[Samba] Integrating W2k3 Terminal Services w/Samba

Jonathan Johnson jon at sutinen.com
Tue May 30 16:19:17 GMT 2006 

I can't remember if I've done this or not, but here's how I would
proceed:

1. Create a Samba domain group called "Terminal Services Users"
2. Assign users who need TS access to that group
3. Assign that group to the local "Remote Desktop Users" group on the
terminal server

One "gotcha" is that Microsoft requires a SEPARATE Windows 2003 server
to act as a license server to TS (it can be any Win 2003 server you have
kicking around; the load is light). However, Active Directory is not
required, neither are domain logons for that matter. TS works just fine
with locally-defined users. We have a couple of installations where the
license server is installed in a virtual machine on a Linux server to
avoid purchasing extra hardware.

Another "gotcha" is in the licensing. The sales lackeys will attempt to
sell you per-device (or maybe it's per-server) licensing, because that
makes them and Microsoft richer. For greater flexibility, you might want
to go to the "per-user" licensing model. The difference is that
per-device will lock out a license for up to 6 months -- that license
can only be used for a connection from the specific device that first
gained the license (if the device does not connect for 6 months, then
the license is released). In the per-user model, the licenses are
transient and are per *connected* user; if you have 5 per-user licenses,
then any 5 people can be connected simultaneously. Per-device licensing
is beneficial when you have a large number of users connecting from a
limited number of devices; per-user is beneficial when you have a
limited number of people connecting from a large number of devices. (In
case you haven't got the hint, I'm telling you to specifically ASK for
PER-USER licenses. I believe -- and I could be wrong -- that per-user
can be converted to per-device, but not the other way around.)

-Jon Johnson
Sutinen Consulting, Inc.
www.sutinen.com


Collins, Kevin wrote:
> I've got a Samba (3.0.14a) controlled domain that contains 1 Windows
> 2003 Server as a member server.  I've been thinking about using
Terminal
> Services from that machine to allow roaming users (ie, those outside
of
> the office) to connect to our network and get work done.
> 
> My only concern at this point how to deal with the lack of an Active
> Directory and still allow Terminal Services to function.  I've done
some
> searching and even ran across a post that said at least one person had
> it working.  I'm not concerned about roaming profiles, I just want the
> connectivity.
> 
> No, I haven't tried to make any og this happen, I'm just asking if
> someone out there already has it working.  And if so, how much of a
> headache it was to get working.
> 
> Thanks in advance.
> 
> --
> Kevin L. Collins, MCSE
> Systems Manager
> Nesbitt Engineering, Inc.
> 
> Please note my new email address: kcollins at nei-ky.com

More information about the samba mailing list