[CentOS] CentOS 5.4 x86_64 authenticating against AD (Server 2008r2)

Dan Burkland dburklan at NMDP.ORG
Tue Feb 9 23:27:51 UTC 2010

From: centos-bounces at centos.org [centos-bounces at centos.org] On Behalf Of Ross Walker [rswwalker at gmail.com]
Sent: Tuesday, February 09, 2010 4:08 PM
To: CentOS mailing list
Subject: Re: [CentOS] CentOS 5.4 x86_64 authenticating against AD (Server       2008r2)

On Tue, Feb 9, 2010 at 3:23 PM, Joseph L. Casale
<jcasale at activenetwerx.com> wrote:
>>That RID map feature of samba is great.
> Forgot about that, AFAIK, you can do that w/ SFU & pam mods.
> I have two Samba servers left that I want to get rid of:)

You can do it with SFU, but SFU doesn't create UID/GIDs for existing
users, you have to do those manually.

Then there is the whole issue of maintaining those IDs over a long
period of time.

Also with RID mapping I can map different domains into different ID ranges.

100000 - 199999 first domain
200000 - 299999 second domain

And so on.

You know you don't need the full Samba install to setup a winbind->NIS
server, just the Samba client will do.

Then have your Linux boxes using NIS+Kerberos and only 1-2 boxes needs
have a smb.conf and winbind running.

NIS is only as secure as the network it runs on. If it bumps against
public networks (unsecure wifi so on) use 802.11 authentication.


For anybody wanting to know how to go the LDAP Route I found an interesting article in the linux.com archives

Thanks again guys for your input.


More information about the CentOS mailing list