[Samba] security=domain and Citrix MetaFrame on W2K was Windows 2000Terminal Server and Samba

Troy.A Johnson troy.johnson at health.state.mn.us
Wed Nov 27 16:19:38 GMT 2002


Does this work for:

security = domain

situations? Do you have to 
do anything special with regard 
to joining the domain.

>>> <Drew.Zeller at statcan.ca> 11/27/02 09:16AM >>>
I saw your postings and thought I would through in my two cents for
the
Windows 2000 Terminal Server and Samba.  The MultipleUsersOnConnection
does
not seem to work in Windows 2000 version of Terminal Server (at least
not
for me).  My understanding is that Microsoft has removed that option
in
Windows 2000.  What I have found, through various discussions in the
Samba
newsgroups, as well as testing, it is possible to give a unique SMB
process
to Terminal Server SAMBA connection, however to do this they need to
access
the samba server through an alias for the SAMBA server.  In my tests
this
was tried with both the SAMBA netbios aliases option, as well as
creating
server name aliases through the local hosts file on my Terminal server.
 In
both cases, each connection to the server, with a different host name
alias,
was found to create a new smb process for each alias name connection
and
this in turn helped with my file server performance problems (as well
as
some file locking problems).

What I have started to do is create a unique server alias for each user
that
goes to access the server (this way each user gets their own unique
SMB
process), and so far no problems.  I have implemented this by creating
a
SAMBA server host name alias in my Terminal server hosts file using
the
users user id (this way the user id is not visible to anyone off of
that
terminal server).  

Something to be aware of though is that in my case the most aliases I
have
had to create at anyone time is around 50, so I do not know what the
maximum
number of aliases possible would be (for either the netbios aliases
option
or the local hosts file) so this may not be do-able in a large
environment.
Also, in my case, user's normally only access files from one SAMBA
server so
the user id aliases can work for me.  If someone needs to access
another
server they just access it through the regular NetBIOS name, but since
this
does not happen too often, it does not create noticeable performance
problems for my users (or at least none have been reported or
noticed).




More information about the samba mailing list