Linux and Microsoft AD
 

Does anyone know if there is a way to sync user accounts like AD and NDS do?

I was hoping to have 1 AD logon account and access Linux files, much the same way an NT user logs on and accesses Novell files.

Auth back to the AD server...

see the 'password server =' parameter in smb.conf
man smb.conf for more info

You can also have a look at pam_ldap from www.padl.com and see if it supports MSAD as well

These commands should work:

security = domain
password server = xxxxx


The first line tells Samba that a domain controller will authenticate users.

The second line tells Samba which machine is the domain controller.

I have them working on NT 4.0. Should work on Windows 2000.

Note that the users need to exist in the passwd file on the Linux server. There is a way to let Samba add the users once they have been authenticated by the domain controller.

add user script = useradd %u -c "Account from PDC" -s /bin/false \ -d /home/%u -m -n -g accounts

Modify the script to fit your distro. Basically it says:

add a user to the Linux machine
useradd %u -c "Account from PDC"

don't allow him to logon locally
-s /bin/false \

create a home directory under /home using the user name
-d /home/%u -m -n

add them to the accounts group
-g accounts


Do me a favour. Set up a Windows machine that is configured as a peer. That is, the user won't log into the domain. Try and get access to the Linux machine. See if it creates an account. I haven't had a chance to test this. I want to be sure that users will only be created if authenticated by the domain controller.