Hello Brian, Can you give-me some advices on how to implement this? I haven't installed UNIX Services for Windows. UID and GID is mapped through SAMBA at this moment.
Sent from my iPhone On 30/10/2011, at 17:55, Brian Kroth <bpkr...@gmail.com> wrote: > gregorcy <grego...@eng.utah.edu> 2011-10-29 10:52: >> What's missing: OpenLDAP replication from AD? Is this possible? Is this >> needed? Since I want another machines (running Linux) to authenticate it >> will be a good idea only ONE machine get information from AD and >> everyone else authenticate natively on this Gentoo Machine. >> >> No this is not needed. If you are in a mixed environment (I think) it >> is much easier to just use AD as the one directory service and join all >> your linux boxes to it. As long as your idmap ranges match your users >> will have the same uid on all boxes. > > I agree with this except for the need to "join all your linux boxes". AD is > really just ldap+kerberos. Most of the time you don't need the headache of > kerberos and can just use the ldap component. Modern AD schemas include all > the of necessary attributes support for having Linux clients talk to it > directly for uid/gid mapping, which is much nicer since it avoids the > complexity of any samba requirements when you don't need them (eg: mail, web, > etc.). > > </cent></cent> > > Brian
smime.p7s
Description: S/MIME cryptographic signature
