samba - Oct 2000 - Moving from Workgroup model to Domain

Hi,

I have recently taken over administration of a Samba installation.  I have 
experience administering a 5000-node NT domain (actually lots of domains, with 
trusts), and I am experienced in administering Solaris, but Samba is new to me, 
so I've subscribed to this mail list to try to get up to speed.  It's a
great
list, and the level of support is fantastic, especially to Samba newbies like 
me.

We have 5 Samba 2.0.5a servers on Solaris 2.7 (with NIS+ on the Solaris side, 
but no connection between smbpasswd and the NIS maps), each serving about 50 NT 
4.0 clients, with a couple of Win98 notebooks at each site.  We are currently 
operating in Security = User mode, because it was the simplest to implement, but
it is a pain to administer, because people have to be manually added to each 
server if they want to access resources on a that server.

We now have a nice 10MBit WAN connection between all the sites, so I would like 
to move to a single Domain model, to make administration much simpler.  We would
install the latest version of Samba when we go to make the transition, and would
take that time to get all the NT clients up SP 6.0a.

I have a couple of questions to the gurus in the list regarding this transition:

1.  Is the Samba PDC model fully implemented?  How do you administer domain 
users, via SWAT?

2.  If so, how do SAM database replications happen?  With NT 4.0, the PDC and 
BDC's exchange user account information automagically.  Does this mechanism 
exist in Samba?

3.  Would a Wintel PDC with Samba BDC's be better?  I'm used to using
User
Manager for Domains to administer local and global groups on all servers.  How 
would I do that with Samba BDC's?

4.  I'm sure I'm not the first person to ask these questions.  Is there
a white
paper anywhere to check this out?

I appreciate any help this group has to offer on these questions.

-Thanks,
-Tom

_________________________________________________________________
Tom Haws
System Administrator   Inform Network for Management Systems
Tel: (250) 562-2628    1579 9th Ave, Prince George, B.C. V2L 3R8
Fax: (250) 562-6942
_________________________________________________________________

* Tom R Haws (PG) <trh@timberline.ca> [20001019 00:24]:
=>Hi,
=>
=>I have recently taken over administration of a Samba installation.  I have 
=>experience administering a 5000-node NT domain (actually lots of domains,
with
=>trusts), and I am experienced in administering Solaris, but Samba is new to
me,
=>so I've subscribed to this mail list to try to get up to speed. 
It's a great
=>list, and the level of support is fantastic, especially to Samba newbies
like
=>me.
=>
=>We have 5 Samba 2.0.5a servers on Solaris 2.7 (with NIS+ on the Solaris
side,
=>but no connection between smbpasswd and the NIS maps), each serving about
50 NT
=>4.0 clients, with a couple of Win98 notebooks at each site.  We are
currently
=>operating in Security = User mode, because it was the simplest to
implement, but
=>it is a pain to administer, because people have to be manually added to
each
=>server if they want to access resources on a that server.
=>
=>We now have a nice 10MBit WAN connection between all the sites, so I would
like
=>to move to a single Domain model, to make administration much simpler.  We
would
=>install the latest version of Samba when we go to make the transition, and
would
=>take that time to get all the NT clients up SP 6.0a.
=>
=>I have a couple of questions to the gurus in the list regarding this
transition:
=>
=>1.  Is the Samba PDC model fully implemented?  How do you administer domain
=>users, via SWAT?
=>
=>2.  If so, how do SAM database replications happen?  With NT 4.0, the PDC
and
=>BDC's exchange user account information automagically.  Does this
mechanism
=>exist in Samba?
=>
=>3.  Would a Wintel PDC with Samba BDC's be better?  I'm used to
using User
=>Manager for Domains to administer local and global groups on all servers. 
How
=>would I do that with Samba BDC's?
=>
=>4.  I'm sure I'm not the first person to ask these questions.  Is
there a white
=>paper anywhere to check this out?
=>
=>I appreciate any help this group has to offer on these questions.
=>
=>-Thanks,
=>-Tom


Since you're new to Samba the best favor you can do yourself is to get a
copy of the book "Using SAMBA" by Robert Eckstein/David
Collier-Brown/Peter Kelly. It is published by O'reilly.
Before you get the $34.95 you can also look at it online at
http://sunsite.auc.dk/samba/oreilly/using_samba/
Also look at the FAQs.

HTH

-Wash

--
Odhiambo Washington  Inter-Connect Ltd.,
wash@iconnect.co.ke  5th Flr Furaha Plaza
Tel: 254 11 222604   Nkrumah Rd.,
Fax: 254 11 222636   PO Box 83613 MOMBASA, KENYA.

By long-standing tradition, I take this opportunity to savage other designers 
in the thin disguise of good, clean fun. -P.J. Plauger, "Computer
Language",
1988, April Fool's column.

"Tom R Haws (PG)" wrote:
> I have a couple of questions to the gurus in the list regarding this
transition:
> 
> 1.  Is the Samba PDC model fully implemented?  How do you administer domain
> users, via SWAT?
No. Samba 2.0.7 has limited PDC functionality for NT4 clients. Samba 2.2
expands this to cover Win2000 clients also. Samba TNG has fuller PDC
fuctionality, but has now become a code fork with a slightly different
direction.
 
> 2.  If so, how do SAM database replications happen?  With NT 4.0, the PDC
and
> BDC's exchange user account information automagically.  Does this
mechanism
> exist in Samba?
Samba does not yet support PDC->BDC replication, tough judicious use of
Unix utilities could be used to fake something up. This support is
slated for Samba 3.0.
 
> 3.  Would a Wintel PDC with Samba BDC's be better?  I'm used to
using User
> Manager for Domains to administer local and global groups on all servers. 
How
> would I do that with Samba BDC's?
Possibly. You could use Wintel PDC/BDC's. Then you could serve files
from Samba with security=domain. This is bad because you need to
authenticate from Windows, and with MS's latest license policy, you get
badly screwed over. It's a good way to go if you have windows and wish
to get rid of it, but if you don't have windows servers, it's not as
attractive an option.

If you set up a Samba DC with the existing stable code, you will lose
User Manager/Server Manager, and similar MS tools. Stable Samba does not
yet support the RPC calls these applications need.
 
> 4.  I'm sure I'm not the first person to ask these questions.  Is
there a white
> paper anywhere to check this out?
I believe there's some useful information at
http://bioserve.latrobe.edu.au/samba but I can't check it, as Australia
has dropped off the net for me right now...

HTH,

Mike

What about "MS's latest license policy" ?

Does it mean that in my LAN, I can't use a NT server only as PDC, with files
being stored on a Samba/Unix server  ? (Of course, we have the right
number of client connection licenses !)

----- Original Message ----- 
> Date: Thu, 19 Oct 2000 12:33:54 +0100
> From: Mike Brodbelt <m.brodbelt@acu.ac.uk>
> To: "Tom R Haws (PG)" <trh@timberline.ca>
> Cc: samba@us4.samba.org
> Subject: Re: Moving from Workgroup model to Domain
> 
> ..........................
> Possibly. You could use Wintel PDC/BDC's. Then you could serve files
> from Samba with security=domain. This is bad because you need to
> authenticate from Windows, and with MS's latest license policy, you get
> badly screwed over. It's a good way to go if you have windows and wish
> to get rid of it, but if you don't have windows servers, it's not
as
> attractive an option.
> ..........................