Hello, I am currently integrating 20 workstations and 5 Servers (all Dell Products) running Red Hat 7.2 (2.4.7-10) into a Windows 2000 / NT Enterprise network of about 2,000 users. I have been using a Samba server (version 2.2.1) with "security=domain" so that any user with a W2K domain logon can access the Samba file server. However, I want to move into full integration and set up all Logins to Redhat (wether Gnome or KDE) to authenticate on the W2K corporate domain and recieve back a security access tolken so that I can have a unified logon point and then access shares or printer on any W2K computer in the domain that I have rights to access. I have considered the Pam_smb module but it only seems to query the W2K corporate domain for a successful username / password logon. However, that means anyone of the 2,000 members in our Corporate Domain could log on to our boxes instead of the group of 20 that I want to give access to. But inaddition to that... I don't think that the Pam_smb passes back *any* kind of security or access tolken so that I can access other domain shares. I think Winbind is my answer, but it seems like it has not been released in a stable manner yet. What do you suggest? thanks for your help, Chris
Winbind has been in use here for almost a month and I've had no problem. I would suggest first off upgrading to 2.2.3. Just do an rpm -e samba-client and samba-common first so you clear up the dependencies. Then go to samba.org and read the documentation for winbind. It's actually pretty easy to do, and has been working really well over here. There isn't anything as cool as sitting in front of a linux computer and logging in with "ops+username" :) You have to add about 7 lines of winbind-specific stuff into you smb.conf file, but that's all availible on the samba.org webpage. -----Original Message----- From: Chris Sarris [mailto:Chrissarris@hotmail.com] Sent: Friday, March 08, 2002 12:37 PM To: samba@lists.samba.org Subject: [Samba] Samba in a Win2000 / NT Enterprise Hello, I am currently integrating 20 workstations and 5 Servers (all Dell Products) running Red Hat 7.2 (2.4.7-10) into a Windows 2000 / NT Enterprise network of about 2,000 users. I have been using a Samba server (version 2.2.1) with "security=domain" so that any user with a W2K domain logon can access the Samba file server. However, I want to move into full integration and set up all Logins to Redhat (wether Gnome or KDE) to authenticate on the W2K corporate domain and recieve back a security access tolken so that I can have a unified logon point and then access shares or printer on any W2K computer in the domain that I have rights to access. I have considered the Pam_smb module but it only seems to query the W2K corporate domain for a successful username / password logon. However, that means anyone of the 2,000 members in our Corporate Domain could log on to our boxes instead of the group of 20 that I want to give access to. But inaddition to that... I don't think that the Pam_smb passes back *any* kind of security or access tolken so that I can access other domain shares. I think Winbind is my answer, but it seems like it has not been released in a stable manner yet. What do you suggest? thanks for your help, Chris -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
I've gotten my token, the whole shebang. I can login to the linux machine with ops+username and my network password, I have setup directories on the machine and changes the group ownership to ops+mis, I've restricted the shares themselves via the smb.conf file...just about everything. Mounted shares onto the linux server, etc, etc. I'm running a windows 2000 active directory domain (native mode) with 2 domain controllers. (PDC/BDC technically no longer exists in win2k) Running about 65 workstations and like 9 servers. My next step is to apache authentication working, but that's not a priority. I'm actually incredibly impressed with how well samba plays in a win2k environment. I had a few problems, but they were related to a semi-screwed up wins database, but once that was cleaned up things have been perfect. I've actually setup about 4 machines in the active domain, and they all work. The winbind docs on samba.org are excellent on helping you set it up. I'm far from a linux guru, but I can hold my own and it's been fine so far. -----Original Message----- From: Sarris, Chris [mailto:Chris_Sarris@csgsystems.com] Sent: Friday, March 08, 2002 2:06 PM To: Blanchard, Michael Subject: RE: [Samba] Samba in a Win2000 / NT Enterprise Michael, Excellent news.... so can you confirm that you get a W2K ACL security tolken back and can access various resources on a W2K domain and are locked out of ones that you should not have access to? What is your enviroment / LAN? Thanks, Chris -----Original Message----- From: Blanchard, Michael [mailto:MBlanchard@grandaire.com] Sent: Friday, March 08, 2002 11:47 AM To: samba@lists.samba.org Subject: [Samba] Samba