[Samba] Integrating a Linux desktop into a Windows Domain environment

Andrew Bartlett abartlet at samba.org
Sat Nov 8 22:50:50 GMT 2003 

On Sat, 2003-11-08 at 02:26, Buchan Milne wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> > Message: 35
> > Date: Wed, 5 Nov 2003 15:33:27 -0600 (CST)
> > From: "Distribution Lists" <dist-lists at e-securenetworks.net>
> > Subject: [Samba] Integrating a Linux desktop into a Windows Domain
> > 	environment
> > To: samba at lists.samba.org
> > Message-ID:
> > 	<28624.205.182.74.254.1068068007.squirrel at www.e-securenetworks.net.com>
> > 	
> > Content-Type: text/plain;charset=iso-8859-1
> >
> > Can someone give me some pointers to documentation, concepts on how to
> > integrate Linux desktop into a Windows domain environment to access shared
> > drives / printers. I wonder what other peoples experiences were as well.
> >
> > If possible I want to setup Linux/Samba in such to replicate what an
> > Windows workstation does, authenticate with a domain controller then be
> > able to seamlessly access shares.
> 
> You may want to take a look at this paper I presented a while ago, on
> integrating Mandrake 9.0 into a Windows domain (only the basics of
> winbind setup).
> 
> http://ranger.dnsalias.com/mandrake/samba/Integrating%20Linux%20into%20Windows%20Networks.pdf
> 
> Mandrake supports winbind authentication during installation since 9.0,
> and since 9.2 you can configure it after installation using 'drakauth'.
> This doesn't currently support AD, however it should in the next release
> when we have samba3 in main (in contrib for 9.2).

The big thing we need to do (and it really isn't that much work) is to
make the kerberos stuff happen by default, in all of Samba's components.

Currently, pam_winbind does not get a kerberos ticket for the user, even
if they are in AD, and smbclient/libsmbclient/smbprint etc do not use
kerberos, even if the user has a ticket.  (you need to say '-k' on the
command line).  Even if you have a ticket, you need to tell it a bogus
password, otherwise it prompts you anyway...

These are all fixable, and I've written it up in bugs 742 and 743.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20031109/d4019fcc/attachment.bin

More information about the samba mailing list