Hello and thanks in advance for any help you might be.

We currently have about 40 Linux servers authenticating to a NIS domain and about 15 Windows systems authenticating to a Windows 2003 domain. For Security reasons we would like to have the Linux systems authenticate to the Windows domain. This would also facilitate sharing files between the the Windows and Linux boxes and allow us to have a single login to all systems.

I know that we can do this, the question I have is how do we make the Windows username and Linux username be the same?

Example. I have a username of thllgo on the Windows domain and share mount from Windows to a Linux box. Windows says the files belong to thllgo but the Linux side doesn't know the UID. My GID under Linux is 27142 my UID under Windows is 11113.

It would also be nice if we could coordinate the GIDs.

Has anyone dealt with this?

Take a look at this link: http://ubuntuforums.org/showthread.php?t=91510.

This talks about a successful setup of authenticating linux servers in a w2k3 domain. I daresay, the only way of organising the UID issue is by manually making them the same, bit of a painful time consuming job. Maybe a script?

Hey thllgo,

let us know your resolution of the problem.

I seem to have gotten things working. Most of what I had to do was get the DC working correctly. All I had to do on Linux was run the authconfig utility and specify
use winbind
use md5 passwords
use shadow passwords
use kerberos
local authorization is sufficient
the realm which is the full domain name
KDC, seems to have filled out itself
admin server FQDN
use DNS to resolv hosts to realm

Done.

The ugly part is the new UIDs and GIDs are not the same as the old ones so I have to go around and change a lot of ownership issues and group issues. Yuk in a big way. Not hard just time consuming.

Thanks

thllgo,

I had similar issues with ownership when we went to a full LDAP authentication setup. painful enough. However, for thefuture, i have found that if i setup the user in LDAP, and have the /home directory already mapped, the first time the user logs in the machine will create the home directory for them. Now, i know your situation is slightly different, using AD, but for adding users, create them in AD, then see if they can login and whether or not their /home is created automatically? Saves a lot of work, and is alot safer than what i think you are talking about!

That works for new users. I'm just bummed about the 30+ machines already setup in a NIS environment, with gobs of user files. I should be able to simply create a script that does a find on files with specific UIDs and do a chown on them. Same with GID. Survivable just annoying.

How many users? All on one NFS /home mount?

about 30 users mainly developers.

To be honest, if all the files are stored more or less on one machine, I'd give it a go manually, simply to make sure I got them all. But then, users have a way of playing about, eh!