Migrating is still a good idea...

[Billy Crook]

On Wed, Nov 12, 2008 at 13:35, Haworth, Michael A.
<Michael_Haworth at pas-technologies.com> wrote:
> Is there a way to set up a CentOS server to have it do some kind of mapping
> to/from Microsoft AD?

Yes.  There are two primary ways.  Winbind, and LDAP.  Winbind is
subordinate to Windows proprietary authentication stuff, so its' not a
boot choice if you ultimately want to do away with your windows
infrastructure some day.  LDAP is the "more open-ey" way to do it.
I've never set up a Linux file server as a windows domain member server
using LDAP though, so maybe someone can chime in on the list.  If not,
google a bit, give it a try, and search on whatever error message you
get.  Keep in mind Linux accounts, and samba accounts are separate
databases. If there are less than a dozen or so users, you may find it
easier to just create fresh Linux and Samba accounts, without
'connecting' authentication together.

Here's a page from the CentOS deployment guide on setting up
authentication mechanisms for local unix accounts:
http://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-authconfig.html

Samba (if you're using this for file or print serving to windows
clients) also needs to be set up to use ldap against a windows AD.
Samba servers choose one of a handful of security types.  These
define how users are authenticated.  You can read about them at:
http://samba.org/samba/docs/man/Samba-HOWTO-Collection/ServerType.html

The 'role' of a file server that authenticates users against AD is an
AD 'member server'.  Chapter 6 of the samba howto is dedicated to
this:
http://samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html

I also have a book on samba I can give you at the next meeting.  I
read it from front to back, and it helped a lot.  Samba is immensely
flexible.

If you need a distributed account database, you will eventually need
to learn and use OpenLDAP.  http://www.openldap.org/