samba and winbind

[Buchan Milne]

Sorry for the lateness of the replay and the messed up mail below, but 
I'm subscribed in digest .....


If you have a single Unix PDC, you DO NOT WANT TO IMPLEMENT WINBIND!. 
The only time you want to implement winbind is when you have Windows DCs 
involved in the equation, and then you must accept that you will not be 
able to use NFS between the linux boxes (since each machine could have a 
different RID->uid/gid mapping).

If you have a sinlge unix pdc (no inter-domain trusts), then it is 
better to use LDAP for account information (user, group etc), and use 
pam_smb to authenticate using the windows password. LDAP will store 
uids, and by making changes to /etc/nsswitch.conf (after installing 
nss_ldap) and some of the files in /etc/pam.d, you can create an 
environment where you have:
1)Windows domain as usual
2)LDAP directory which you can also use as a global address book
3)Consistent uid's and group membership details across all unix machines
4)Advanced mail routing based on LDAP entries
5)NFS share which linux users can mount on boot (no need to try and 
emulate NT login scripts to mount drives)
6)Use LDAP and the replication protocol to replicate this data to other 
LDAP servers (no need for domain trusts if all you DC's are samba).

Plus, it also means you can add more linux file servers with no worry 
about trying  to ensure that your PDC is giving back correct domain 
group lists.

There are migration scripts distributed with ldap in most linux distros 
which will allow you to migrate all the data stored in the system files 
(for example passwd, aliases, group, shadow, hosts, protocols, 
services). It should take you about an hour to get all the data (for a 
smallish network, say 100 users) imported once your LDAP server is running.

If you need help in setting up LDAP, give me a shout, or check out some 
of these pages.

http://www.yolinux.com/TUTORIALS/LinuxTutorialLDAP.html
http://www2.linuxjournal.com/articles/linux_review/0030.html
http://www.padl.com/tools.html
http://www.bayour.com/LDAPv3-HOWTO.html#4.2.6.SLAPADD%20problems/messages|outline

Note that Netscape and Mozilla can autocomplete email addresses from an 
LDAP server, which is REALLY cool.

Regards,
Buchan




Message: 4 Date: Tue, 9 Oct 2001 10:45:17 +1000 Subject: samba and 
winbind From: peter.milburn at sofcom.com.au To: 
samba-ntdom at lists.samba.org Ok I need some help here please, I have not 
been able to find winbind just to add to my current samba that I have 
installed Here is what I have: I have a samba PDC running which some 70+ 
win2K machines connect and use no problems at all, which is fantastic. I 
have all our linux servers connected to the PDC as well, which is even 
better. What I want to do now, is utilize pam so that local accounts do 
not need to be on the linux machine. It was suggested that I use 
winbind, the only version I can find, is a rpm which installed samba pre 
3.0 After completing this I can not gett the samba + winbind rpm to 
connect to my linux PDC. Am I doing this all wrong or am I on the right 
track. I am wanting someone to do it for me, just point me in the 
direction of docos and files. Thanks heaps for your time. Pete
-- Peter Milburn Systems Manager Software Communication Group Ltd 
peter.milburn at sofcom.com.au Ph: +613 9826 8300 Fax: +613 9826 8336 Level 
16, 644 Chapel St South Yarra, Vic 3141 www.sofcom.com.au 
******************************************** This message contains 
privileged and confidential information intended only for the use of the 
addressee named above. If you are not the intended recipient of this 
message you must not disseminate, copy or take any action in reliance on 
it. If you have received this message in error, please notify Software 
Communication Group immediately. Any views expressed in this message are 
those of the individual sender except where the sender specifically 
states them to be the views of Software Communication Group. 
********************************************


-- 
|----------------Registered Linux User #182071-----------------|
Buchan Milne                Mechanical Engineer, Network Manager
Cellphone * Work       +27 82 472 2231 * +27 21 808 2497 ext 202
Stellenbosch Automotive Engineering         http://www.cae.co.za