Geoff Silver <gsilver at winstar.com> gsilver at winstar.com
Tue Sep 19 13:20:51 GMT 2000

> You should be able to join the linux boxes to the NT-controlled domain,
> which will keep all authentication on the PDC. Account information will
> be handled by NIS.

Yes, we do that for our Samba file servers.  The problem is that we must
create user accounts on every machine.  NIS will centralize that, but
I need a method to duplicate and sync the NT accounts and groups to
NIS.  If an NT admin deletes a user, NIS should automatically update.  If
they create a new NT user account or add a user to a group, that info
should also be updated on the NIS master.  If Samba could be a stable BDC,
I might not have to write Perl scripts to run on NT, but I'll still need
them on the NIS master/BDC (if it's even possible).

Incidentally, ActiveState's NT Perl binaries SUCK!  For instance,

if ($var1 != "") { print "Var 1 is not null"; }
else { print "Var 1 is null"; }

is sometimes null and sometimes not null.  It's absolutely ridiculous -
which is why I'd much prefer to do Perl scripting/synchronization strictly
under Linux with Samba as a BDC than on the NT PDC.

> Make trust accounts for the samba boxes on the PDC, and try "smbpasswd
> -j <domain>" (no guarantees on this one, I have no NT PDC!)

Actually, we use 'smbpasswd -j <domain> -r <PDC>' (the -r might only be
needed on 2.0.5 and earlier), but yes, that does work.  But, thanks for
the help.

> Buchan
> Geoff Silver wrote:
> > 
> > Greetings,
> >         I've spent several days going though the list archives, online
> > Samba docs, e-mailing LUGs, and searching Google, and I've come to a
> > sticking point.  I'm not a member of this list, but this seemed like the
> > perfect place for this question, since no one else has been able to offer
> > much help.  If anyone can help and would be kind enough to include my
> > address in any group replies, that would be extremely appreciated.  Here's
> > my scenario:
> >         I work for a communications company of about 6000 people near
> > Washington, D.C., USA.  In order to save money and move the company away
> > from Windows, I'm working on migrating the file and print servers in the
> > company from NT to Linux & Samba.  I've already proven that printing can
> > be done (although the help desk isn't thrilled about visiting workstations
> > to install NT workstation print drivers, they have agreed to do it until
> > Samba 2.2 is released in final).
> >         The problem we're encountering is with our file servers.  While
> > the Linux servers don't need to allow logins, they do need account
> > information so that we can create home directories and set permissions.
> > I'm leaning towards running an NIS domain parallel to the NT
> > domain.  Since Samba will do the authentication off the domain
> > controllers, the NIS domain will just be a centralized user/group
> > mechanism.  The problem is how to keep them in sync.
> [snip]
> >         I'd certainly appreciate any help anyone can offer.  Of course,
> > we're trying to integrate this into a production network, so the solution
> > has to be stable and (hopefully) easy to maintain.  Running Samba as the
> > PDC (or trying to use /etc/smbpasswd for authentication) isn't an option.
> > Again, please e-mail me seperately, or include my address in any
> > replies.  Thanks for your time and assistance!
> > 
> > --
> > Geoff Silver
> > Systems Architect, WinStar Communications
> > gsilver at winstar.com
> > (703) 889-1053

Geoff Silver
Systems Architect, WinStar Communications 
gsilver at winstar.com
(703) 889-1053

More information about the samba-ntdom mailing list