[Samba] Re: Remote Citrix Auth Pass-Through ...

Andrew Bartlett abartlet at samba.org
Sat Jan 24 21:39:02 GMT 2004


On Sun, 2004-01-25 at 00:44, C.Lee Taylor wrote:
> Greetings ...
> 
>     Thanks for you reply Andrew, I think I will try and explain again 
> what I am trying to do, maybe I am just going at this the wrong way ...
> 
> >I'm not sure what you mean here.
> >  
> >
> 
>     We have two applications which will be distributed by Citrix.  I 
> would like to have one username and password for all the services ... 
> Single-Sign-On. Windows2003 has been chosen for our AD.  We have a few 
> remote sites with Linux file/print servers.
> 
>     Now if we use winbind, we can't setup the Linux servers as PDC. 

This is incorrect.  Winbind runs perfectly fine against Samba 3.0.

>  
> That is a limitation of winbind, and with out the Samba servers running 
> as PDC's I can't get the local workstations as the remote sites to 
> process login scripts.

Logon scripts for their own domain, or logon scripts for trusted
domains?

>     I could give up on the idea of remote sites local workstations 
> automaticly processing login scripts, because that is the only real 
> thing I am looking for.  I could manually add login scripts to all the 
> workstations, or I could work out something with trusts.
> 
>     I have been trying setuping up a trust both ways between AD and 
> Samba, but TS will not let any of my users login from Samba.

How about you sort out your terminal-services issues first.  I think you
might be being bitten by generic Samba/TS interactions, and are just
making your life more difficult by looking for the most complex
solution.

In a Samba domain, win2k TS clients need Samba 3.0.1 to store the right
extra information.  But it sounds like you don't want to run a Samba
PDC, except for the fact that it would allow you to serve up a logon
script.  Can't AD do that as well, if not better?

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040125/2958039e/attachment.bin


More information about the samba mailing list