[Samba] Samba as Active Directory replacement - is it possible?
Tomasz Chmielewski
mangoo at interia.pl
Wed Sep 22 07:32:06 GMT 2004
Andrew Bartlett wrote:
> On Tue, 2004-09-21 at 20:49, Tomasz Chmielewski wrote:
>>Where can I find any HOWTOS/documents on this? I spent an hour googling
>>but found nothing promising so far.
>
>
> It all very much depends on what you want to do with it. Samba 3.0 is
> an NT4 level domain controller, as far as windows clients see it, but is
> fully backed by whatever directory server you attach it to.
OK, so at the bottom I describe more or less what I want.
> So, if you just want to move to a directory based system, with the
> benefits of directory management, then the standard Samba 3.0 will do
> what you want.
>
> If you would like to add kerberos, then it is possible with snapshots of
I don't think kerberos is needed in my case.
> The other area of ongoing work is in Samba4, were we have demonstrated
> an 'Active Directory' join of WinXP SP2 to Samba4. This is an ongoing
> area of research, but also an area that is moving surprisingly fast.
> More assistance (programming wise) is always appreciated :-)
This is what I actually want from this AD replacement:
- it has to store users, groups and passwords
- it has to store "computer accounts"
- it has to store "policies" - for users, computers
So by example:
Clients are purely Windows machines. Now with Active Directory the below
can be achieved:
1) PC1 (client) is booted.
2) it connects to the server, reads its "computer account" and "policy":
- what settings should it have, what programs installed - and if a
program is missing, it should be automatically installed/deinstalled
(according to the policy)
3) login box appears - user logs in
- he/she is authenticated against the server, and his/her settings are
applied
Well, I'm certain that I can store passwords, users, groups, either with
Samba or Samba + OpenLDAP, but what I'm afraid of, is how can I set
different "policies" for users and computers with Samba/OpenLDAP.
Any help if it's possible is appreciated.
Tomek
----------------------------------------------------------------------
Bar w Internecie wciaz bez cenzury! >>> http://link.interia.pl/f1835
More information about the samba
mailing list