What I did was create the users in /etc/passwd with the same username as you would find in the AD. Then, its just a matter of enabling Kerberos authentication, and using the Domain Controllers as KDC's. Maybe not what you're looking for, but its simple and effective. No samba involved. On Jan 31, 2008 3:51 PM, Milton Calnek <milton@xxxxxxxxxx> wrote: > Hello all, > > I'm trying to authenticate shell login's against an MS-ADS. I don't > have admin access to the ADS, but I can talk to the admins. > > I have gotten as far as getting authentication working, but the uid's > depend on the order of login. ie: the first guy to login gets 10000, > the next gets 10001, etc. The problem I have with this is that I want > to share the home directories via nfs, which means everyone has to have > the same id. > > Is anyone else doing this? > > My smb.conf and nsswitch.conf files are below. > > TIA > > -- > Milton Calnek BSc, A/Slt(Ret.) > milton@xxxxxxxxxx > 306-717-8737 > > > smb.conf > [global] > workgroup = example_com > realm = example.COM > server string = %h server (Samba %v) > security = ADS > map to guest = Bad Password > passdb backend = tdbsam > passwd program = /usr/bin/passwd %u > passwd chat = *Enter\snew\sUNIX\spassword:* %n\n > *Retype\snew\sUNIX\spassword:* %n\n . > log level = 2 winbind:10 > syslog = 0 > log file = /var/log/samba/log.%m > max log size = 1000 > dns proxy = No > wins server = ldap > ldap ssl = no > panic action = /usr/share/samba/panic-action %d > idmap uid = 10000-20000 > idmap gid = 10000-20000 > idmap backend = ldap:ldap://ldap.example.com:3268 > ldap admin dn = cn=Manager,dc=example,dc=COM > ldap idmap suffix = ou=Idmap > ldap suffix = dc=example,dc=COM > template homedir = /home/%U > template shell = /bin/bash > winbind separator = + > winbind use default domain = Yes > winbind nested groups = Yes > invalid users = root > > nsswitch.confpasswd: files compat winbind > shadow: files compat > group: files compat winbind > > #hosts: db files nisplus nis dns > hosts: files dns > > # Example - obey only what nisplus tells us... > #services: nisplus [NOTFOUND=return] files > #networks: nisplus [NOTFOUND=return] files > #protocols: nisplus [NOTFOUND=return] files > #rpc: nisplus [NOTFOUND=return] files > #ethers: nisplus [NOTFOUND=return] files > #netmasks: nisplus [NOTFOUND=return] files > > bootparams: nisplus [NOTFOUND=return] files > > ethers: files > netmasks: files > networks: files > protocols: files > rpc: files > services: files > > netgroup: nisplus > > publickey: nisplus > > automount: files nisplus > aliases: files nisplus > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > _______________________________________________ > CentOS mailing list > CentOS@xxxxxxxxxx > http://lists.centos.org/mailman/listinfo/centos > _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos