[Samba] Samba as BDC in NT domain
Andrew Bartlett
abartlet at samba.org
Sun Nov 24 21:00:01 GMT 2002
On Fri, 2002-11-22 at 09:45, Robert Adkins wrote:
> Chris,
>
> I believe the issue is relating more to the SID (Security IDs) that are
> also transferred for both user and computers. I don't believe that
> dumping the NT SAM into a smbpasswd file would really do the trick as it
> wouldn't include the SID information. (Unless I am seriously mistaken.)
Correct, you cannot correctly represent this information in smbpasswd.
However, ldapsam and tdbsam both allow you, in Samba 3.0, to store an
arbitrary RID per user.
The new command 'net rpc vampire' is designed for exactly this purpose,
and functions correctly for NT4 domains. It does not currently
correctly extract passwords for some Win2k domains.
We do not currently support the 'incremental' mode for replication, only
'one shot', which makes it less suitable for BDC use.
> What you are suggesting sounds like it would work simply for creating a
> Samba server within a Windows NT Domain that uses the domain controller
> to pull its list of users and accounts.
>
> You would still need to create all of the groups in the *NIX/Linux/*BSD
> groups file and set all the permissions on the drives. I am unfamiliar
> with being able to dump the NT group information into a text file.
You need all the 'add user script' and 'add group script' stuff setup in
your smb.conf before you run the command, and this should correctly
populate the group mapping tdb.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20021124/f3812abf/attachment.bin
More information about the samba
mailing list