On Wed, Aug 28, 2013 at 1:10 PM, natxo asenjo <natxo.asenjo at gmail.com> wrote: > >>> I have no experience with idmapd in linux, but in solaris and netapp it >>> gets ugly quite easily :-) >>> >> It also works with same UID-s on server/client, just setting the >> domainname in idmapd.conf. Ldap is not obligatory. > > that's why I wrote 'synchronize your password file to eternity' ;-) > > But really, don't do that, use a central store. Much easier unless you > have a very very tiny network (but those tend to grow unexpectedly). This is a very tiny subset (mostly) of a corporate network where the larger things are handled by active directory. But, for various non-technical reasons I don't want these machines to have to 'join' AD. Kerberos will sort-of work without joining, but doesn't seem usable for exporting samba shares - and then anyone added locally wouldn't work without the uid matching anyway. Is there a way to set up an LDAP server with a few local users but that mostly does a proxy to AD? And if I did, would users be able to map their home directories as samba shares with the authentication it provides without joining AD? -- Les Mikesell lesmikesell at gmail.com