[K12OSN] RE: multi-server/single source authenticaton

Burroughs, Henry HBurroughs at HHPREP.ORG
Fri Feb 2 14:32:00 UTC 2007 

John,

 

Here's the link to the howto describing IDMAP_RID , which gives the
predictable mapping for Winbind.

http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html
#id339794

 

I looked at the changelog for that version of samba, and  I "think" it
is enabled in that build... so all you have to do is use the example
samba config file to setup the winbind idmap backend correctly.

 

Good luck!

 

Henry Burroughs

Technology Director

Hilton Head Preparatory School

www.hhprep.org

 

  _____  

From: john [mailto:lists.john at gmail.com] 
Sent: Thursday, February 01, 2007 5:58 PM
To: Burroughs, Henry
Cc: k12osn at redhat.com
Subject: Re: multi-server/single source authenticaton

 

Thanks Henry,


Do you have any idea what version of Winbind/Samba does that, or where I
could find documentation about that? Currently I am running Samba
3.0.22-1ubuntu3.1 and I am not aware of that module.

I appreciate your help!

John

On 2/1/07, Burroughs, Henry <HBurroughs at hhprep.org> wrote: 

John,

 

I've been using single source authentication via Active Directory.
There has been developments with Winbind (I think it is included with
the most recent versions), that you can enable a module and it will map
the AD SIDS to UNIX ids consistently, so you'll have the same UID number
across multiple systems.  Now I do it via LDAP and Microsoft Services
for Unix.  It is a little more to configure per user, however I can
specify different home paths for users.. .ie: I keep students in
/home/students and faculty in /home/faculty.  You can't do that with
Winbind, but then again, Winbind is a lot less work.  I've just finally
got LDAP failover working with my DCs.

 

Henry Burroughs

Technology Director

Hilton Head Preparatory School

www.hhprep.org

 

 

Date: Tue, 30 Jan 2007 14:40:29 -0800

From: "john " <lists.john at gmail.com >

Subject: multi-server/single source authenticaton was Re: [K12OSN]

      Networking  a new school for K12LTSP?

To: "Support list for open source software in schools."

      <k12osn at redhat.com> 

Message-ID:

      < 2be970b50701301440t630ed022w945070e20f3ce10d at mail.gmail.com
<mailto:2be970b50701301440t630ed022w945070e20f3ce10d at mail.gmail.com> >

Content-Type: text/plain; charset="iso-8859-1"

 

This has been an interesting thread. It makes me want to raise my own

question.

 

Is it possible to do multi-server/single source authenticaton using
Active

Directory rather than LDAP? Right now, we're not able to drop active

directory for students, but will probably need to add servers as our
LTSP

experiment moves forward. The sticking point has been the way
winbind/samba

creates and maps unix passwords to windows passwords. Essentially each

installation of Linux that uses Active Directory for authenticaton ends
up

with their own local user/pass db that makes centralized NFS homes

semi-impossible. Has anyone figured out how to scale Linux and AD?

 

John

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/k12osn/attachments/20070202/3200eaab/attachment.htm>

More information about the K12OSN mailing list