On Jan 31, 2008 2:51 PM, Milton Calnek <milton at calnek.com> wrote: > Hello all, > > I'm trying to authenticate shell login's against an MS-ADS. I don't > have admin access to the ADS, but I can talk to the admins. > > I have gotten as far as getting authentication working, but the uid's > depend on the order of login. ie: the first guy to login gets 10000, > the next gets 10001, etc. The problem I have with this is that I want > to share the home directories via nfs, which means everyone has to have > the same id. Don't use Samba. Microsoft Services For UNIX or 2003R2 support UNIX attributes in Active Directory. It adds a new tab in the user account properties where you can specify login shell, home directory, uid, gid. On the CentOS side use nss_ldap. This is a true single sign-on configuration with no /etc/passwd monkey business. We use it for database application auth and limited shell access. It just works, failures are rare. Configuration details are left as an exercise for the OP as I have had a long day and a couple glasses of wine.... -- Jeff