Win200 Server and Samba

Mike Fedyk mikef at matchmail.com
Sat Mar 10 03:59:13 GMT 2001 

> Mathias Hemmeter wrote:
> 
> > Hello everybody!
> > I want to do the following:
> > I want to integrate other Workstations to the existing Domain and I want to
> > integrate a Linux computer. Therefor I want to use Samba to share disk space
> > with the Win Clients. But there is one thing I don't want to do and that is
> > to create all the Windows Users on the Linux Computer. A friend told me that
> > it is possible to use the Win2000 Active Directory Users with the Help of a
> > WINS Server on the Win2000 Server. But yet I did not manage to get it
> > working....
> > So is it possible to use the Active Directory Users as the Samba users so
> > that I don't have to create every user as well on the Linux Computer?
> >
> > Thank you very much
> > Mathias

On Fri, Mar 09, 2001 at 02:12:09PM +0000, TJ Boyle wrote:
> Seems Unlikely although I cannot give you a definite yes or no, the reason I
> think it's unlikely is because Microsofts Active directory services uses Ldap
> and kerberos encryption from what I gather and that they have taken the ldap
> protocol and put there own hooks in, making in incompatible with others LDAP
> services, also I believe they got the source for kerberos from MIT and didn't
> tell them the changes they made so it's slighty incompatible with standard
> kerberos services. If this was not the case I suppose PAM+LDAP authentication
> may have worked in some way to authenticate of the ADS on the W2k.
> 
> Regards,
> TJ
> 
> P.S. I have never done any testing, this is just what I picked up from looking a
> little in to this.
> 
There are two possible solutions for you:

1: Tweaked ldap auth against win2000

IIRC, win2k took kerberos and one of its "implementation specific" header
fields and put a little encrypted id of some sort.  It was thought that it
could be worked around with little hassle.  You will probably find some good
info on some mailing list archives.

2: winbind, and nt4 auth from win2k

win2k should have services that let it act as nt4 domain controllers, you
can use that with the winbind pam module and have your *entire* linux box
auth against nt2k.

In a setup like this, if win2k goes down, everything is outta luck!  Have
live backups, however win2k does it now.

Mike

More information about the samba mailing list