[Samba] authentication against win 2003

[Jay Ted]

I'm probably the umpteenth million person to ask questions about this...  
  
I'm trying to set up a linux box that would authenticate users against win2003.  Here's what I need help on, in a somewhat unorganized fashion....  
  
1) There will be about 4000 accounts, only about 20 of them will need shells.  Will I have to create entries in /etc/passwd for all of these users? Is there a way to only auth users against windows if they are in a certain  
group?- that way root and others will auth against /etc/passwd.  Ideally I would like to avoid having to add these users to the linux server, if they are a valid domain user that's good enough for me. Or do I need to rack my  
brain on pam configs?  
  
2) The server will be accessed with ssh by these 20 or so users.   So I guess pam.d/sshd would need to be set to allow fall through to winbindd or something....  
  
3) I have already set up MIT kerberos5/samba/winbindd/openldap.  Just need to work on the configs. Already did the kinit and ads jois bit, worked fine.  
  
4) I don't intend on having the linux box share anything, it won't need to be accessed by any other windows clients besides itself.  It shouldn't authenticate anything except for passwords for users on one of our domains  
trying to access ssh and email on the linux box.   
  
5) Passwords- Will a user be able to change their windows password with passwd?  Maybe have to write some sort of wrapper for passwd that keeps users from changing their unix passwd......I mean, they shouldn't  
have to if they are only being able to authenticate against windows...ugh.  
  
I hope this doesn't sound too confusing!  
  
Thanks in advance for any help!!!!!  
  
--  
Jay  
-- 
______________________________________________
Check out the latest SMS services @ http://www.linuxmail.org 
This allows you to send and receive SMS through your mailbox.


Powered by Outblaze