VR-Bug Support
2003-Oct-24 10:41 UTC
[Samba] Advice needed for Samba 3 setup for multiple Linux boxes in established Win2k AD domain...
Hi all, I have the lucky task of being able to set-up a DEV environment for our developers. We plan on using redhat 9 with Samba 3 and making each server an AD domain member of an established Win2K domain. The advice I would like is the best way to implement this, I'd like to hopefully leave the Win2K domain admins power to create users on the Win2K domain, and automatically add users to the Linux Samba servers, if it's possible. All thoughts appreciated. Regards, Luke. ______________________________________________________________________ Any views or opinions expressed in this e-mail are solely those of the author and do not necessarily represent those of ENDEMOL UK plc unless specifically stated. This email and the information it contains are confidential and intended solely for the use of the individual or entity to which it is addressed. If you have received this email in error please notify us immediately and delete the copy you have received from your system. You should not copy it for any purpose, re-transmit it, use it or disclose its contents to any other person. If you suspect the message may have been intercepted or amended please call the sender.
John H Terpstra
2003-Oct-24 14:54 UTC
[Samba] Advice needed for Samba 3 setup for multiple Linux boxes in established Win2k AD domain...
On Fri, 24 Oct 2003, VR-Bug Support wrote:> > Hi all, > > I have the lucky task of being able to set-up a DEV environment for our > developers. We plan on using redhat 9 with Samba 3 and making each > server an AD domain member of an established Win2K domain. > > The advice I would like is the best way to implement this, I'd like to > hopefully leave the Win2K domain admins power to create users on the > Win2K domain, and automatically add users to the Linux Samba servers, if > it's possible.Samba does not do account synchronisation with UNIX. That would be a bad solution from an administrative perspective. Samba allows you to use NT4 domain, or Active Directory, accounts without requiring local /etc/passwd entries. Winbind is the tool that handles that. - John T. -- John H Terpstra Email: jht@samba.org
VR-Bug Support
2003-Oct-24 16:16 UTC
[Samba] Advice needed for Samba 3 setup for multiple Linux boxes in established Win2k AD domain...
Thanks John, It was my understanding that Samba would not synchronize with Unix accounts, and as such presumed that winbind was the way to go, but on setting up a server using Samba 3.0.0-2 from either source or RPM I found that, whilst I could successfully add the server to the AD and groupmap an AD group to a local UNIX group, when I accessed the share from a win2k client logged in as a user within the mapped AD group I did not have access rights to the share. I have probably missed something in your HOW-TO which would enable me to access the share, any pointers would be helpful. Regards, Luke. -----Original Message----- From: John H Terpstra [mailto:jht@samba.org] Sent: 24 October 2003 15:55 To: VR-Bug Support Cc: samba@lists.samba.org Subject: Re: [Samba] Advice needed for Samba 3 setup for multiple Linux boxes in established Win2k AD domain... On Fri, 24 Oct 2003, VR-Bug Support wrote:> > Hi all, > > I have the lucky task of being able to set-up a DEV environment for our > developers. We plan on using redhat 9 with Samba 3 and making each > server an AD domain member of an established Win2K domain. > > The advice I would like is the best way to implement this, I'd like to > hopefully leave the Win2K domain admins power to create users on the > Win2K domain, and automatically add users to the Linux Samba servers, if > it's possible.Samba does not do account synchronisation with UNIX. That would be a bad solution from an administrative perspective. Samba allows you to use NT4 domain, or Active Directory, accounts without requiring local /etc/passwd entries. Winbind is the tool that handles that. - John T. -- John H Terpstra Email: jht@samba.org _____________________________________________________________________ This e-mail and all attachments have been scanned by the HighSpeed Office virus scanning service powered by MessageLabs and no known viruses were detected. ______________________________________________________________________ Any views or opinions expressed in this e-mail are solely those of the author and do not necessarily represent those of ENDEMOL UK plc unless specifically stated. This email and the information it contains are confidential and intended solely for the use of the individual or entity to which it is addressed. If you have received this email in error please notify us immediately and delete the copy you have received from your system. You should not copy it for any purpose, re-transmit it, use it or disclose its contents to any other person. If you suspect the message may have been intercepted or amended please call the sender.