[Wolves] Samba in an Active Directories environment
Simon Morris
mozrat at gmail.com
Fri Dec 2 16:18:23 GMT 2005
On 02/12/05, Ian Harper <idharper at gmail.com> wrote:
> everything looks correct - obviously something somewhere isnt - back
> to the drawing board
>
"Back to the drawing board"..... Winbind isn't the perfect solution in
my experience.
You end up with AD users having different uid numbers on different
servers as a user gets assigned the next number in the pool.
So if you have to restore data to another server all of the uids that
own the files won't match up correctly - if you cluster or rsync data
you have the same issue.
Apple have come up with a nice solution. They take the AD SID number
(128bit hex number) and hash it somehow to make a unique but long uid
number. As long as the AD user has the same SID they will derive the
the same uid.
I wonder if they open sourced that method.
Also there are some nice closed source utilities that do the job
better than winbind.
DirectControl from Centrify have a nice product that we are looking at
for authenticating Macs to AD.
http://www.centrify.com/
--
~sm
Jabber: mozrat at gmail.com
www: http://beerandspeech.org
DISCLAIMER: Reading the following URL may make you boggle:
http://www.goldmark.org/jeff/stupid-disclaimers/list.html
No animals were harmed in the making of this email
More information about the Wolves
mailing list