[Samba] Fileserver integrated into windows domain, plus linux clients needed?

Doug VanLeuven roamdad at sonic.net
Fri Nov 16 07:34:05 GMT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mike Cleghorn wrote:
> Doug,
> 
> Is the sarcasm and condescension really necessary?

I thought the original author was trolling and I bit.  Rereading I see
he was referring to password changing as rigmarol not configuring samba.
 So OK, it would seem sarcastic.
For the public record, I owe you an apology Ben, my bad.
But I won't cop to the condescension.  I was being straightforward.

Regards, Doug

>  I mean, point him in the direction of the docs by all means (which you did, great) with perhaps an RTFM for good measure but i'm not sure that i'd describe fully integrating Linux logins with AD (which is what i think Ben is trying to do) as "fill in a few details".  As someone who comes from a Windows background, the first foray into Linux is intimidating at best.  This kind of "how dare you ask such an elementary question" response doesn't help anyone.
> 
> Ben,
> 
> Your questions are kind of general.  The doco for the most part is a pretty good guide, the samba.org web-site has links to pretty much everything you need.  If you have more specific questions, you will (hopefully) get more useful answers.
> 
> Ben Ladd wrote:
>> Update:
> 
>> Each time we set up a new user on the system, passwords need changing on the AD and the samba server. Is there a way to set permissions for the samba from the AD so that we do not need to go through this rigmarole? (most problematic at the start of a new school year).
> 
> rig·ma·role (r-g'mY-rMl') pronunciation also rig·a·ma·role (-Y-mY-rMl')
> n.
>    1. Confused, rambling, or incoherent discourse; nonsense.
>    2. A complicated, petty set of procedures.
> 
> Most of us here on this list don't consider this an accurate perspective
> of the documentation.
> http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/
> or the following ubuntu link are pretty well thought out and elucidated.
> 
>>> I completed this part of my task - http://ubuntuforums.org/showthread.php?t=280702. It works perfectly for me. I am amazed that I did not find it earlier.
> 
>> My aim is to also have some linux (probably k/ubuntu) boxes that authenticate on the network using standard AD credentials. I have tried in vain to find a way to introduce a single point of authentication, I have looked at kerberos, winbind and LDAP. I consider myself a good network technician, but the introduction of linux into a domain has thrown me. Is there a an easy way to integrate a linux fileserver with a windows controlled domain with both linux and windows clients?
> 
> Depends on what you mean by easy.  A lot of intelligent, committed
> individuals have done all the hard work of overcoming the barriers
> erected by Microsoft to true interoperability.  All you have to do is
> fill in a few details nowadays.  I think a word that describes this
> process might be tedious.  Do you define tedious as hard?
> 
>>> I am probably going to go with a kerberos and winbind mechanism to get this working. Hold out guys - Anything is possible!
> 
> Follow one of the procedures, get to a point you can say this works,
> this doesn't, here is the configuration, any suggestions.  There was a
> change in the implementation for winbind backends relatively recently
> and the documentation (and swat) is behind on this.  Idmap_ad,
> idmap_ldap, idmap_nss, idmap_rid, and idmap_tdb.  See:
> http://us3.samba.org/samba/docs/man/manpages-3/
> You'll need to investigate how you want to map windows users and groups
> to unix users and groups and pick one technique.  Look to password sync
> options to resolve your other issue.
> 
> Regards, Doug
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFHPUftFqWysr/jOHMRAqlbAJ9uMfflkG2BMEcknM9HnhJuGXtaigCgqOUi
hzduwfDP9bI/F6RXnvUAAAA=
=CkBX
-----END PGP SIGNATURE-----


More information about the samba mailing list