Be nice -- I'm a SAMBA newbie, but at least I've got the O'Reilly book!! We want to use a SAMBA server to provide user accounts for a print charge-back system in our public student labs. Since this amounts to several thousand accounts which are already managed and current on our e-mail server, we don't want to try to replicate them and keep them synchronized on the NT PDC. For a variety of reasons, we don't want the SAMBA server to act as the PDC for that domain either. According to our NT guru, the solution is to set up a trust relationship between the SAMBA server and the PDC for the domain providing services to the student labs. O'Reilly mentions nothing about trust relationships in the index, and thumbing through has yet to yield results. This is supposedly a common practice thing in the NT domain world. Can it be done with SAMBA? Thanks, Rob _ _ _ _ _ _ _ _ _ _ /\_\_\_\_\ /\_\ /\_\_\_\_\_\ /\/_/_/_/_/ /\/_/ \/_/_/_/_/_/ QUIDQUID LATINE DICTUM SIT, /\/_/__\/_/ __ /\/_/ /\/_/ PROFUNDUM VIDITUR /\/_/_/_/_/ /\_\ /\/_/ /\/_/ /\/_/ \/_/ /\/_/_/\/_/ /\/_/ (Whatever is said in Latin \/_/ \/_/ \/_/_/_/_/ \/_/ appears profound) Rob Tanner UNIX and Networks Manager Linfield College, McMinnville OR (503) 434-2558 <rtanner@linfield.edu>
Rob Tanner wrote:> > Be nice -- I'm a SAMBA newbie, but at least I've got the O'Reilly book!! > > We want to use a SAMBA server to provide user accounts for a print > charge-back system in our public student labs. Since this amounts to > several thousand accounts which are already managed and current on our > e-mail server, we don't want to try to replicate them and keep them > synchronized on the NT PDC. For a variety of reasons, we don't want the > SAMBA server to act as the PDC for that domain either. > > According to our NT guru, the solution is to set up a trust relationship > between the SAMBA server and the PDC for the domain providing services to > the student labs. O'Reilly mentions nothing about trust relationships in > the index, and thumbing through has yet to yield results. This is > supposedly a common practice thing in the NT domain world. Can it be done > with SAMBA?You don't need a trust account or even a Samba PDC to do this. So long as the account names are the same in the UNIX /etc/passwd and NT SAM databases then just put the Samba server into the NT Domain (see the Samba docs for details) and then set up the Samba server in 'security=domain' code and point the 'password server =' line at the PDC/BDC's. Remember, Samba knows nothing about 'remote domain' accounts, because UNIX knows nothing about such things. So you cannot say to Samba 'allow user DOM1\FRED' access on this box as that user has no meaning or existance on the UNIX box unless it can be mapped to some existing UNIX user (say, 'fred'). Regards, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. --------------------------------------------------------
Hi Rob, Maybe there is another way to 'skin this cat'... where are the resources that the users are going to connect to residing? when you talk about a 'print charge-back system' do you mean that NT clients will be attaching to the SAMBA server to access printers? If this is the case, perhaps you could set up all of your printer shares such that guest access is denied, and have the samba server set up in security=user mode. that way when an NT client tries to attach to one of your printers, he will have to supply a connect as username and password that will be validated against the /etc/passwd entries on your samba server. Or are the printers on the NT side, and your UNIX users wanting access to them via smbclient? If you can define more specifically what you are trying to do, maybe there is still a way that Samba can help you out! Hope this helps, Don
Possibly Parallel Threads
- Problems with trust account passowrds ???
- I'm confused about W2K rpcclient "getdriver" response
- Samba 1.9.18p2 --> 1.9.18p8 on Solaris 2.6 breaks browsing ????
- REPOST: Problems with trust account passowrds ???
- Connecting to SAMBA for first time takes a very looong time