[CentOS] CentOS 5.4 x86_64 authenticating against AD (Server 2008r2)

Ross Walker rswwalker at gmail.com
Tue Feb 9 22:08:41 UTC 2010

On Tue, Feb 9, 2010 at 3:23 PM, Joseph L. Casale
<jcasale at activenetwerx.com> wrote:
>>That RID map feature of samba is great.
> Forgot about that, AFAIK, you can do that w/ SFU & pam mods.
> I have two Samba servers left that I want to get rid of:)

You can do it with SFU, but SFU doesn't create UID/GIDs for existing
users, you have to do those manually.

Then there is the whole issue of maintaining those IDs over a long
period of time.

Also with RID mapping I can map different domains into different ID ranges.

100000 - 199999 first domain
200000 - 299999 second domain

And so on.

You know you don't need the full Samba install to setup a winbind->NIS
server, just the Samba client will do.

Then have your Linux boxes using NIS+Kerberos and only 1-2 boxes needs
have a smb.conf and winbind running.

NIS is only as secure as the network it runs on. If it bumps against
public networks (unsecure wifi so on) use 802.11 authentication.


More information about the CentOS mailing list