> Hi Steve, > > I think you have two options, use winbind and bin NIS or vice versa. > If you choose to use winbind as you identified you have to worry about mappings being different on individual > Samba servers, the only way to get around this currently is to use LDAP as your idmap backend. This stores > the UID to SID mappings centrally for multiple Samba servers to share. > If you choose to use NIS you will have to mess around with smbpasswd and net groupmap to make users and > groups visiable as valid accounts for Samba. Also your NTLM passwords will not be sync'd to the domain but > Kerberos auth will work seemlessly. AFAIK
Thanks. I did a little more poking around and it seems like I'm leaning towards using winbind as my definitive authorization for this server and removing NIS from the fileserver. If I do this, I'll need to get LDAP up and running to control the mapping of SID -> UID so my NT SIDs map to my NIS UIDs for UNIX NFS clients that mount the volume(s). I've seen several descriptions of how to get the Samba side up (basically use the "idmap backend" option in smb.conf), but I'm completely new to LDAP, and I haven't found a simple description of how to set up an minimal LDAP server (probably using OpenLDAP) on my linux box that would just contain the SID->UID mappings. Does anyone have a simple example configuration for OpenLDAP that they would like to share? You can post, or email me directly at: [EMAIL PROTECTED] Thanks in advance, Steve -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba