[Samba] Authentication Problem...

Andrew McCall it.andrew.mccall at oldham.gov.uk
Wed Sep 11 09:29:21 GMT 2002 

Hi All,

I am sure that you have all read this email a thousand times before, but I am 
having problems getting the information together and checking that what I think I can do, can be done :)

At the moment, we currently have 3 or 4 sources of authentication. We have Novell thats used or all users, OpenLDAP thats used for all mail accounts and 
some NT accounts that are used for things like Citrix users in addition to standalone accounts on many Solaris and Linux boxes....

We now have to unify the logon process so that the same username and passwords 
are used no matter what system you are using.

At the moment, the Windows-boys :) are all for moving to Windows 2000 and using ADS, but I am a little unsure about that due to the way the non-windows 
systems will intergrate into this setup, the stability of ADS and the 
potential MS-creep that this will force on the network.

I know that I could do pretty much what I want to do just via Samba, however 
due to the way the company works, this isn't really an option, and I must somehow integrate it to a Windows network.

Basically, what I want to do is have all the usernames and passwords stored in 
an OpenLDAP server, Samba pulls the users from the OpenLDAP and offers them to the W2K ADS domain.

Everything else can be done as per normal with W2K ADS and all its management 
tools.

This is the sort of situation I am trying to get : (Hope the tabs work out)

OpenLDAP		->Samba		->Windows 2K with ADS
|				|				|
|				Major Static Shares	Groups, Roaming Profiles
qmail								Software Deployment
Apache							Shares,Printers
UNIX Accounts

The questions I have are :

If a user was added via a W2K admin, on a W2K machine would this go back into 
the OpenLDAP directory?

Can the W2K servers be used in this situation for things like managing roaming 
profiles, assigning printers on login and managing groups or users, basically 
all the things that would usually be done with W2K.

Can I somehow have the Samba server as a "backup" server so if the W2K domain 
goes down, the users can still log on via Samba??

Overall, I think that all I want is for a W2K ADS domain to use OpenLDAP ato 
authenticate its users against, this way we can fully integrate it into out network with all the OS types we have.

Does anyone have ny experience with this sort of set up?

What do people recommend?

-- 
Thanks,

Andrew McCall
Internet/Linux System Administrator
I.C.T. Division
Oldham MBC
Civic Centre
West Street
Oldham
OL1 1UU

Tel : 0161 911 3990
Fax : 0161 911 3998
Email : it.andrew.mccall at oldham.gov.uk


**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

www.oldham.gov.uk
**********************************************************************

More information about the samba mailing list