Thanks Henry, <meta http-equiv="CONTENT-TYPE" content="text/html; charset=utf-8"><title>AUGUST 21, 2006</title><meta name="GENERATOR" content="OpenOffice.org 2.0 (Linux)"><meta name="AUTHOR" content="David Baker"><meta name="CREATED" content="20060816;6140000"> <meta name="CHANGEDBY" content="Darin Givens"><meta name="CHANGED" content="20060821;11150000">Do you have any idea what version of Winbind/Samba does that, or where I could find documentation about that? Currently I am running Samba 3.0.22-1ubuntu3.1 and I am not aware of that module. I appreciate your help! John<style type="text/css"><!-- @page { size: 8.27in 11.69in; margin: 0.79in } P { margin-bottom: 0.08in } </style> <div>On 2/1/07, Burroughs, Henry <<a href="mailto:HBurroughs@hhprep.org">HBurroughs@hhprep.org</a>> wrote: <blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> <div link="blue" vlink="purple" lang="EN-US"> <div> John, I've been using single source authentication via Active Directory. There has been developments with Winbind (I think it is included with the most recent versions), that you can enable a module and it will map the AD SIDS to UNIX ids consistently, so you'll have the same UID number across multiple systems. Now I do it via LDAP and Microsoft Services for Unix. It is a little more to configure per user, however I can specify different home paths for users.. .ie: I keep students in /home/students and faculty in /home/faculty. You can't do that with Winbind, but then again, Winbind is a lot less work. I've just finally got LDAP failover working with my DCs. Henry Burroughs Technology Director Hilton Head Preparatory School <a href="http://www.hhprep.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">www.hhprep.org</a> Date: Tue, 30 Jan 2007 14:40:29 -0800 From: "john " <<a href="mailto:lists.john@gmail.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">lists.john@gmail.com </a>> Subject: multi-server/single source authenticaton was Re: [K12OSN] Networking a new school for K12LTSP? To: "Support list for open source software in schools." <<a href="mailto:k12osn@redhat.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">k12osn@redhat.com</a>> Message-ID: <<a href="mailto:2be970b50701301440t630ed022w945070e20f3ce10d@mail.gmail.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)"> 2be970b50701301440t630ed022w945070e20f3ce10d@mail.gmail.com</a>> Content-Type: text/plain; charset="iso-8859-1" This has been an interesting thread. It makes me want to raise my own question. Is it possible to do multi-server/single source authenticaton using Active Directory rather than LDAP? Right now, we're not able to drop active directory for students, but will probably need to add servers as our LTSP experiment moves forward. The sticking point has been the way winbind/samba creates and maps unix passwords to windows passwords. Essentially each installation of Linux that uses Active Directory for authenticaton ends up with their own local user/pass db that makes centralized NFS homes semi-impossible. Has anyone figured out how to scale Linux and AD? John </div> </div> </blockquote></div>