On Tue, Feb 17, 2009 at 2:59 PM, Kanwar Ranbir Sandhu <m3freak@xxxxxxxxxxxxxxxxxx> wrote: > On Tue, 2009-02-17 at 10:27 -0700, Joseph L. Casale wrote: >> I haven't tried this one, but make note it lacks NTLMv2 and group support >> which made it non usable in my environment. Like Filipe suggested >> mod_auth_ntlm_winbind addresses this but it appears it's not actively >> maintained and I got stuck configuring it and gave up... > > I believe you can use kerberos auth and group lookups. For the group > support, you need to do direct LDAP lookups. Just run a google search > for 'kerberos apache group', or something along those lines, to find > some links discussing what I've mentioned here. If you have a lot of hosts that need access to winbind mapped UIDs/GIDs instead of setting up winbind everywhere and having a administrative headache if the RID mapping gets messed up on one host, setup a winbind to NIS server that puts the mappings into NIS maps and propagate the information that way. Only real difference on the other hosts is to switch 'winbind' to 'nis' in nsswitch.conf. -Ross _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos