Re: [Samba] Fileserver integrated into windows domain, plus linux clients needed‏

Doug VanLeuven roamdad at sonic.net
Thu Nov 15 20:25:10 GMT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ben Ladd wrote:
> Update:
>  
> Each time we set up a new user on the system, passwords need changing on the AD and the samba server. Is there a way to set permissions for the samba from the AD so that we do not need to go through this rigmarole? (most problematic at the start of a new school year).
>  
rig·ma·role (rĭg'mə-rōl') pronunciation also rig·a·ma·role (-ə-mə-rōl')
n.
   1. Confused, rambling, or incoherent discourse; nonsense.
   2. A complicated, petty set of procedures.

Most of us here on this list don't consider this an accurate perspective
of the documentation.
http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/
or the following ubuntu link are pretty well thought out and elucidated.

>> I completed this part of my task - http://ubuntuforums.org/showthread.php?t=280702. It works perfectly for me. I am amazed that I did not find it earlier.
>  
> My aim is to also have some linux (probably k/ubuntu) boxes that authenticate on the network using standard AD credentials. I have tried in vain to find a way to introduce a single point of authentication, I have looked at kerberos, winbind and LDAP. I consider myself a good network technician, but the introduction of linux into a domain has thrown me. Is there a an easy way to integrate a linux fileserver with a windows controlled domain with both linux and windows clients?
>  
Depends on what you mean by easy.  A lot of intelligent, committed
individuals have done all the hard work of overcoming the barriers
erected by Microsoft to true interoperability.  All you have to do is
fill in a few details nowadays.  I think a word that describes this
process might be tedious.  Do you define tedious as hard?

>> I am probably going to go with a kerberos and winbind mechanism to get this working. Hold out guys - Anything is possible!
>  
Follow one of the procedures, get to a point you can say this works,
this doesn't, here is the configuration, any suggestions.  There was a
change in the implementation for winbind backends relatively recently
and the documentation (and swat) is behind on this.  Idmap_ad,
idmap_ldap, idmap_nss, idmap_rid, and idmap_tdb.  See:
http://us3.samba.org/samba/docs/man/manpages-3/
You'll need to investigate how you want to map windows users and groups
to unix users and groups and pick one technique.  Look to password sync
options to resolve your other issue.

Regards, Doug
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFHPKsmFqWysr/jOHMRAmXwAJ0STtXNyq7J1m+yzweKzJwCbslt3ACfToEm
yKqkYYwVSFeOMeuBGwj07xk=
=lg9m
-----END PGP SIGNATURE-----


More information about the samba mailing list