From: centos-bounces@centos.org [centos-bounces@centos.org] On Behalf Of Ross Walker [rswwalker@gmail.com] Sent: Tuesday, February 09, 2010 4:08 PM To: CentOS mailing list Subject: Re: [CentOS] CentOS 5.4 x86_64 authenticating against AD (Server 2008r2)
On Tue, Feb 9, 2010 at 3:23 PM, Joseph L. Casale jcasale@activenetwerx.com wrote:
That RID map feature of samba is great.
Forgot about that, AFAIK, you can do that w/ SFU & pam mods.
I have two Samba servers left that I want to get rid of:)
You can do it with SFU, but SFU doesn't create UID/GIDs for existing users, you have to do those manually.
Then there is the whole issue of maintaining those IDs over a long period of time.
Also with RID mapping I can map different domains into different ID ranges.
100000 - 199999 first domain 200000 - 299999 second domain
And so on.
You know you don't need the full Samba install to setup a winbind->NIS server, just the Samba client will do.
Then have your Linux boxes using NIS+Kerberos and only 1-2 boxes needs have a smb.conf and winbind running.
NIS is only as secure as the network it runs on. If it bumps against public networks (unsecure wifi so on) use 802.11 authentication.
-Ross _______________________________________________
For anybody wanting to know how to go the LDAP Route I found an interesting article in the linux.com archives http://www.linux.com/archive/feed/40983
Thanks again guys for your input.
Dan