In Chapter 3, we showed you how to add Windows clients to a network in which user accounts were maintained on the Samba server. We added a user account to the Windows client using the same username and password as an account on the Unix system. This method works well in many computing environments. However, if a Samba server is added to a Windows network that already has a Windows NT/2000 primary domain controller, the PDC has a preexisting database of user accounts and group information that is used for authentication. It can be a big chore to transfer that database manually to the Unix server, and later maintain and synchronize the Unix and Windows databases.
In Chapter 4, we showed you how to add a Samba
server as a domain member server to a network having a Windows
NT/2000 primary domain controller. We set
domain in the Samba
configuration file to have the Samba server hand off authentication
to the Windows PDC. Using that method, passwords are kept only on the
PDC, but it is still necessary to set up user accounts on the Unix
side to make sure each client has a valid Unix UID and group ID
(GID). This is necessary for maintaining the file ownerships and
permissions of the Unix security model. Whenever Samba performs an
operation on the Unix filesystem on behalf of the Windows client, the
user must have a valid UID and GID on the local Unix system.
A facility that has recently been added to Samba, winbind, allows the Windows PDC to handle ...