Volker Lendecke, SerNet co-founder and long-time Samba Team member, gave a talk on "Integrating Storage Systems into Active Directory with winbind" at this year’s SDC EMEA (January 30, 2019 – Tel Aviv, Israel). The recording is available on YouTube: https://youtu.be/w_r27Ono9TI (direct link).
From the abstract
Most environments use Active Directory as their primary authentication and authorization source. Users and groups are stored there. Any storage system must authenticate and authorize users in some way. Samba's winbind provides a solution to seamlessly integrate with Active Directory using the same mechanisms a native Windows client uses. It provides an API to authenticate users and retrieve authorization information like gorup memberships of authenticated users. Also, it can integrate into any kind of mappings scheme of Windows and Unix principals, and from there it can integrate Windows users into the Unix user database.
This talk will give an overview of the API that storage vendors and integrators can use to access winbind's services. This API is licensed LGPL and not GPL, so it does not put licensing restrictions on the storage software using it.
- Active Directory Authentication Mechanisms
- Windows/Unix ID-mapping
- Practical API description for accessing Active Directory