in a Win2000 / NT Enterprise Winbind has been in use here for almost a month and I've had no problem. I would suggest first off upgrading to 2.2.3. Just do an rpm -e samba-client and samba-common first so you clear up the dependencies. Then go to samba.org and read the documentation for winbind. It's actually pretty easy to do, and has been working really well over here. There isn't anything as cool as sitting in front of a linux computer and logging in with "ops+username" :) You have to add about 7 lines of winbind-specific stuff into you smb.conf file, but that's all availible on the samba.org webpage. -----Original Message----- From: Chris Sarris [mailto:Chrissarris@hotmail.com] Sent: Friday, March 08, 2002 12:37 PM To: samba@lists.samba.org Subject: [Samba] Samba in a Win2000 / NT Enterprise Hello, I am currently integrating 20 workstations and 5 Servers (all Dell Products) running Red Hat 7.2 (2.4.7-10) into a Windows 2000 / NT Enterprise network of about 2,000 users. I have been using a Samba server (version 2.2.1) with "security=domain" so that any user with a W2K domain logon can access the Samba file server. However, I want to move into full integration and set up all Logins to Redhat (wether Gnome or KDE) to authenticate on the W2K corporate domain and recieve back a security access tolken so that I can have a unified logon point and then access shares or printer on any W2K computer in the domain that I have rights to access. I have considered the Pam_smb module but it only seems to query the W2K corporate domain for a successful username / password logon. However, that means anyone of the 2,000 members in our Corporate Domain could log on to our boxes instead of the group of 20 that I want to give access to. But inaddition to that... I don't think that the Pam_smb passes back *any* kind of security or access tolken so that I can access other domain shares. I think Winbind is my answer, but it seems like it has not been released in a stable manner yet. What do you suggest? thanks for your help, Chris -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Michael, When you say you have had no problem with winbind, does this mean don't have winbindd dying every few hours ? Even when not under load ? Which OSs are you running ? I have a Native ADS network (Win 2000 SP2) and RH 6.2 (2.2.20 kernel patched with ACLs) and about 90 users. Thanks Noel -----Original Message----- From: Blanchard, Michael [mailto:MBlanchard@grandaire.com] Sent: 08 March 2002 18:47 To: samba@lists.samba.org Subject: [Samba] Samba in a Win2000 / NT Enterprise Winbind has been in use here for almost a month and I've had no problem. I would suggest first off upgrading to 2.2.3. Just do an rpm -e samba-client and samba-common first so you clear up the dependencies. Then go to samba.org and read the documentation for winbind. It's actually pretty easy to do, and has been working really well over here. There isn't anything as cool as sitting in front of a linux computer and logging in with "ops+username" :) You have to add about 7 lines of winbind-specific stuff into you smb.conf file, but that's all availible on the samba.org webpage. -----Original Message----- From: Chris Sarris [mailto:Chrissarris@hotmail.com] Sent: Friday, March 08, 2002 12:37 PM To: samba@lists.samba.org Subject: [Samba] Samba in a Win2000 / NT Enterprise Hello, I am currently integrating 20 workstations and 5 Servers (all Dell Products) running Red Hat 7.2 (2.4.7-10) into a Windows 2000 / NT Enterprise network of about 2,000 users. I have been using a Samba server (version 2.2.1) with "security=domain" so that any user with a W2K domain logon can access the Samba file server. However, I want to move into full integration and set up all Logins to Redhat (wether Gnome or KDE) to authenticate on the W2K corporate domain and recieve back a security access tolken so that I can have a unified logon point and then access shares or printer on any W2K computer in the domain that I have rights to access. I have considered the Pam_smb module but it only seems to query the W2K corporate domain for a successful username / password logon. However, that means anyone of the 2,000 members in our Corporate Domain could log on to our boxes instead of the group of 20 that I want to give access to. But inaddition to that... I don't think that the Pam_smb passes back *any* kind of security or access tolken so that I can access other domain shares. I think Winbind is my answer, but it seems like it has not been released in a stable manner yet. What do you suggest? thanks for your help, Chris -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
