Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
You don't have to use the format username@domain to login to Active Directory.
Windows also accepts the format DOMAIN\username, and you can set Winbind to automatically add the "DOMAIN\" part so that users don't have to know about it. This just requires you to add this line to smb.conf:
winbind use default domain = yes
Winbind works very, very well in practice (we have 4,000 accounts, which isn't a large deployment for this kind of technology). Any other method is likely to be a lot more work for little gain, as I guess you've found...
I have done the winbind thing before, actually wrote a how-to aboput it for www.linux-noob.com
Ithink whta worried me was the fact that I was worried about Password sync from Windows ADS to Linux with winbind. As if I remember correctly winbind goes out and pulls the info when you configure it and stores it all in passwd, etc... Bascially I just need to use ads accounts for login so my sftp users can be managed from Windows 2003 ADS. Also I will be converting ADS to native mode (non pre-windows 2000 computers) will this have an effect too correct?
Winbind doesn't store the passwords locally, maybe you are thinking of SFU or something else ? It does have database to map AD usernames to local UIDs for file permissions, but it doesn't store anything else. The actual authentication process with Winbind uses the Kerberos protocol to check username/password combinations against the AD server, which responds with a yes or no.
There isn't much difference between mixed and native mode. With mixed mode certain options like nested groups aren't allowed because NT 4.0 and below can't cope with them. We run Samba 3 on a native mode domain.
I used SSH to test my Winbind set up, and it was just a case of following the instructions in the Samba docs.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
