What is best setup for us?
Stephen L Arnold
sarnold at coyote.rain.org
Fri Mar 19 03:52:28 GMT 1999
On 19 Mar 99, "Duncan Kinnear" <duncanwantsnomorespam at mccarthy.co.nz> had
questions about What is best setup for us?
[snip]
> Now the best solution seems to be to run the Samba server as a PDC
> and change the clients to "Domain" clients...
>
> Another solution would be to use the NT server as a PDC and have the Samba
> machine set up as "security=server"...
The latter would probably be more stable than the former (although
the same accounts would have to exist on both machines for each
user).
> Also, how does password encryption fit into this? Can this be done
> transparently to the user without on-going maintenance? Again, the docs
> don't seem to be very clear on this.
>From my experience, encrypted passwords should fit in just fine (do
DG machines use shadow passwords?). If you're running with plain
text passwords now, just enable the update encrypted option in
smb.conf (don't forget to create smbpasswd) to populate the
smbpasswd file as each user logs in. And you'll need to delete (or
disable) the plaintext reg keys. Or, you could just enable
encrypted passwords and force the users to change them ;-)
Sorry, I've only run security=user. Even doing domain logons (with
security=user) you would still have to maintain accounts on both
machines (and users would need to change 2 passwords to stay in
sync). The unix passwd sync option will take care of keeping
/etc/passwd and smbpasswd in sync, but only the experimental config
(security=domain) will do what you want (assuming a BDC will
authenticate to the samba/PDC).
Steve
*************************************************************
Steve Arnold sarnold at earthling.net
http://www.rain.org/~sarnold
This message composed of 100% recycled electrons. You should
also recycle yourself. Become an organ donor (8-)@
More information about the samba
mailing list