[Samba] Re: Remote Citrix Auth Pass-Through ...

C.Lee Taylor leet at leenx.co.za
Mon Jan 26 09:51:08 GMT 2004 

Greetings ...

    Thanks again for your responce ... it currently feels like I am 
banding my head against a M$ Wall ...

>>    Now if we use winbind, we can't setup the Linux servers as PDC. 
>>    
>>
>
>This is incorrect.  Winbind runs perfectly fine against Samba 3.0.
>  
>
    No, what I mean, if you enable "domain logons = yes", getent passwd 
does not return any users from the AD system, which means I can't have a 
remote Samba Server acting as PDC to host the netlogon service ...

>> 
>>That is a limitation of winbind, and with out the Samba servers running 
>>as PDC's I can't get the local workstations as the remote sites to 
>>process login scripts.
>>    
>>
>
>Logon scripts for their own domain, or logon scripts for trusted
>domains?
>  
>
    For the domain that is locale to the user ... Which would be a Samba 
server at a remote site ...

>>    I could give up on the idea of remote sites local workstations 
>>automaticly processing login scripts, because that is the only real 
>>thing I am looking for.  I could manually add login scripts to all the 
>>workstations, or I could work out something with trusts.
>>
>>    I have been trying setuping up a trust both ways between AD and 
>>Samba, but TS will not let any of my users login from Samba.
>>    
>>
>
>How about you sort out your terminal-services issues first.  I think you
>might be being bitten by generic Samba/TS interactions, and are just
>making your life more difficult by looking for the most complex
>solution.
>  
>
    I am not sure that is the problem, for a test, I have been able to 
Join a Win2K3 TS system to my lovely Samba domain and everything works 
fine.  No problem there.

>In a Samba domain, win2k TS clients need Samba 3.0.1 to store the right
>extra information.  But it sounds like you don't want to run a Samba
>PDC, except for the fact that it would allow you to serve up a logon
>script.  Can't AD do that as well, if not better?
>  
>
    My real problem is a few $h!ty application which I have no control 
over.  iScala, a finance system which uses M$SQL2K, tied very closley 
into AD. And then Citrix or maybe TS ...

    I am currently tring to create a trust between Samba and AD domain 
so that users in my Samba domain have access to AD resources, which 
currently means access to iScala.  But I am still going to have to fine 
a way to get my remote Samba users to access Citrix via 
Pass-Through-Auth, but from what have seen, I might not have may options 
left.

Thanks
Mailed
Lee

More information about the samba mailing list