2snows@mailandnews.com
2002-Jun-01 09:40 UTC
[Samba] Use windbind to keep same passwords between NT4 DOM and linux email?
Hello-- I'm working my way through setting up an email server for faculty and staff use at the school my wife teaches at, and while not a Linux whiz, am making good progress so far. The school has a NT 4 server which is used for domain authentication, and I am trying to grapple with whether I can achieve the "holly grail" of synchronized passwords between the email server on Linux and the NT server. Looking at using winbind it appears that there are two potential issues: 1. The usernames from Linux perspective will be DOM+USERNAME. I could get around half the problem this presents with email aliases, but users will have to learn to log in using this format. 2. Home directories. This is something that I was not quite clear on from the docs. They say: ================================template homedir When filling out the user information for a Windows NT user, the winbindd daemon uses this parameter to fill in the home directory for that user. If the string %D is present it is substituted with the user's Windows NT domain name. If the string %U is present it is substituted with the user's Windows NT user name.Default: template homedir = /home/%D/%U template shell When filling out the user information for a Windows NT user, the winbindd daemon uses this parameter to fill in the shell for that user.Default: template shell = /bin/false ================================ Is an actual home directory built for the user (in which I could store email), or is it just an shell that is created on a temporary basis? Those are the issues I can see from here; maybe the list will see more. I'm planning on using qmail + courier-imap + squirrelmail and have a test setup working of these on another machine. Thanks for your insight and expertise, Sam
Buchan Milne
2002-Jun-03 06:01 UTC
[Samba] Use windbind to keep same passwords between NT4 DOM and linux email?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sorry if you already got a reply, I'm in digest ... | Message: 2 | From: <2snows@mailandnews.com> | To: <samba@lists.samba.org> | Date: Sat, 1 Jun 2002 10:32:25 -0600 | Subject: [Samba] Use windbind to keep same passwords between NT4 DOM and linux email? | | Hello-- | | I'm working my way through setting up an email server for faculty and staff | use at the school my wife teaches at, and while not a Linux whiz, am making | good progress so far. The school has a NT 4 server which is used for domain | authentication, and I am trying to grapple with whether I can achieve the | "holly grail" of synchronized passwords between the email server on Linux | and the NT server. | | Looking at using winbind it appears that there are two potential issues: | 1. The usernames from Linux perspective will be DOM+USERNAME. I could get | around half the problem this presents with email aliases, but users will | have to learn to log in using this format. Samba-2.2.4 allows the use of the "default domain" parameter (I think that's what it's called) for winbind, so you would only need username instead of DOM+username. | | 2. Home directories. This is something that I was not quite clear on from | the docs. They say: | | ================================| template homedir | When filling out the user information for a Windows NT user, the winbindd | daemon uses this parameter to fill in the home directory for that user. If | the string %D is present it is substituted with the user's Windows NT | domain name. If the string %U is present it is substituted with the user's | Windows NT user name.Default: template homedir = /home/%D/%U | | template shell | When filling out the user information for a Windows NT user, the winbindd | daemon uses this parameter to fill in the shell for that user.Default: | template shell = /bin/false | ================================| | Is an actual home directory built for the user (in which I could store | email), or is it just an shell that is created on a temporary basis? Winbind does not make homedirs for you, this just tells it what to set the home directory as (as you would see it in the passwd file, for example). However, you can have pam_mkhomedir do this for you, just remember to make the parent directories (pam_mkhomedir only makes one directory, ie effectively does not use -p with mkdir). | | Those are the issues I can see from here; maybe the list will see more. I'm | planning on using qmail + courier-imap + squirrelmail and have a test setup | working of these on another machine. | IMHO, Mandrake 8.2 + samba-2.2.4 RPMs for Mandrake 8.2 on samba's ftp mirrors would be the easiest, since it sets up everything you need to get this working, except your entries in smb.conf. Otherwise, there are some examples (including pam files) at http://mandrakeuser.org/connect/csamba5.html#winbind (although they now make it look more difficult than it is on mandrake 8.2 ... ). - -- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE8+2eMrJK6UGDSBKcRAtimAJwO2HwIx5oC5cpCu7VCeRNr/C88UwCgl31K mx3tK/OXOccLLuQ/sUwllIo=fagW -----END PGP SIGNATURE-----