Hi all, I'm currently battling with my Corp. IS group over NT domain administration. I admin a mostly Unix environment with a lot of WinXX clients. The authentication server is owned by "Corporate" (you know, that nameless, faceless entity that always makes do stupid things because "That's the policy" :) and I have no control over it. What I'd like to do is slowly sneak away from them by implementing a Samba PDC and creating my own domain here. My question is, is it easier to set up a real WinNT server to be the PDC and have accounts on it, and have Samba authenticate against that, or, would it be easier to begin creating Unix accounts for everyone and just have Samba authenticate against NIS. Obviously my preference is the later :) My concerns however, are password changing/aging, etc. and the use of user profiles. I have John's book, but that was written around 1.9.18 and doesn't include the PDC stuff in 2.0.x. I haven't downloaded the 2.0.x stuff yet. Are the docs that come with it sufficient to get me where I need/want to go today :) Or should I wait for the O'Reilly book due out rsn. Any opinions, ideas, pointers to docs, etc. are quite welcome :) Thanks, -- Seeya, Paul ---- plussier@baynetworks.com Broadband Technology Division - Bay Networks (now a Nortel Company, Eh? :) If you're not having fun, you're not doing it right!
Paul L. Lussier wrote:> > What I'd like to do is slowly sneak away from them by > implementing a Samba PDC and creating my own domain here.Just a standard disclaimer. The PDC support is not official yet. Be warned and be careful.> My question is, is it easier to set up a real WinNT server to > be the PDC and have accounts on it, and have Samba authenticate > against that, or, would it be easier to begin creating > Unix accounts for everyone and just have Samba authenticate > against NIS. Obviously my preference is the later :)You have to use encrypted paswords for the PDC support.> My concerns however, are password changing/aging, etc. and > the use of user profiles. I have John's book, but that > was written around 1.9.18 and doesn't include the PDC stuff > in 2.0.x.My advice is to read the NT Domain FAQ linked off the Samba web site under documentation and to join the samba-ntdom mailing list (see http://samba.org/listproc for instructions on this).> I haven't downloaded the 2.0.x stuff yet. Are the docs > that come with it sufficient to get me where I need/want to > go today :) Or should I wait for the O'Reilly book due > out rsn.Three books due out soon (late April i think for all). * O'Reilly book * New Riders book * Sams Teach Yourself Samba in 24 Hours Can't speak to the content of the first two, but since I wrote a lot of the material for the last book, I can make references about it. Two chapters in particular you may be interested in. * One is specifically on the **experimental** PDC support * The other is how to replace an existing NT file and print server (including usergs and group access lists) using Samba 2's security = domain option. Hope this helps, jerry SAMBA team ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 )
Paul, I run a number of samba 2.0.2 PDCs on Solaris 2.5.x SPARC hosts. While samba-2.0.2 is not advertised as having PDC support it works fine for me. In one site, I provide all of the following services from my samba-2.0.2 PDC to about 15 NT workstations and 100 users spread across three physical subnets: - WINS - domain logins - home directories - roaming profiles - synchronized NIS and SMB passwords - lots of applications including: - SDRC I-DEAS - Hummingbird eXceed - StarNet X-Win32 - Microsoft Visual C++ - Microsoft Office - Wordperfect Suite 8 - ssh - PC-Pine - Cygnus GNU development environment This all works very well and is wonderfully stable. I did, however, run into a problem when I tried to move to samba-2.0.3. I have a hunch that this problem may be due to the extensive byte-ordering fixes that were made between 2.0.2 and 2.0.3 because I've seen messages from other people claiming that they are running 2.0.3 as a PDC on linux (Intel hardware I assume). I'll stick with 2.0.2 for now and hopefully this problem will be fixed in 2.0.4. I'm also considering moving to the 2.1.0-prealpha code, but this is more experimental and I wouldn't run this in production yet. If and when you decide to run a samba-2.0.x PDC, feel free to email me directly if you have any configuration questions. On Thu, 4 Mar 1999, Paul L. Lussier wrote:> Hi all, > > I'm currently battling with my Corp. IS group over NT domain administration. > I admin a mostly Unix environment with a lot of WinXX clients. The > authentication server is owned by "Corporate" (you know, that nameless, > faceless entity that always makes do stupid things because > "That's the policy" :) and I have no control over it. > > What I'd like to do is slowly sneak away from them by implementing a Samba > PDC and creating my own domain here. My question is, is it easier to set > up a real WinNT server to be the PDC and have accounts on it, and have > Samba authenticate against that, or, would it be easier to begin creating > Unix accounts for everyone and just have Samba authenticate against > NIS. Obviously my preference is the later :) > > My concerns however, are password changing/aging, etc. and the use of user > profiles. I have John's book, but that was written around 1.9.18 and doesn't > include the PDC stuff in 2.0.x. > > I haven't downloaded the 2.0.x stuff yet. Are the docs that come with it > sufficient to get me where I need/want to go today :) Or should I wait for > the O'Reilly book due out rsn. > > Any opinions, ideas, pointers to docs, etc. are quite welcome :) > > Thanks, > > > -- > > Seeya, > Paul > ---- > plussier@baynetworks.com > Broadband Technology Division - Bay Networks (now a Nortel Company, Eh? :) > > If you're not having fun, you're not doing it right! > >-- Todd Pfaff \ Email: pfaff@mcmaster.ca Computing and Information Services \ Voice: (905) 525-9140 x22920 ABB 132 \ FAX: (905) 528-3773 McMaster University \ Hamilton, Ontario, Canada L8S 4M1 \