Caution Stoopid Newbie

[Mark Haney]

Yes, that's exactly been the whole issue here.  For the most part, I am
staring at the issue from more of a Windows-centric point of view. Mostly
because I have in the past supported a lot of Windows clients and know
_alot_ about SMB just from sheer need to know why my Windows Explorer
doesn't see the network, even when I can ping stuff on it!  I am pretty well
versed in Domain Architecture from NT and 2000 because I need to support it
and I like to learn it.  Horn tooting aside here I think, to some extent the
whole issue surrounding the problem is context. (And here I include the post
from Philip Mayers in this as well.)

> Now what I really want  (what I really really want)
> is to be able to login to the linux box from the 98 machine

What exactly does everyone think of the above statement?  According to the
rest of the email, he can browse shares and read and write things to the
shares, so in one sense he _is_ logging into the box.  However, he's not
necessarily _authenticating against_ the samba box in the Domain sense.
This is where this discussion gets tricky and i think everyone on this list
has maybe a different definition of the the term 'log in'.  We know what it
is, but can we explain it coherently?

As I said before, based on the emails claims of being able to
read/write/browse shares that he meant to access the machine either 'via
telnet' or another remote process.  (See my previous post about my
definition of Authenticating vs logging in.)

Okay, that out of the way, if it's authentication he wants, he's got it if
he can browse, etc.. so my only other assumption is central authentication.
Now I agree with Eric here, Samba 2.0.6 or 7 is great in a workgroup
environment, as a member server in an NT domain and with other *nix OSes.
But, and in my experience, it lacks as an NT PDC. Which is why I stated that
it's not a good idea to use it as a PDC, and he should consider going to the
alpha code.  I realize alpha code _is_ alpha code, but it's more stable as
an NT PDC than 2.0.x and therefore I felt to be a better choice _in that
respect only_.  I would never willingly give a total newbie alpha code and
say 'here ya go, enjoy' without thinking that this newbie may not be so new
at this at all.  (Besides, if he's using Samba and Linux, he's gonna need to
know how to compile-and-install soon enough anyway, it's the only way to go.
;)

Long winded I am today.  This has been (flames aside, myself included) a
rather interesting discussion and hopefully something useful can come of it.
Especially if I personally get feedback on what other think of 'logging in'
versus 'authenticating'.

-----Original Message-----
From: samba-ntdom-admin at lists.samba.org
[mailto:samba-ntdom-admin at lists.samba.org]On Behalf Of Eric Pilger
Sent: Wednesday, April 04, 2001 1:30 PM
To: samba-ntdom at samba.org
Subject: Re: Caution Stoopid Newbie


What an explosion :-)

Here are some experiences with 2.0.x from a highly UNIX centric point of
view.
For years I have used SAMBA to provide access to the resources (printers and
disk) available on my Solaris machines. "Authentification" (assigning of a
valid
user ID) has been unified across all workstations, first through NIS, then
NIS+.
Windows 95/98/NT/2000 machines were quite happy as members of a workgroup,
joining via unencrypted passwords. I avoided encryption for many years
because I
enjoyed having only one password database.

I have recently ventured into the realm of encrypted passwords. This works
fine,
and allows Win NT/2000 to connect automatically (if the Win user/password
match
the one stored on UNIX). I do not yet synchronize passwords, so I do have to
maintain two password databases separately.  I am now trying 2.2.0 and its
PDC
capabilities. It looks like it could work, but introduces a host of small
issues
which I'll need to work out, so I am not jumping in yet.

Since I have now forgotten most of the original message, I include some of
the
relevant text below.

>Please could somebody clear up some confusion I have - I freely
>admit that I am a clueless newbie in both samba and linux so be warned....
>I am runing Mandrake 7.1 (if that makes a difference) and have
>managed to get samba running quite well ( verion 2.0.6) ie I
>can see shares copy files from my win98 machine and so on.
>Works perfectly. Now what I really want  (what I really really want)
>is to be able to login to the linux box from the 98 machine. So

Just what do you mean here? Aren't you already logging in? I guess the real
question is what you hope to get from SAMBA that you aren't already getting.
This leads naturally to the question "What are you getting now?"

>So far the documentation seems fairly confusing (to a newbie)
>as I understand it later versions[1] of samba support NT PDC
>type things however it suggests that the version I have will allow
>answer of what 2.0.6 will support ie I think it supports logons from
>98 logons - can somebody point me in the direction of a definitive

2.0.x supports workgroups wonderfully. From the UNIX centered viewpoint this
is
all that is really necessary. However, I fully acknowledge my bias.
Actually, I
can see where the PDC stuff could be useful as I get more public
workstations
with multiple users. That is why I have been looking in to it.

>98 machines but doesn't do full PDC - is this correct ? If so then
>I guess there must be some differences between the two - what
>are they ?



--
Eric J. Pilger
Systems Administrator
Hawaii Institute of Geophysics and Planetology/SOEST
pilger at pgd.hawaii.edu
(808)956-6321 (Voice/FAX)