What is Centrify-enabled Samba?

Centrify-enabled Samba is an adbindproxy module and PERL configuration script that enables Server Suite and Samba to work together without UID, GID, or Active Directory conflicts.

In previous releases, Centrify would modify the Samba package and provide a unique, Centrify version of Samba for different operating systems. In this release, Centrify provides a couple of components that work with the stock Samba packages.

Server Suite is an integrated set of commercial identity management products that enable a Linux, UNIX, or Mac host to participate as an Active Directory domain member. When you install Server Suite products, you can manage the Centrify-managed computer’s user and group accounts and privileges entirely through Active Directory.

When open-source Samba is configured as an Active Directory domain member and the DirectControl agent is installed together with Samba on the same Linux or UNIX host, two problems can arise:

  • Samba and the DirectControl agent both attempt to create and manage the same Active Directory computer account object, causing one of the products to stop working.
  • Conflicting UIDs and GIDs are generated by Samba and the Centrify Management Services tools for the same Active Directory users and groups. However, the two programs use different algorithms for generating these values. The result is file ownership conflicts and access control problems.

To resolve these issues, Centrify provides the following components:

  • adbindproxy (adbindd) module: The adbindproxy module uses the adbindd daemon. Unless otherwise noted, “adbindproxy” and “adbindd” are used interchangeably in the documentation. The adbindproxy (adbindd) module intercepts Samba UNIX ID mapping requests and reroutes them to the DirectControl agent for processing. This module ensures that Samba and DirectControl agent agree on the UNIX attribute values.
  • adbindproxy.pl PERL configuration script: Automates most of the setup process and designates the DirectControl agent as the manager of the shared computer object.