[Samba] Authentication Problem...

Yura Pismerov ypismerov at tucows.com
Wed Sep 11 14:38:01 GMT 2002

It looks Samba PDC with LDAP backend is your best option.
This obviously implies that your Windows folks will have to say good-bye
to ADS...

Andrew McCall wrote:
> Hi All,
> I am sure that you have all read this email a thousand times before, but I am
> having problems getting the information together and checking that what I think I can do, can be done :)
> At the moment, we currently have 3 or 4 sources of authentication. We have Novell thats used or all users, OpenLDAP thats used for all mail accounts and
> some NT accounts that are used for things like Citrix users in addition to standalone accounts on many Solaris and Linux boxes....
> We now have to unify the logon process so that the same username and passwords
> are used no matter what system you are using.
> At the moment, the Windows-boys :) are all for moving to Windows 2000 and using ADS, but I am a little unsure about that due to the way the non-windows
> systems will intergrate into this setup, the stability of ADS and the
> potential MS-creep that this will force on the network.
> I know that I could do pretty much what I want to do just via Samba, however
> due to the way the company works, this isn't really an option, and I must somehow integrate it to a Windows network.
> Basically, what I want to do is have all the usernames and passwords stored in
> an OpenLDAP server, Samba pulls the users from the OpenLDAP and offers them to the W2K ADS domain.
> Everything else can be done as per normal with W2K ADS and all its management
> tools.
> This is the sort of situation I am trying to get : (Hope the tabs work out)
> OpenLDAP                ->Samba         ->Windows 2K with ADS
> |                               |                               |
> |                               Major Static Shares     Groups, Roaming Profiles
> qmail                                                           Software Deployment
> Apache                                                  Shares,Printers
> UNIX Accounts
> The questions I have are :
> If a user was added via a W2K admin, on a W2K machine would this go back into
> the OpenLDAP directory?
> Can the W2K servers be used in this situation for things like managing roaming
> profiles, assigning printers on login and managing groups or users, basically
> all the things that would usually be done with W2K.
> Can I somehow have the Samba server as a "backup" server so if the W2K domain
> goes down, the users can still log on via Samba??
> Overall, I think that all I want is for a W2K ADS domain to use OpenLDAP ato
> authenticate its users against, this way we can fully integrate it into out network with all the OS types we have.
> Does anyone have ny experience with this sort of set up?
> What do people recommend?
> --
> Thanks,
> Andrew McCall
> Internet/Linux System Administrator
> I.C.T. Division
> Oldham MBC
> Civic Centre
> West Street
> Oldham
> OL1 1UU
> Tel : 0161 911 3990
> Fax : 0161 911 3998
> Email : it.andrew.mccall at oldham.gov.uk
> **********************************************************************
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
> This footnote also confirms that this email message has been swept by
> MIMEsweeper for the presence of computer viruses.
> www.oldham.gov.uk
> **********************************************************************
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba


Yuri Pismerov, Sr. System Administrator, 
TUCOWS.COM INC.	(416) 535-0123  ext. 1352

More information about the samba mailing list