What is best setup for us?

[Stephen L Arnold]

On 19 Mar 99, "Duncan Kinnear" <duncanwantsnomorespam at mccarthy.co.nz> had 
questions about What is best setup for us?  

[snip]
> Now the best solution seems to be to run the Samba server as a PDC 
> and change the clients to "Domain" clients...
> 
> Another solution would be to use the NT server as a PDC and have the Samba
> machine set up as "security=server"...

The latter would probably be more stable than the former (although 
the same accounts would have to exist on both machines for each 
user).

> Also, how does password encryption fit into this?  Can this be done 
> transparently to the user without on-going maintenance?  Again, the docs
> don't seem to be very clear on this.

>From my experience, encrypted passwords should fit in just fine (do 
DG machines use shadow passwords?).  If you're running with plain 
text passwords now, just enable the update encrypted option in 
smb.conf (don't forget to create smbpasswd) to populate the 
smbpasswd file as each user logs in.  And you'll need to delete (or 
disable) the plaintext reg keys.  Or, you could just enable 
encrypted passwords and force the users to change them ;-)

Sorry, I've only run security=user.  Even doing domain logons (with 
security=user) you would still have to maintain accounts on both 
machines (and users would need to change 2 passwords to stay in 
sync).  The unix passwd sync option will take care of keeping 
/etc/passwd and smbpasswd in sync, but only the experimental config 
(security=domain) will do what you want (assuming a BDC will 
authenticate to the samba/PDC).

Steve


*************************************************************
Steve Arnold                            sarnold at earthling.net
                                 http://www.rain.org/~sarnold
This message composed of 100% recycled electrons.  You should
also recycle yourself.  Become an organ donor (8-)@