this?
My smb.conf and nsswitch.conf files are below.
TIA
-- Milton Calnek BSc, A/Slt(Ret.) milton@calnek.com 306-717-8737
smb.conf [global] workgroup = example_com realm = example.COM server string = %h server (Samba %v) security = ADS map to guest = Bad Password passdb backend = tdbsam passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . log level = 2 winbind:10 syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 dns proxy = No wins server = ldap ldap ssl = no panic action = /usr/share/samba/panic-action %d idmap uid = 10000-20000 idmap gid = 10000-20000 idmap backend = ldap:ldap://ldap.example.com:3268 ldap admin dn = cn=Manager,dc=example,dc=COM ldap idmap suffix = ou=Idmap ldap suffix = dc=example,dc=COM template homedir = /home/%U template shell = /bin/bash winbind separator = + winbind use default domain = Yes winbind nested groups = Yes invalid users = root
nsswitch.confpasswd: files compat winbind shadow: files compat group: files compat winbind
#hosts: db files nisplus nis dns hosts: files dns
# Example - obey only what nisplus tells us... #services: nisplus [NOTFOUND=return] files #networks: nisplus [NOTFOUND=return] files #protocols: nisplus [NOTFOUND=return] files #rpc: nisplus [NOTFOUND=return] files #ethers: nisplus [NOTFOUND=return] files #netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files netmasks: files networks: files protocols: files rpc: files services: files
netgroup: nisplus
publickey: nisplus
automount: files nisplus aliases: files nisplus
-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos