On Sun, 2005-07-03 at 20:27 +0300, Ira Abramov wrote:
>
> to explain: when you use winbind and add a machine into the domain, the
> first time you look up a user she will be mapped to a local UID in an
> "idmap" database. the problem is, there is no hash function to map a
> lanman object's SID, an
Quoting Guy Teverovsky, from the post of Tue, 21 Jun:
> For the sake of common sense, by any means try to avoid using SFU. It
> opens up some very nasty black holes in AD sucking up any security you
> may have already implemented in AD.
while I agree, it is however quite a headache to introduce a
On Tue, 2005-06-21 at 16:40 +0300, Josh Zlatin-Amishav wrote:
> and remember two important lessons:
> 1. when requesting a kerberos key with kinit the domain name is case
> sensitive
This is Kerberos realm and not domain name. Kerberos realms are always
upper case.
> 2. make sure to update yo
On Tue, 2005-06-21 at 16:23 +0300, Ira Abramov wrote:
> I wondered once or twice if people united their linux machine to
> authenticate against an existing Active Directory. today I had the
> chance to do it for a client. first we tried the old fashioned way -
> install SFU (Seervices for Unix) on
On Tue, 21 Jun 2005, Ira Abramov wrote:
I wondered once or twice if people united their linux machine to
authenticate against an existing Active Directory. today I had the
chance to do it for a client. first we tried the old fashioned way -
install SFU (Seervices for Unix) on the 2000/2003 machi
I wondered once or twice if people united their linux machine to
authenticate against an existing Active Directory. today I had the
chance to do it for a client. first we tried the old fashioned way -
install SFU (Seervices for Unix) on the 2000/2003 machine, and bind to
it with LDAP. this proved t
