Samba 4 Status Question

K Cody kcody at jilcraft.com
Sun Oct 17 16:54:00 GMT 2004 

On Sat, 2004-10-16 at 21:46, Tim Potter wrote:
> On Sat, Oct 16, 2004 at 12:52:28PM -0400, K Cody wrote:
> > Am I still better off with Samba-TNG for a pure PDC?
> You are better off with Samba 3 for replacing a PDC, IMHO.

Samba 3 is what I've got now throughout. -TNG claims to have more mature
support for LDAP backends. Has Samba-3 caught up? Is there nothing
gained by switching to -TNG? 

I've got everything working, but it's a little icky to deal with new
users:

1) Manually create posixAccount.
2) Manually create courierMailAccount
2) Set up Kerberos 5 principal for Linux / Mac OS X logins
3) "smbpasswd -a user" for Windows logins

New machine accounts are even more painful. I can add it automatically
from the member server, and have it show up in the right ou=Computers,
but I have to go edit the uid and sambaSID to keep the machine UID's in
a separate range.

I know these are no big deal to the admin, but it really shouldn't take
a sysadmin to add an account or lock one out, or change group
memberships. Webmin touches too much, and wouldn't achieve full
integration anyway.

On another topic, I noted that Samba 4 will be using an independent user
database. Will there be a way to force synchronization with the UNIX
database? Not that I'd mind using the proposed Samba 4 LDAP interface,
but it would have to be able to replicate to OpenLDAP as well as other
Samba 4 DC's. Still, if you're going that way, there needs to be a
Samba-native account management tool, that can be configured for
site-specific objectClasses and perhaps kadmin/kpasswd syncing.

May I suggest killing several birds with one stone, and making a common
web interface specifically for simplifying account management. IIRC
Windows password changes use a one-way cipher before sending it over the
wire? Using a direct web interface gets the cleartext password in the
hands of the server-side code, and thus can be applied to any type of
auth database.

-- 

K Cody
Digital Press, Systems Administrator
Jilcraft, Inc. dba Jaguar Graphics & Print
617-742-1499
617-227-6803 (Fax)

PGP Key Number 85E6C8FD
To retrieve, search for 'kcody at jilcraft.com' on
http://keyserver.noreply.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20041017/3c84e126/attachment.bin

More information about the samba-technical mailing list