Rodger Etz-Brown
2002-Aug-19 04:06 UTC
[Samba] Centrally stored policies with group settings
Dear *,
we are stuck and cannot find anything on the Net or the documentation.
Background
----------
We are currently working on a project that aims to migrate Servers from
a Windows NT domain to a Samba based domain. The migration, as always,
should be completely tranparent to the Windows Desktops and their users.
There are about 300 users and may be 20 groups.
Issue
-----
The current domain set-up makes heavy use of policies. The policies are
group based and stored centrally on the DCs.
For the moment we only consider Samba 2.2 as 3 is not released yet and
therefore hard to justify in a production environment.
In one sentence: We need a way to set policies via Samba or any other
mechanism that allows us to specify group based settings, where one user
is part of several groups.
Possible Solutions
------------------
Implement Samba 3. As said above, not really a valid option until it's
released.
Or create a policy file for each user by hand and map netlogon to
something like %U. Not feasable as it is too much effort. Especially
when group membership changes. Am not even sure this would work.
Questions
---------
Has anybody faced the same issue and found a solution for centrally
stored group based policies using Samba ver 2.2?
Is anybody using Samba 3 in a production environment? If so, have you
experienced any (in)stability problems? (This might help us convince the
customer to let us implement the unreleased version)
Please also let me know if any of the above assumptions are wrong.
Please don't reply if you don't know how Windows NT Policies work or
read this first:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q185589
Many thanks in advance,
REB
--
Rodger Etz-Brown <etz-brown@univention.de> fon: +49 421 22 08 114
fax: +49 421 22 08 115
univention_ GmbH http://www.univention.de/ mobil: +49 179 54 22 947
Matt.Gregory@ctimi.com
2002-Aug-19 10:20 UTC
[Samba] Centrally stored policies with group settings
Go and read about setting up Directories in LDAP, remote authentication
via LDAP with Samba (Capter 11 in the Samba howto).
It souds like your best bet is to create an LDAP server with replication
(for failover) and a directory service for the groups. You can then store
all your unix accounts in LDAP and have Samba authenticate from that
server as well. There are lots of howtos available for configuring
windows clients to log into LDAP directories as well.
The other choice is, of cource, to stay with Windows NT domains. I would
highly push the LDAP solution however, since it's pretty-much becomming
the standard (Windows Directory Services in 2K Advanced Server is LDAP v3
compliant).
Matt Gregory
Web Developer
CTI, Inc.
cell: 678-458-6513
ioem: matt.gregory@ctimi.com *see key block below
ooem: matthew.gregory@skyleach.com
Rodger Etz-Brown <etz-brown@univention.de>
Sent by: samba-admin@lists.samba.org
08/19/2002 09:02 AM
To: samba@lists.samba.org
cc:
Subject: [Samba] Centrally stored policies with group settings
Dear *,
we are stuck and cannot find anything on the Net or the documentation.
Background
----------
We are currently working on a project that aims to migrate Servers from
a Windows NT domain to a Samba based domain. The migration, as always,
should be completely tranparent to the Windows Desktops and their users.
There are about 300 users and may be 20 groups.
Issue
-----
The current domain set-up makes heavy use of policies. The policies are
group based and stored centrally on the DCs.
For the moment we only consider Samba 2.2 as 3 is not released yet and
therefore hard to justify in a production environment.
In one sentence: We need a way to set policies via Samba or any other
mechanism that allows us to specify group based settings, where one user
is part of several groups.
Possible Solutions
------------------
Implement Samba 3. As said above, not really a valid option until it's
released.
Or create a policy file for each user by hand and map netlogon to
something like %U. Not feasable as it is too much effort. Especially
when group membership changes. Am not even sure this would work.
Questions
---------
Has anybody faced the same issue and found a solution for centrally
stored group based policies using Samba ver 2.2?
Is anybody using Samba 3 in a production environment? If so, have you
experienced any (in)stability problems? (This might help us convince the
customer to let us implement the unreleased version)
Please also let me know if any of the above assumptions are wrong.
Please don't reply if you don't know how Windows NT Policies work or
read this first:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q185589
Many thanks in advance,
REB
--
Rodger Etz-Brown <etz-brown@univention.de> fon: +49 421 22 08 114
fax: +49 421 22 08 115
univention_ GmbH http://www.univention.de/ mobil: +49 179 54 22 947
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba