Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Samba HowTo Guide
Prev Home Next

IDMAP and NSS Using LDAP from ADS with RFC2307bis Schema Extension

The use of this method is messy. The information provided in the following is for guidance only and is very definitely not complete. This method does work; it is used in a number of large sites and has an acceptable level of performance.

An example smb.conf file is shown in ADS Domain Member Server using RFC2307bis Schema Extension Date via NSS.

Example13.5.ADS Domain Member Server using RFC2307bis Schema Extension Date via NSS

# Global parameters
[global]
workgroup = BOBBY
realm = BOBBY.COM
security = ADS
idmap uid = 150000-550000
idmap gid = 150000-550000
template shell = /bin/bash
winbind cache time = 5
winbind use default domain = Yes
winbind trusted domains only = Yes
winbind nested groups = Yes

The DMS must be joined to the domain using the usual procedure. Additionally, it is necessary to build and install the PADL nss_ldap tool set. Be sure to build this tool set with the following: 

./configure --enable-rfc2307bis --enable-schema-mapping
make install

The following /etc/nsswitch.conf file contents are required: 

...
passwd: files ldap
shadow: files ldap
group:  files ldap
...
hosts:  files wins
...

The /etc/ldap.conf file must be configured also. Refer to the PADL documentation and source code for nss_ldap to specific instructions.

The next step involves preparation of the ADS schema. This is briefly discussed in the remaining part of this chapter.

IDMAP, Active Directory, and MS Services for UNIX 3.5

The Microsoft Windows Service for UNIX (SFU) version 3.5 is available for free download from the Microsoft Web site. You will need to download this tool and install it following Microsoft instructions.

IDMAP, Active Directory and AD4UNIX

Instructions for obtaining and installing the AD4UNIX tool set can be found from the Geekcomix Web site.


[4] DOMINICUS\FJones FRANCISCUS\FJones FJones
Samba HowTo Guide
Prev Home Next

 
 
  Published under the terms fo the GNU General Public License Design by Interspire