Authenticating NT

David Collier-Brown davecb at Canada.Sun.COM
Wed Aug 19 16:58:14 GMT 1998 

Alan Angulo wrote:
> Current system:
> ---------------
> 1- I have one PDC NT server (NTPDC1) with its own domain (STUDENT_DOMAIN).
>    NTPDC1 is the server containing NT apps needed by students. They access
>    these apps via UNC or via drive: (i.e. net use H: \\NTPDC1\apps)
> 2- The students NT profiles are setup so they automatically connect to
>    their home directories in Z: at \\jake\%username%.
> 3- I have one Unix box running samba (SAMBA01). The students home
>    directories via [HOMES] accessed via NFS from other servers.
>    Right now the students have to keep their passwords the same (all
>    lower/upper cased).
> 
> Problem:
> --------
>    Maintaining two password databases for 6000 accounts
> 
> Wish:
> -----
> I wish there was a way the students can authenticate in one place only.
> Can samba solve my problem.

	Centralizing on one authentication system makes sense.  
	So, by the way, does avoiding samba->nfs->disk.
	
	Right now, the easiest thing to do is to centralize
	on one or the other OS, so as to obtain all the
	services in a coherent manner.

	Choice 1: have a samba server provide all the
	services to a test client or two, and configure
	Unix authentication to use whatever is your lab
	standard (e.g., yellow pages, NIS, kerberos, etc.)
	test out all the client-side services, and come
	up with a way for serving files without an 
	intermediate hop. The easy way is to move
	the samba to the disks.
	Provide file, & print services, profiles and
	WINS/DNS.  Then shift a subset of your clients
	over and measure performance. (You'll be pleased)
	Then move the rest. Convert the NT machines to Linux.
	
	Choice 2: move to a pure NT environment.
	Maybe have to buy stuff.

	Choice 3: just push the authentication off to
	NT via security=server, and see about
	moving samba to the server where the disk are.

	In the future, or if you feel like being a
	beta-tester now, try the semi-experimental
	PDC version of Samba, which will allow the
	Samba machine to be a fileserver in the NT
	domain.

--dave (I'm biased: guess which way) c-b
-- 
David Collier-Brown,  | Cherish your enemies.  They're harder to
185 Ellerslie Ave.,   | come by than friends and more motivated.
Willowdale, Ontario   | davecb at canada.sun.com, hobbes.ss.org
N2M 1Y3. 416-223-8968 | http://java.science.yorku.ca/~davecb

More information about the samba mailing list