Authentication with winbind
In Chapter 3, we showed you how to add Windows clients to a network in which user accounts were maintained on the Samba server. We added a user account to the Windows client using the same username and password as an account on the Unix system. This method works well in many computing environments. However, if a Samba server is added to a Windows network that already has a Windows NT/2000 primary domain controller, the PDC has a preexisting database of user accounts and group information that is used for authentication. It can be a big chore to transfer that database manually to the Unix server, and later maintain and synchronize the Unix and Windows databases.
In Chapter 4, we showed you how to add a Samba
server as a domain member server to a network having a Windows
NT/2000 primary domain controller. We set security
=
domain
in the Samba
configuration file to have the Samba server hand off authentication
to the Windows PDC. Using that method, passwords are kept only on the
PDC, but it is still necessary to set up user accounts on the Unix
side to make sure each client has a valid Unix UID and group ID
(GID). This is necessary for maintaining the file ownerships and
permissions of the Unix security model. Whenever Samba performs an
operation on the Unix filesystem on behalf of the Windows client, the
user must have a valid UID and GID on the local Unix system.
A facility that has recently been added to Samba, winbind, allows the Windows PDC to handle ...
Get Using Samba, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.