Milton Calnek wrote:
Hello all,
I'm trying to authenticate shell login's against an MS-ADS. I don't
have admin access to the ADS, but I can talk to the admins.
I have gotten as far as getting authentication working, but the uid's
depend on the order of login. ie: the first guy to login gets 10000,
the next gets 10001, etc. The problem I have with this is that I want
to share the home directories via nfs, which means everyone has to
have the same id.
Is anyone else doing this?
My smb.conf and nsswitch.conf files are below.
TIA
You can get samba to be a single sign on using MS AD & issue predictable
uids in linux. The smb.conf option:
idmap backend = idmap_rid:DOMAIN=100000-3000000
will take the users' RID in AD, add 100000 to it, use that for the uid
in Linux.
This smb.conf worked for me a couple years ago at my former employer, on
RH4 type machines. Note I did not have an ldap server defined. This is
the entire global section I used in all linux boxes that I joined to the
domain.
[global]
workgroup = DOMAIN
realm = DOMAIN.EXAMPLE.COM
server string = Samba Server
security = ads
# log level = 0 vfs:2
log file = /var/log/samba/ALL.log
max log size = 500
socket options = TCP_NODELAY SO_RCVBUF=32768 SO_SNDBUF=32768
load printers = No
preferred master = No
domain master = No
dns proxy = No
wins server = 192.168.1.1
netbios name = LINUX999
netbios aliases = host999
ldap ssl = no
idmap uid = 10000-3000000
idmap gid = 10000-3000000
template homedir = /users/%U
template shell = /bin/bash
winbind enum users = No
winbind enum groups = No
idmap backend = idmap_rid:DOMAIN=100000-3000000
allow trusted domains = no
username map = /etc/samba/smbusers
name resolve order = wins bcast
cups options = raw
disable spoolss = Yes
show add printer wizard = No
os level = 1
winbind use default domain = yes
host msdfs = Yes
admin users = DOMAIN\admin20 DOMAIN\admin22
--
Toby Bluhm
Alltech Medical Systems America, Inc.
30825 Aurora Road Suite 100
Solon Ohio 44139
440-424-2240
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos