Alexander Skwar
2003-Feb-07 09:06 UTC
[Samba] Active Directory - Which Samba version is needed?
Hi! I'd like to setup a Samba server which should do user authentication against an Active Directory. Our AD admins told me, that we do not have Window NT 4.0 Domains available. What I'm trying to accomplish, is that the users can login with the same username/password they use with the AD. Also, if the password is changed in the AD, this change should be reflected on the Samba server. It doesn't have to be the other way arround - ie. the Samba server doesn't have to be able to do password changes. The reason is, that I need a way for the Windows users to access files on NFS shares. All this is supposed to work on a HP-UX 11.00 server, but I also do have a RedHat 8.0 server available. So I'm either looking for a HP-UX solution (preferrable with the HP CIFS server) or a Linux solution. Actually, plain OS independant hints are also VERY much appreciated! Thanks a lot, Alexander Skwar -- How to quote: http://learn.to/quote (german) http://quote.6x.to (en) Homepage: http://www.iso-top.biz | Jabber: askwar@a-message.de iso-top.biz - Die g?nstige Art an Linux Distributionen zu kommen
Guenther Deschner
2003-Feb-07 10:51 UTC
[Samba] Active Directory - Which Samba version is needed?
hi alexander, On Fri, Feb 07, 2003 at 10:06:43AM +0100, Alexander Skwar wrote:> Hi! > > I'd like to setup a Samba server which should do user authentication > against an Active Directory. Our AD admins told me, that we do not have > Window NT 4.0 Domains available. > > What I'm trying to accomplish, is that the users can login with the same > username/password they use with the AD. Also, if the password is > changed in the AD, this change should be reflected on the Samba server. > It doesn't have to be the other way arround - ie. the Samba server > doesn't have to be able to do password changes.you should set up samba with winbindd to achieve this. http://de.samba.org/samba/docs/Samba-HOWTO-Collection.html#WINBIND> The reason is, that I need a way for the Windows users to access files > on NFS shares.maybe you should give us more details on this. how do you plan to restrict access to these shares? bye, guenther -- Guenther Deschner gd@suse.de SuSE Linux AG GnuPG: 8EE11688 Berliner Str. 27 phone: +49 (0) 30 / 430944778 D-13507 Berlin fax: +49 (0) 30 / 43732804 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.samba.org/archive/samba/attachments/20030207/c89da82b/attachment.bin
Errol Neal
2003-Feb-07 14:57 UTC
[Samba] Active Directory - Which Samba version is needed?
You will need samba-3.0 then. It is in alpha, so it is not recommended for production use right now. But I am using it production w/o any issues. It requires samba to be compiled against kerberos and the openldap libraries. It also requires the use of winbindd. Regards, Errol ---------- Original Message ---------------------------------- From: Alexander Skwar <askwar@email-server.info> Date: Fri, 07 Feb 2003 10:06:43 +0100>Hi! > >I'd like to setup a Samba server which should do user authentication >against an Active Directory. Our AD admins told me, that we do not have >Window NT 4.0 Domains available. > >What I'm trying to accomplish, is that the users can login with the same >username/password they use with the AD. Also, if the password is >changed in the AD, this change should be reflected on the Samba server. > It doesn't have to be the other way arround - ie. the Samba server >doesn't have to be able to do password changes. > >The reason is, that I need a way for the Windows users to access files >on NFS shares. > >All this is supposed to work on a HP-UX 11.00 server, but I also do have >a RedHat 8.0 server available. So I'm either looking for a HP-UX >solution (preferrable with the HP CIFS server) or a Linux solution. >Actually, plain OS independant hints are also VERY much appreciated! > >Thanks a lot, > >Alexander Skwar >-- >How to quote: http://learn.to/quote (german) http://quote.6x.to (en) >Homepage: http://www.iso-top.biz | Jabber: askwar@a-message.de > iso-top.biz - Die g?nstige Art an Linux Distributionen zu kommen > >-- >To unsubscribe from this list go to the following URL and read the >instructions: http://lists.samba.org/mailman/listinfo/samba > >-- >This message has been scanned for viruses and >dangerous content and is believed to be clean. > > >
Buchan Milne
2003-Feb-08 21:08 UTC
[Samba] Active Directory - Which Samba version is needed?
> Date: Fri, 7 Feb 2003 18:19:33 +0100 > From: Alexander Skwar <ASkwar@email-server.info> > To: Guenther Deschner <gd@suse.de> > Cc: samba@lists.samba.org > Subject: Re: [Samba] Active Directory - Which Samba version is needed? > Message-ID: <20030207171933.GE4406@teich.Garten.DigitalProjects.com> > In-Reply-To: <20030207105142.GB20324@mthelena.ber.suse.de> > References: <3E437723.2040607@email-server.info> > <20030207105142.GB20324@mthelena.ber.suse.de> > Content-Type: text/plain; charset=iso-8859-1 > MIME-Version: 1.0 > Content-Transfer-Encoding: quoted-printable > Precedence: list > Message: 16 > > So sprach Guenther Deschner am 2003-02-07 um 11:51:42 +0100 : > >>> you should set up samba with winbindd to achieve this. >>> http://de.samba.org/samba/docs/Samba-HOWTO-Collection.html#WINBIND > > > Hmm, what's the command I need to type to join the Active Directory? > Would it be: > > smbpasswd -j europe.delphiauto.net -U AdministratorAFAIK, for AD you need to do 'net ads join' after getting a kerberos ticket, but not having tried this I am not sure ...> > "europe.delphiauto.net" is the tree of the AD that this server needs to > be a member of - I suppose. Or rather, all the users that will login to > the server are in this AD tree. So I suppose the server should also be > in this AD tree. > > >>> maybe you should give us more details on this. how do you plan to restrict >>> access to these shares? > > > Good question! > > Well, we're migrating away from a Unix based network to a Windows > network (no, I don't particulary like it, but I can't do anything about > it...). > > In Unix, we restricted access based on the machines. Since all the > machines had static IPs, that wasn't a problem. We haven't yet decided > how to restrict access in the Windows setup. We're thinking about > implementing user based restrictions. But that has yet to be decided... >Alexander, I know you run some mandrake boxen, if one of these machines is running Mandrake, try the samba3 RPMs (ie from cooker contrib), which will (mostly, I have a conflict in the cooker set atm I think) install parallel to samba-2.2.x. Get binaries for 9.0 here: http://ranger.dnsalias.com/mandrake/mandrake9.0/samba-3.0alpha21/ (sorry, no hdlists atm) The should be compiled with all the right bits for AD, you should probably only need -common, -server and -winbind, but why not test them all for me? Regards, Buchan -- |--------------Another happy Mandrake Club member--------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
Possibly Parallel Threads
- What to do for ACL support?
- How to join a linux machine to a "pure" Active DirectoryDomain using Samba 3.0alpha21?
- PDC login problem solved
- How to join a linux machine to a "pure" Active Directory Domain using Samba 3.0alpha21?
- Problem with samba 2.2.4 and Mandrake 8.2