It's not perfect, but when you consider how much the server cost ($0) it's amazing what all it can do. If I was going to be at this company longer, I would start pushing now for a workstation or two running linux that they can login to with their network usernames. :) The server running winbind has now been up for 25 days with 0 problems, would have been longer but I had a motherboard dump and took the whole system with it. The only annoying part is the "[:too many arguments" I get under redhat 7.2, but it doesn't seem to cause a problem so I can cope. Good luck to you with linux! -----Original Message----- From: Sarris, Chris [mailto:Chris_Sarris@csgsystems.com] Sent: Friday, March 08, 2002 4:52 PM To: Blanchard, Michael Subject: RE: [Samba] Samba in a Win2000 / NT Enterprise Michael, Wow, that is seriously encouraging! Thanks so much for that description. I feel like the lone island of Linux Administration in our Corporate Network of Windows 2000 boxes..... so it is great to get some real feedback on winbind's abilities! Thanks again, Chris -----Original Message----- From: Blanchard, Michael [mailto:MBlanchard@grandaire.com] Sent: Friday, March 08, 2002 1:14 PM To: samba@lists.samba.org Subject: RE: [Samba] Samba in a Win2000 / NT Enterprise I've gotten my token, the whole shebang. I can login to the linux machine with ops+username and my network password, I have setup directories on the machine and changes the group ownership to ops+mis, I've restricted the shares themselves via the smb.conf file...just about everything. Mounted shares onto the linux server, etc, etc. I'm running a windows 2000 active directory domain (native mode) with 2 domain controllers. (PDC/BDC technically no longer exists in win2k) Running about 65 workstations and like 9 servers. My next step is to apache authentication working, but that's not a priority. I'm actually incredibly impressed with how well samba plays in a win2k environment. I had a few problems, but they were related to a semi-screwed up wins database, but once that was cleaned up things have been perfect. I've actually setup about 4 machines in the active domain, and they all work. The winbind docs on samba.org are excellent on helping you set it up. I'm far from a linux guru, but I can hold my own and it's been fine so far. -----Original Message----- From: Sarris, Chris [mailto:Chris_Sarris@csgsystems.com] Sent: Friday, March 08, 2002 2:06 PM To: Blanchard, Michael Subject: RE: [Samba] Samba in a Win2000 / NT Enterprise Michael, Excellent news.... so can you confirm that you get a W2K ACL security tolken back and can access various resources on a W2K domain and are locked out of ones that you should not have access to? What is your enviroment / LAN? Thanks, Chris -----Original Message----- From: Blanchard, Michael [mailto:MBlanchard@grandaire.com] Sent: Friday, March 08, 2002 11:47 AM To: samba@lists.samba.org Subject: [Samba] Samba in a Win2000 / NT Enterprise Winbind has been in use here for almost a month and I've had no problem. I would suggest first off upgrading to 2.2.3. Just do an rpm -e samba-client and samba-common first so you clear up the dependencies. Then go to samba.org and read the documentation for winbind. It's actually pretty easy to do, and has been working really well over here. There isn't anything as cool as sitting in front of a linux computer and logging in with "ops+username" :) You have to add about 7 lines of winbind-specific stuff into you smb.conf file, but that's all availible on the samba.org webpage. -----Original Message----- From: Chris Sarris [mailto:Chrissarris@hotmail.com] Sent: Friday, March 08, 2002 12:37 PM To: samba@lists.samba.org Subject: [Samba] Samba in a Win2000 / NT Enterprise Hello, I am currently integrating 20 workstations and 5 Servers (all Dell Products) running Red Hat 7.2 (2.4.7-10) into a Windows 2000 / NT Enterprise network of about 2,000 users. I have been using a Samba server (version 2.2.1) with "security=domain" so that any user with a W2K domain logon can access the Samba file server. However, I want to move into full integration and set up all Logins to Redhat (wether Gnome or KDE) to authenticate on the W2K corporate domain and recieve back a security access tolken so that I can have a unified logon point and then access shares or printer on any W2K computer in the domain that I have rights to access. I have considered the Pam_smb module but it only seems to query the W2K corporate domain for a successful username / password logon. However, that means anyone of the 2,000 members in our Corporate Domain could log on to our boxes instead of the group of 20 that I want to give access to. But inaddition to that... I don't think that the Pam_smb passes back *any* kind of security or access tolken so that I can access other domain shares. I think Winbind is my answer, but it seems like it has not been released in a stable manner yet. What do you suggest? thanks for your help, Chris -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Michael, Are you running a 2.4 kernel ? I am have had numerous problems with winbindd dying under 2.2.20. Also, on Friday I had two separate incidents of unkillable smbd processes left on the our Samba 2.2.3a servers after the Win2000 clients crashed. These