Re: CentOS 5.4 x86_64 authenticating against AD (Server 2008r2)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



From: centos-bounces@xxxxxxxxxx [centos-bounces@xxxxxxxxxx] On Behalf Of Ross Walker [rswwalker@xxxxxxxxx]
Sent: Tuesday, February 09, 2010 4:08 PM
To: CentOS mailing list
Subject: Re:  CentOS 5.4 x86_64 authenticating against AD (Server       2008r2)

On Tue, Feb 9, 2010 at 3:23 PM, Joseph L. Casale
<jcasale@xxxxxxxxxxxxxxxxx> wrote:
>>That RID map feature of samba is great.
>
> Forgot about that, AFAIK, you can do that w/ SFU & pam mods.
>
> I have two Samba servers left that I want to get rid of:)

You can do it with SFU, but SFU doesn't create UID/GIDs for existing
users, you have to do those manually.

Then there is the whole issue of maintaining those IDs over a long
period of time.

Also with RID mapping I can map different domains into different ID ranges.

100000 - 199999 first domain
200000 - 299999 second domain

And so on.

You know you don't need the full Samba install to setup a winbind->NIS
server, just the Samba client will do.

Then have your Linux boxes using NIS+Kerberos and only 1-2 boxes needs
have a smb.conf and winbind running.

NIS is only as secure as the network it runs on. If it bumps against
public networks (unsecure wifi so on) use 802.11 authentication.

-Ross
_______________________________________________

For anybody wanting to know how to go the LDAP Route I found an interesting article in the linux.com archives
http://www.linux.com/archive/feed/40983

Thanks again guys for your input.

Dan
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux