treesleaves
Cadet
- Joined
- Dec 29, 2012
- Messages
- 5
Kerberos for authentication and nss_ldap can work in situations where winbind doesn't.
1. Openldap for uid/gid etc and Kerberos (possibly from AD) for authentication. This is the situation I have. Our unix group provides nss information through open ldap that is compatible with the usernames in AD. The only part of samba needed is "net ads join..." to put the machine on the domain.
2. Non-MS shops with Kerb/LDAP setups.
3. Other cases where winbind fails. My own experience with FreeBSD and AD is that the Kerberos and nss_ldap combo works in cases where idiosyncrasies in the AD or ldap setup will stop winbind.
Every time I build a zfs file server I try to use FreeNAS and give up because I can't get the authenticaion/authorization parts to work in the gui that are fairly simple on vanilla FreeBSD with regular Kerberos and LDAP. FreeNAS loses a supporter and I lose the web gui.
1. Openldap for uid/gid etc and Kerberos (possibly from AD) for authentication. This is the situation I have. Our unix group provides nss information through open ldap that is compatible with the usernames in AD. The only part of samba needed is "net ads join..." to put the machine on the domain.
2. Non-MS shops with Kerb/LDAP setups.
3. Other cases where winbind fails. My own experience with FreeBSD and AD is that the Kerberos and nss_ldap combo works in cases where idiosyncrasies in the AD or ldap setup will stop winbind.
Every time I build a zfs file server I try to use FreeNAS and give up because I can't get the authenticaion/authorization parts to work in the gui that are fairly simple on vanilla FreeBSD with regular Kerberos and LDAP. FreeNAS loses a supporter and I lose the web gui.