[Samba] Centrally stored policies with group settings

Matt.Gregory at ctimi.com Matt.Gregory at ctimi.com
Mon Aug 19 10:20:01 GMT 2002 

Go and read about setting up Directories in LDAP, remote authentication 
via LDAP with Samba (Capter 11 in the Samba howto).

It souds like your best bet is to create an LDAP server with replication 
(for failover) and a directory service for the groups.  You can then store 
all your unix accounts in LDAP and have Samba authenticate from that 
server as well.  There are lots of howtos available for configuring 
windows clients to log into LDAP directories as well.

The other choice is, of cource, to stay with Windows NT domains.  I would 
highly push the LDAP solution however, since it's pretty-much becomming 
the standard (Windows Directory Services in 2K Advanced Server is LDAP v3 
compliant).

Matt Gregory
Web Developer
CTI, Inc.
cell: 678-458-6513
ioem: matt.gregory at ctimi.com *see key block below
ooem: matthew.gregory at skyleach.com




Rodger Etz-Brown <etz-brown at univention.de>
Sent by: samba-admin at lists.samba.org
08/19/2002 09:02 AM

 
        To:     samba at lists.samba.org
        cc: 
        Subject:        [Samba] Centrally stored policies with group settings


Dear *,

we are stuck and cannot find anything on the Net or the documentation.

Background
----------
We are currently working on a project that aims to migrate Servers from
a Windows NT domain to a Samba based domain. The migration, as always,
should be completely tranparent to the Windows Desktops and their users.
There are about 300 users and may be 20 groups.

Issue
-----
The current domain set-up makes heavy use of policies. The policies are
group based and stored centrally on the DCs.

For the moment we only consider Samba 2.2 as 3 is not released yet and
therefore hard to justify in a production environment.

In one sentence: We need a way to set policies via Samba or any other
mechanism that allows us to specify group based settings, where one user
is part of several groups.

Possible Solutions
------------------
Implement Samba 3. As said above, not really a valid option until it's
released.

Or create a policy file for each user by hand and map netlogon to
something like %U. Not feasable as it is too much effort. Especially
when group membership changes. Am not even sure this would work.

Questions
---------
Has anybody faced the same issue and found a solution for centrally
stored group based policies using Samba ver 2.2?

Is anybody using Samba 3 in a production environment? If so, have you
experienced any (in)stability problems? (This might help us convince the
customer to let us implement the unreleased version)

Please also let me know if any of the above assumptions are wrong.
Please don't reply if you don't know how Windows NT Policies work or
read this first:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q185589

Many thanks in advance,
REB

-- 
Rodger Etz-Brown <etz-brown at univention.de> fon:   +49 421 22 08 114 
                                           fax:   +49 421 22 08 115
univention_ GmbH http://www.univention.de/ mobil: +49 179 54 22 947

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list