Re: pam/winbind user not found problem

Andreas Schneider wrote:
> On Friday 17 July 2009 04:17:03 Les Mikesell wrote:
>   
>> RB wrote:
>>     
>>> On Thu, Jul 16, 2009 at 15:24, Les Mikesell<les <at> futuresource.com> wrote:
>>> <snip Samba questions>
>>>
>>> I don't see how any of this ties in with the original thread, as none
>>> of your questions have anything to do with PAM administration.  If you
>>> have questions about using Linux in a Windows domain, you need to be
>>> asking those in the Samba support channels.  You could also explore
>>> unifying your logins (using PAM or not) across LDAP as opposed to
>>> proxying through Samba/winbind.
>>>       
>> The main connection is that smb auth doesn't provide a uid/gid, but I'll
>> admit I'm fishing for advice hoping someone here knows a better way to
>> combine methods in a scenario where there are two separately managed groups
>> and an auth module that doesn't give account info.
>>     
>
> Well it is possible that pam_winbind provides a uid/gid with the idmap_ad 
> backend. But this is the PAM mailing list and not the FAQ channel for Samba.
>
> So read the idmap_rid or idmap_ads manpage, the Samba documentation and if you 
> still have questions, then write to the samba mailing list.
>
>   

I was hoping someone would suggest a better approach than using smb or 
winbind at all - or share some experience with stacking authentication 
methods that don't have a common concept of uid/gid mapping.   I 
expected this to be a common problem (existing AD domain doesn't exactly 
match what you want on Linux boxes but you don't want to manage two 
passwords for the common users), but maybe it isn't.

--

-- 
  Les Mikesell
    lesmikesell <at> gmail.com