[CentOS] CentOS 5.4 x86_64 authenticating against AD (Server 2008r2)

Tue Feb 9 22:08:41 UTC 2010
Ross Walker <rswwalker at gmail.com>

On Tue, Feb 9, 2010 at 3:23 PM, Joseph L. Casale
<jcasale at activenetwerx.com> wrote:
>>That RID map feature of samba is great.
>
> Forgot about that, AFAIK, you can do that w/ SFU & pam mods.
>
> I have two Samba servers left that I want to get rid of:)

You can do it with SFU, but SFU doesn't create UID/GIDs for existing
users, you have to do those manually.

Then there is the whole issue of maintaining those IDs over a long
period of time.

Also with RID mapping I can map different domains into different ID ranges.

100000 - 199999 first domain
200000 - 299999 second domain

And so on.

You know you don't need the full Samba install to setup a winbind->NIS
server, just the Samba client will do.

Then have your Linux boxes using NIS+Kerberos and only 1-2 boxes needs
have a smb.conf and winbind running.

NIS is only as secure as the network it runs on. If it bumps against
public networks (unsecure wifi so on) use 802.11 authentication.

-Ross