[Samba] Citrix, Samba PDC experiences.

Prakash Velayutham prakash.velayutham at cchmc.org
Tue Mar 15 14:56:13 GMT 2005

On Mar 14, 2005, at 2:47 PM, Mark Nehemiah wrote:

> sorry about the top post.?  what exactly does that mean.   I thought I
> cc'd a copy of my reply to you to the list.  Should I not have done 
> that?
> or what did I do?
> thanks,
>     that aside,
>                 oops I forgot about idealx, silly me.  Yes, I have seen
> thier docs.  I probably will be trying to absorb info from
> those 3 sets of docs.  Any early ideas on what you had to
> change verses the docs at idealx?
> thanks again,
>                       Mark.
> On Mon, March 14, 2005 12:14 pm, Prakash Velayutham said:
>> Mark Nehemiah wrote:
>>>     Hi thanks for the quick reply.  I really just needed the fact 
>>> that
>>> it
>>> works, and people are using it ok, before I go through the openLDAP,
>>> pdc setup.  I've looked over the samba docs, and the docs at
>>> http://www.unav.es/cti/ldap-smb-howto.html and they seem pretty good.
>>> I have not set up openLDAP before, except for email addresses.  Any
>>> advice, or howto information would be appreciated.  Is there any
>>> other sources of info that you would refer to besides SAMBA docs, and
>>> the link above for openLDAP, SAMBA pdc information?
>>> Thanks,
>>>             Mark.
>>> On Mon, March 14, 2005 8:38 am, Prakash Velayutham said:
>>>> Mark Nehemiah wrote:
>>>>> Hi all,
>>>>>         I've dug through the lists and google, but haven't found 
>>>>> very
>>>>> much info on using Citrix with a samba PDC.  The small number of
>>>>> messages and information I've found, lead me to believe it will
>>>>> work.  Does anyone have any first hand knowledge they'd be
>>>>> willing to share?  I'm currently involved in rolling out Citrix
>>>>> for proprietary windows apps for remote offices.  We've always
>>>>> used samba internally, though I'm still authenticating to a real
>>>>> old NT domain.  The Citrix rollout includes needing more windows
>>>>> CAL's, so rather then A/D, I really want to use a SAMBA PDC if
>>>>> possible.
>>>>> thanks,
>>>>>         Mark
>>>> Hi,
>>>> I have a Samba-3 PDC which supports >10 Windows PCs and 2 Citrix
>>>> servers. The PCs and Citrix servers authenticate against a central 
>>>> LDAP
>>>> directory through the samba server. Citrix servers are a part of a
>>>> different NT domain (which my Samba PDC has trust relationship 
>>>> with).
>>>> But as far as I can say, this setup is working fine for me. If you 
>>>> have
>>>> any specifics, please ask.
>>>> Thanks,
>>>> Prakash
>> Please try not to top post.
>> That aside, did you take a look at idealx documents? I used most of 
>> them
>> directly, but there are somethings in that document you will need to
>> change as it does not work.
>> Prakash

Hi Mark,

Sorry for the delayed response. If you noticed, (almost) everyone in 
the list tries to reply at the end of previous reply. If you reply at 
the beginning that is top posting. Bottom posting is easier as I read 
through the previous transactions from top to bottom and continue to 
reply the last mail.
Anyway, if you are trying Samba 3, you must have already noticed that 
to ensure nss_ldap works fine, you will have to either add your 
computer accounts under people branch, or see to that your 
nss_ldap_passwd entry in /etc/ldap.conf looks at the common parent 
branch of where people accounts and computer accounts are located. This 
is one thing I stumbled on, which is obviously not in idealx docs. I 
was (probably still am) a newbie to LDAP and Samba at that time, so 
could not figure this out for almost a whole day.
Another thing is to give the "Administrator" account (belonging to 
Samba PDC's Domain Admins group) gid of 0. I cannot remember the exact 
things that did not work with idealx right now, but if you get into 
trouble, please email.

Good luck,

More information about the samba mailing list