From: email@example.com [firstname.lastname@example.org] On Behalf Of Ross Walker [email@example.com]
Sent: Tuesday, February 09, 2010 4:08 PM
To: CentOS mailing list
Subject: Re: [CentOS] CentOS 5.4 x86_64 authenticating against AD (Server 2008r2)
On Tue, Feb 9, 2010 at 3:23 PM, Joseph L. Casale
>>That RID map feature of samba is great.
> Forgot about that, AFAIK, you can do that w/ SFU & pam mods.
> I have two Samba servers left that I want to get rid of
You can do it with SFU, but SFU doesn't create UID/GIDs for existing
users, you have to do those manually.
Then there is the whole issue of maintaining those IDs over a long
period of time.
Also with RID mapping I can map different domains into different ID ranges.
100000 - 199999 first domain
200000 - 299999 second domain
And so on.
You know you don't need the full Samba install to setup a winbind->NIS
server, just the Samba client will do.
Then have your Linux boxes using NIS+Kerberos and only 1-2 boxes needs
have a smb.conf and winbind running.
NIS is only as secure as the network it runs on. If it bumps against
public networks (unsecure wifi so on) use 802.11 authentication.
For anybody wanting to know how to go the LDAP Route I found an interesting article in the linux.com archives
Thanks again guys for your input.
CentOS mailing list