On Wed, Nov 12, 2008 at 13:35, Haworth, Michael A. [email protected] wrote:
Is there a way to set up a CentOS server to have it do some kind of mapping to/from Microsoft AD?
Yes. There are two primary ways. Winbind, and LDAP. Winbind is subordinate to Windows proprietary authentication stuff, so its' not a boot choice if you ultimately want to do away with your windows infrastructure some day. LDAP is the "more open-ey" way to do it. I've never set up a Linux file server as a windows domain member server using LDAP though, so maybe someone can chime in on the list. If not, google a bit, give it a try, and search on whatever error message you get. Keep in mind Linux accounts, and samba accounts are separate databases. If there are less than a dozen or so users, you may find it easier to just create fresh Linux and Samba accounts, without 'connecting' authentication together.
Here's a page from the CentOS deployment guide on setting up authentication mechanisms for local unix accounts: http://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-authconfig.html
Samba (if you're using this for file or print serving to windows clients) also needs to be set up to use ldap against a windows AD. Samba servers choose one of a handful of security types. These define how users are authenticated. You can read about them at: http://samba.org/samba/docs/man/Samba-HOWTO-Collection/ServerType.html
The 'role' of a file server that authenticates users against AD is an AD 'member server'. Chapter 6 of the samba howto is dedicated to this: http://samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html
I also have a book on samba I can give you at the next meeting. I read it from front to back, and it helped a lot. Samba is immensely flexible.
If you need a distributed account database, you will eventually need to learn and use OpenLDAP. http://www.openldap.org/