[Samba] Fileserver integrated into windows domain, plus linux clients needed?

Fri Nov 16 03:43:14 GMT 2007

Doug,

Is the sarcasm and condescension really necessary?  I mean, point him in the direction of the docs by all means (which you did, great) with perhaps an RTFM for good measure but i'm not sure that i'd describe fully integrating Linux logins with AD (which is what i think Ben is trying to do) as "fill in a few details".  As someone who comes from a Windows background, the first foray into Linux is intimidating at best.  This kind of "how dare you ask such an elementary question" response doesn't help anyone.

Ben,

Your questions are kind of general.  The doco for the most part is a pretty good guide, the samba.org web-site has links to pretty much everything you need.  If you have more specific questions, you will (hopefully) get more useful answers.

m.

-----Original Message-----
From: samba-bounces+lists=rmt.com.au at lists.samba.org [mailto:samba-bounces+lists=rmt.com.au at lists.samba.org] On Behalf Of Doug VanLeuven
Sent: Friday, 16 November 2007 5:25 AM
To: Ben Ladd
Cc: samba at lists.samba.org
Subject: Re: [Samba] Fileserver integrated into windows domain, plus linux clients needed?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ben Ladd wrote:
> Update:
>  
> Each time we set up a new user on the system, passwords need changing on the AD and the samba server. Is there a way to set permissions for the samba from the AD so that we do not need to go through this rigmarole? (most problematic at the start of a new school year).
>  
rig·ma·role (rĭg'mə-rōl') pronunciation also rig·a·ma·role (-ə-mə-rōl')
n.
   1. Confused, rambling, or incoherent discourse; nonsense.
   2. A complicated, petty set of procedures.

Most of us here on this list don't consider this an accurate perspective
of the documentation.
http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/
or the following ubuntu link are pretty well thought out and elucidated.

>> I completed this part of my task - http://ubuntuforums.org/showthread.php?t=280702. It works perfectly for me. I am amazed that I did not find it earlier.
>  
> My aim is to also have some linux (probably k/ubuntu) boxes that authenticate on the network using standard AD credentials. I have tried in vain to find a way to introduce a single point of authentication, I have looked at kerberos, winbind and LDAP. I consider myself a good network technician, but the introduction of linux into a domain has thrown me. Is there a an easy way to integrate a linux fileserver with a windows controlled domain with both linux and windows clients?
>  
Depends on what you mean by easy.  A lot of intelligent, committed
individuals have done all the hard work of overcoming the barriers
erected by Microsoft to true interoperability.  All you have to do is
fill in a few details nowadays.  I think a word that describes this
process might be tedious.  Do you define tedious as hard?

>> I am probably going to go with a kerberos and winbind mechanism to get this working. Hold out guys - Anything is possible!
>  
Follow one of the procedures, get to a point you can say this works,
this doesn't, here is the configuration, any suggestions.  There was a
change in the implementation for winbind backends relatively recently
and the documentation (and swat) is behind on this.  Idmap_ad,
idmap_ldap, idmap_nss, idmap_rid, and idmap_tdb.  See:
http://us3.samba.org/samba/docs/man/manpages-3/
You'll need to investigate how you want to map windows users and groups
to unix users and groups and pick one technique.  Look to password sync
options to resolve your other issue.

Regards, Doug
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFHPKsmFqWysr/jOHMRAmXwAJ0STtXNyq7J1m+yzweKzJwCbslt3ACfToEm
yKqkYYwVSFeOMeuBGwj07xk=
=lg9m
-----END PGP SIGNATURE-----
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba