On Wed, Jul 8, 2009 at 10:57 AM, Mike Erdely<m...@erdelynet.com> wrote: > On Wed, Jul 08, 2009 at 11:32:46AM +0100, Edd Barrett wrote: >> On Tue, Jul 07, 2009 at 10:28:34AM -0400, Jason Beaudoin wrote: >> > > Did you have a look at www.kernel-panic.it ? There are some tutorials. >> > >> > yes, there's some helpful info for samba, but I haven't yet seen anything >> > related to winbind.. unless my google foo needs some work. >> >> Winbind is a PAM plugin. OpenBSD does not use this mechanism. > > Winbind depends on the use of nsswitch.conf. > >> I don't know if ypldap can be used to talk to AD? > > That's its purpose (to be used with LDAP) and Active Directory is a > bastardized^wenhanced implementation of LDAP. > > Along with login-ldap, ypldap should give you the same functionality as > winbind, afaik. But, winbind is useful with integrating Windows-based > authentication with applications such as squid (but it's been years > since I've done that). > > -ME > >
The major advantage of Winbind is that it automagically enumerates your ADS users and binds them to UIDs on your *nix box. I've not worked with ypldap specifically, but IIRC it's going to require that the Win server have an NIS server aboard with UIDs already mapped. See http://www.microsoft.com/windowsserver2003/r2/unixinterop/default.mspx for info on the ADS NIS server. If you're just looking for authentication and don't mind creating the individual users on your OpenBSD system, just use Kerberos.It's a much simpler and resilient setup. -HKS
