[Samba] Authentication Problem...
Yura Pismerov
ypismerov at tucows.com
Wed Sep 11 14:38:01 GMT 2002
It looks Samba PDC with LDAP backend is your best option.
This obviously implies that your Windows folks will have to say good-bye
to ADS...
Andrew McCall wrote:
>
> Hi All,
>
> I am sure that you have all read this email a thousand times before, but I am
> having problems getting the information together and checking that what I think I can do, can be done :)
>
> At the moment, we currently have 3 or 4 sources of authentication. We have Novell thats used or all users, OpenLDAP thats used for all mail accounts and
> some NT accounts that are used for things like Citrix users in addition to standalone accounts on many Solaris and Linux boxes....
>
> We now have to unify the logon process so that the same username and passwords
> are used no matter what system you are using.
>
> At the moment, the Windows-boys :) are all for moving to Windows 2000 and using ADS, but I am a little unsure about that due to the way the non-windows
> systems will intergrate into this setup, the stability of ADS and the
> potential MS-creep that this will force on the network.
>
> I know that I could do pretty much what I want to do just via Samba, however
> due to the way the company works, this isn't really an option, and I must somehow integrate it to a Windows network.
>
> Basically, what I want to do is have all the usernames and passwords stored in
> an OpenLDAP server, Samba pulls the users from the OpenLDAP and offers them to the W2K ADS domain.
>
> Everything else can be done as per normal with W2K ADS and all its management
> tools.
>
> This is the sort of situation I am trying to get : (Hope the tabs work out)
>
> OpenLDAP ->Samba ->Windows 2K with ADS
> | | |
> | Major Static Shares Groups, Roaming Profiles
> qmail Software Deployment
> Apache Shares,Printers
> UNIX Accounts
>
> The questions I have are :
>
> If a user was added via a W2K admin, on a W2K machine would this go back into
> the OpenLDAP directory?
>
> Can the W2K servers be used in this situation for things like managing roaming
> profiles, assigning printers on login and managing groups or users, basically
> all the things that would usually be done with W2K.
>
> Can I somehow have the Samba server as a "backup" server so if the W2K domain
> goes down, the users can still log on via Samba??
>
> Overall, I think that all I want is for a W2K ADS domain to use OpenLDAP ato
> authenticate its users against, this way we can fully integrate it into out network with all the OS types we have.
>
> Does anyone have ny experience with this sort of set up?
>
> What do people recommend?
>
> --
> Thanks,
>
> Andrew McCall
> Internet/Linux System Administrator
> I.C.T. Division
> Oldham MBC
> Civic Centre
> West Street
> Oldham
> OL1 1UU
>
> Tel : 0161 911 3990
> Fax : 0161 911 3998
> Email : it.andrew.mccall at oldham.gov.uk
>
> **********************************************************************
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> This footnote also confirms that this email message has been swept by
> MIMEsweeper for the presence of computer viruses.
>
> www.oldham.gov.uk
> **********************************************************************
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
--
Yuri Pismerov, Sr. System Administrator,
TUCOWS.COM INC. (416) 535-0123 ext. 1352
More information about the samba
mailing list