From: centos-bounces@xxxxxxxxxx [centos-bounces@xxxxxxxxxx] On Behalf Of Ross Walker [rswwalker@xxxxxxxxx] Sent: Tuesday, February 09, 2010 4:08 PM To: CentOS mailing list Subject: Re: CentOS 5.4 x86_64 authenticating against AD (Server 2008r2) On Tue, Feb 9, 2010 at 3:23 PM, Joseph L. Casale <jcasale@xxxxxxxxxxxxxxxxx> wrote: >>That RID map feature of samba is great. > > Forgot about that, AFAIK, you can do that w/ SFU & pam mods. > > I have two Samba servers left that I want to get rid of:) You can do it with SFU, but SFU doesn't create UID/GIDs for existing users, you have to do those manually. Then there is the whole issue of maintaining those IDs over a long period of time. Also with RID mapping I can map different domains into different ID ranges. 100000 - 199999 first domain 200000 - 299999 second domain And so on. You know you don't need the full Samba install to setup a winbind->NIS server, just the Samba client will do. Then have your Linux boxes using NIS+Kerberos and only 1-2 boxes needs have a smb.conf and winbind running. NIS is only as secure as the network it runs on. If it bumps against public networks (unsecure wifi so on) use 802.11 authentication. -Ross _______________________________________________ For anybody wanting to know how to go the LDAP Route I found an interesting article in the linux.com archives http://www.linux.com/archive/feed/40983 Thanks again guys for your input. Dan _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos