[Samba] Samba in a Win2000 / NT Enterprise

Fri Mar 8 12:21:07 GMT 2002

I've gotten my token, the whole shebang.  I can login to the linux
machine with ops+username and my network password, I have setup
directories on the machine and changes the group ownership to ops+mis,
I've restricted the shares themselves via the smb.conf file...just about
everything.  Mounted shares onto the linux server, etc, etc.  I'm
running a windows 2000 active directory domain (native mode) with 2
domain controllers. (PDC/BDC technically no longer exists in win2k)
Running about 65 workstations and like 9 servers.  My next step is to
apache authentication working, but that's not a priority.  I'm actually
incredibly impressed with how well samba plays in a win2k environment.
I had a few problems, but they were related to a semi-screwed up wins
database, but once that was cleaned up things have been perfect.  I've
actually setup about 4 machines in the active domain, and they all work.
The winbind docs on samba.org are excellent on helping you set it up.
I'm far from a linux guru, but I can hold my own and it's been fine so
far.

-----Original Message-----
From: Sarris, Chris [mailto:Chris_Sarris at csgsystems.com] 
Sent: Friday, March 08, 2002 2:06 PM
To: Blanchard, Michael
Subject: RE: [Samba] Samba in a Win2000 / NT Enterprise

Michael,
Excellent news.... so can you confirm that you get a W2K ACL security
tolken back and can access  various resources on a W2K domain and are
locked out of ones that you should not have access to?

What is your enviroment / LAN?

Thanks,
Chris

-----Original Message-----
From: Blanchard, Michael [mailto:MBlanchard at grandaire.com]
Sent: Friday, March 08, 2002 11:47 AM
To: samba at lists.samba.org
Subject: [Samba] Samba in a Win2000 / NT Enterprise

Winbind has been in use here for almost a month and I've had no problem.
I would suggest first off upgrading to 2.2.3.  Just do an rpm -e
samba-client and samba-common first so you clear up the dependencies.  
Then go to samba.org and read the documentation for winbind.  It's
actually pretty easy to do, and has been working really well over here.
There isn't anything as cool as sitting in front of a linux computer and
logging in with "ops+username" :)  You have to add about 7 lines of
winbind-specific stuff into you smb.conf file, but that's all availible
on the samba.org webpage.  

-----Original Message-----
From: Chris Sarris [mailto:Chrissarris at hotmail.com] 
Sent: Friday, March 08, 2002 12:37 PM
To: samba at lists.samba.org
Subject: [Samba] Samba in a Win2000 / NT Enterprise

Hello,
I am currently integrating 20 workstations and 5 Servers (all Dell
Products) running Red Hat 7.2 (2.4.7-10) into a Windows 2000 / NT
Enterprise network of about 2,000 users.

I have been using a Samba server (version 2.2.1) with "security=domain"
so that any user with a W2K domain logon can access the Samba file
server.

However, I want to move into full integration and set up all Logins to
Redhat (wether Gnome or KDE) to authenticate on the W2K corporate domain
and recieve back a security access tolken so that I can have a unified
logon point and then access shares or printer on any W2K computer in the
domain that I have rights to access.

I have considered the Pam_smb module but it only seems to query the W2K
corporate domain for a successful username / password logon. However,
that means anyone of the 2,000 members in our Corporate Domain could log
on to our boxes instead of the group of 20 that I want to give access
to. But inaddition to that... I don't think that the Pam_smb passes back
*any* kind of security or access tolken so that I can access other
domain shares.

I think Winbind is my answer, but it seems like it has not been released
in a stable manner yet.

What do you suggest?
thanks for your help,
Chris

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba