We have been using filers to store users' home directories since 1997. We started out with NFS on Unix and added CIFS access later. We have about 30,000 user accounts.
We have always used NIS authentication for CIFS so that folks have the same password on Unix and CIFS. But we have been unhappy with the passwords going over the network in clear text. We have finally gotten funding for enough Windows client licenses to give all our users accounts in a Windows domain, so we want to switch our filers to Windows domain auth.
This is going to cause us a serious user education problem. Currently it does not matter what domain a CIFS user specifies because the domain name is ignored when mapping a to a NIS user. For example, BOGUS\fred maps to "fred" and MYDOM\jane maps to "jane", etc. Right now when "fred" does a "map network drive" he just enters "fred" for his username. His PC supplies the windows domain, whatever that may be. Some folks login to local departmental domains. Some do local Windows logins, etc. Right now that doesn't matter because the filers ignore the domain name when mapping to a NIS username.
But that will suddenly change when we switch to Windows domain auth. Fred will suddenly be required enter "ESERVICES\fred" instead of just "fred".
Does the filer have any option where it "knows" that no matter what domain name the user supplies, in his heart of hearts he really means "ESERVICES" ? That would save us an awful lot of calls at our help desk when we cut over. By the way, we don't know in advance what domain name a user may supply. Many of them appear to be whatever name the user gave his PC.
Steve Losen scl@virginia.edu phone: 434-924-0640
University of Virginia ITC Unix Support