are nasty as they prevent the disk being unmounted and one is left with no option but to reboot and let fsck do its stuff on remount. Having to reboot both our main servers on Friday afternoon in these circumstances is not impressing the hoi poloi. I was rather hoping these unkillables had gone away with 2.2.3a as they were so constant in 2.2.2 that they almost scuttled the whole Samba migration. Perhaps the 2.4 kernel's improved file system management might smooth these over. Thanks, Noel ----- Original Message ----- From: "Blanchard, Michael" <MBlanchard@grandaire.com> To: <samba@lists.samba.org> Sent: Friday, March 08, 2002 6:47 PM Subject: [Samba] Samba in a Win2000 / NT Enterprise> Winbind has been in use here for almost a month and I've had no problem. > I would suggest first off upgrading to 2.2.3. Just do an rpm -e > samba-client and samba-common first so you clear up the dependencies. > Then go to samba.org and read the documentation for winbind. It's > actually pretty easy to do, and has been working really well over here. > There isn't anything as cool as sitting in front of a linux computer and > logging in with "ops+username" :) You have to add about 7 lines of > winbind-specific stuff into you smb.conf file, but that's all availible > on the samba.org webpage. > > -----Original Message----- > From: Chris Sarris [mailto:Chrissarris@hotmail.com] > Sent: Friday, March 08, 2002 12:37 PM > To: samba@lists.samba.org > Subject: [Samba] Samba in a Win2000 / NT Enterprise > > > Hello, > I am currently integrating 20 workstations and 5 Servers (all Dell > Products) running Red Hat 7.2 (2.4.7-10) into a Windows 2000 / NT > Enterprise network of about 2,000 users. > > I have been using a Samba server (version 2.2.1) with "security=domain" > so that any user with a W2K domain logon can access the Samba file > server. > > However, I want to move into full integration and set up all Logins to > Redhat (wether Gnome or KDE) to authenticate on the W2K corporate domain > and recieve back a security access tolken so that I can have a unified > logon point and then access shares or printer on any W2K computer in the > domain that I have rights to access. > > I have considered the Pam_smb module but it only seems to query the W2K > corporate domain for a successful username / password logon. However, > that means anyone of the 2,000 members in our Corporate Domain could log > on to our boxes instead of the group of 20 that I want to give access > to. But inaddition to that... I don't think that the Pam_smb passes back > *any* kind of security or access tolken so that I can access other > domain shares. > > I think Winbind is my answer, but it seems like it has not been released > in a stable manner yet. > > What do you suggest? > thanks for your help, > Chris > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >
On that server I'm running 2.4.7 (stock redhat) My servers don't have a heavy load yet, so that could be a difference. I've ran 2.4.19-pre2-ac3 on another server with good results, I don't know if it will fix your issues, but it could be worth a shot. 2.4.18 has been solid here too. Did you compile it or install the rpm? If you compile it, maybe try the rpm? (I'm not a samba guru, but I learn every day) Good luck! I'll help as best I can. You might also want to look at using ext3 (not related to samba) as it would help with fsck's you have to go through. Migration to ext3 is relatively painless, just make sure to update your bootdisks with a kernel that supports it. -----Original Message----- From: Noel Kelly (VPN) [mailto:nkelly@tarsus.co.uk] Sent: Monday, March 11, 2002 2:10 PM To: Blanchard, Michael; samba@lists.samba.org Subject: Re: [Samba] Samba in a Win2000 / NT Enterprise Michael, Are you running a 2.4 kernel ? I am have had numerous problems with winbindd dying under 2.2.20. Also, on Friday I had two separate incidents of unkillable smbd processes left on the our Samba 2.2.3a servers after the Win2000 clients crashed. These are nasty as they prevent the disk being unmounted and one is left with no option but to reboot and let fsck do its stuff on remount. Having to reboot both our main servers on Friday afternoon in these circumstances is not impressing the hoi poloi. I was rather hoping these unkillables had gone away with 2.2.3a as they were so constant in 2.2.2 that they almost scuttled the whole Samba migration. Perhaps the 2.4 kernel's improved file system management might smooth these over. Thanks, Noel ----- Original Message ----- From: "Blanchard, Michael" <MBlanchard@grandaire.com> To: <samba@lists.samba.org> Sent: Friday, March 08, 2002 6:47 PM Subject: [Samba] Samba in a Win2000 / NT Enterprise> Winbind has been in use here for almost a month and I've had no > problem. I would suggest first off upgrading to 2.2.3. Just do an rpm> -e samba-client and samba-common first so you clear up the > dependencies. Then go to samba.org and read the documentation for > winbind. It's actually pretty easy to do, and has been working really> well over here. There isn't anything as cool as sitting in front of a > linux computer and logging in with "ops+username" :) You have to add > about 7 lines of winbind-specific stuff into you smb.conf file, but > that's all availible on the samba.org webpage. > > -----Original Message----- > From: Chris Sarris [mailto:Chrissarris@hotmail.com] > Sent: Friday, March 08, 2002 12:37 PM > To: samba@lists.samba.org > Subject: [Samba] Samba in a Win2000 / NT Enterprise > > > Hello, > I am currently integrating 20 workstations and 5 Servers (all Dell > Products) running Red Hat 7.2 (2.4.7-10) into a Windows 2000 / NT > Enterprise network of about 2,000 users. > > I have been using a Samba server (version 2.2.1) with > "security=domain" so that any user with a W2K domain logon can access > the Samba file server. > > However, I want to move into full integration and set up all Logins to> Redhat (wether Gnome or KDE) to authenticate on the W2K corporate > domain and recieve back a security access tolken so that I can have a > unified logon point and then access shares or printer on any W2K > computer in the domain that I have rights to access. > > I have considered the Pam_smb module but it only seems to query the > W2K corporate domain for a successful username / password logon. > However, that means anyone of the 2,000 members in our Corporate > Domain could log on to our boxes instead of the group of 20 that I > want to give access to. But inaddition to that... I don't think that > the Pam_smb passes back > *any* kind of security or access tolken so that I can access other > domain shares. > > I think Winbind is my answer, but it seems like it has not been > released in a stable manner yet. > > What do you suggest? > thanks for your help, > Chris > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >
I have a RH7.2 machine using the SGI_XFS (including acl support) install disk(which is quite slick) running 2.2.3a with winbindd joined to a mixed mode AD domain and I am having no problems as of yet (been running 3 days without interruption. I have not yet set up (or figured out) the acls for this machine, but planning on giving it a go today. I'll report any anomalies when I come across them... Thanks, Wade -----Original Message----- From: Noel Kelly (VPN) [mailto:nkelly@tarsus.co.uk] Sent: Monday, March 11, 2002 3:23 PM To: Jeremy Allison Cc: Blanchard, Michael; samba@lists.samba.org Subject: Re: [Samba] Samba in a Win2000 / NT Enterprise We actually had this discussion previously Jeremy. Interestingly 2.2.3a was a huge improvement over 2.2.2 for us with zero alterations to the 2.2.20 kernel (acl patched). I turned off oplocks globally from the beginning and before Friday it was looking like plain sailing, with the only hiccup being winbindd having to be restarted every couple of hours. It was working so well that I replicated the build onto the second Samba server we now run. I have actually had a 2.4 machine running 2.2.3a all today and winbindd has not died once even with a script interrogating it continously. The winbindd error does not seem to be load related - it dies as frequently over the weekend as during work hours. I think I will retro the kernel back to 2.2.19 and see if that is more stable otherwise it is looking like a move to 2.4. The only other spanner in the works could be the ACL patches from bestbits.at - maybe these are causing some interference with the base filesystem handling ? Noel ----- Original Message ----- From: "Jeremy Allison" <jra@samba.org> To: "Noel Kelly (VPN)" <nkelly@tarsus.co.uk> Cc: "Blanchard, Michael" <MBlanchard@grandaire.com>; <samba@lists.samba.org> Sent: Monday, March 11, 2002 7:19 PM Subject: Re: [Samba] Samba in a Win2000 / NT Enterprise> On Mon, Mar 11, 2002 at 07:10:13PM -0000, Noel Kelly (VPN) wrote: > > Michael, > > > > Are you running a 2.4 kernel ? I am have had numerous problems with > > winbindd dying under 2.2.20. Also, on Friday I had two separateincidents> > of unkillable smbd processes left on the our Samba 2.2.3a servers afterthe> > Win2000 clients crashed. These are nasty as they prevent the disk being > > unmounted and one is left with no option but to reboot and let fsck doits> > stuff on remount. Having to reboot both our main servers on Friday > > afternoon in these circumstances is not impressing the hoi poloi. > > > > I was rather hoping these unkillables had gone away with 2.2.3a as theywere> > so constant in 2.2.2 that they almost scuttled the whole Sambamigration.> > Perhaps the 2.4 kernel's improved file system management might smooththese> > over. > > Unkillable processes are a *kernel* problem, not a Samba one. > > Nothing we do should affect the kernel this badly - my only > guess would be kernel oplock code - try turning this option > off and see if it makes the problem go away. > > Jeremy. >-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba