On Tue, Feb 9, 2010 at 3:23 PM, Joseph L. Casale <jcasale at activenetwerx.com> wrote: >>That RID map feature of samba is great. > > Forgot about that, AFAIK, you can do that w/ SFU & pam mods. > > I have two Samba servers left that I want to get rid of:) You can do it with SFU, but SFU doesn't create UID/GIDs for existing users, you have to do those manually. Then there is the whole issue of maintaining those IDs over a long period of time. Also with RID mapping I can map different domains into different ID ranges. 100000 - 199999 first domain 200000 - 299999 second domain And so on. You know you don't need the full Samba install to setup a winbind->NIS server, just the Samba client will do. Then have your Linux boxes using NIS+Kerberos and only 1-2 boxes needs have a smb.conf and winbind running. NIS is only as secure as the network it runs on. If it bumps against public networks (unsecure wifi so on) use 802.11 authentication. -Ross