Authenticating NT
David Collier-Brown
davecb at Canada.Sun.COM
Wed Aug 19 16:58:14 GMT 1998
Alan Angulo wrote:
> Current system:
> ---------------
> 1- I have one PDC NT server (NTPDC1) with its own domain (STUDENT_DOMAIN).
> NTPDC1 is the server containing NT apps needed by students. They access
> these apps via UNC or via drive: (i.e. net use H: \\NTPDC1\apps)
> 2- The students NT profiles are setup so they automatically connect to
> their home directories in Z: at \\jake\%username%.
> 3- I have one Unix box running samba (SAMBA01). The students home
> directories via [HOMES] accessed via NFS from other servers.
> Right now the students have to keep their passwords the same (all
> lower/upper cased).
>
> Problem:
> --------
> Maintaining two password databases for 6000 accounts
>
> Wish:
> -----
> I wish there was a way the students can authenticate in one place only.
> Can samba solve my problem.
Centralizing on one authentication system makes sense.
So, by the way, does avoiding samba->nfs->disk.
Right now, the easiest thing to do is to centralize
on one or the other OS, so as to obtain all the
services in a coherent manner.
Choice 1: have a samba server provide all the
services to a test client or two, and configure
Unix authentication to use whatever is your lab
standard (e.g., yellow pages, NIS, kerberos, etc.)
test out all the client-side services, and come
up with a way for serving files without an
intermediate hop. The easy way is to move
the samba to the disks.
Provide file, & print services, profiles and
WINS/DNS. Then shift a subset of your clients
over and measure performance. (You'll be pleased)
Then move the rest. Convert the NT machines to Linux.
Choice 2: move to a pure NT environment.
Maybe have to buy stuff.
Choice 3: just push the authentication off to
NT via security=server, and see about
moving samba to the server where the disk are.
In the future, or if you feel like being a
beta-tester now, try the semi-experimental
PDC version of Samba, which will allow the
Samba machine to be a fileserver in the NT
domain.
--dave (I'm biased: guess which way) c-b
--
David Collier-Brown, | Cherish your enemies. They're harder to
185 Ellerslie Ave., | come by than friends and more motivated.
Willowdale, Ontario | davecb at canada.sun.com, hobbes.ss.org
N2M 1Y3. 416-223-8968 | http://java.science.yorku.ca/~davecb
More information about the samba
mailing list