It looks Samba PDC with LDAP backend is your best option.
This obviously implies that your Windows folks will have to say good-bye
to ADS...
Andrew McCall wrote:>
> Hi All,
>
> I am sure that you have all read this email a thousand times before, but I
am
> having problems getting the information together and checking that what I
think I can do, can be done :)
>
> At the moment, we currently have 3 or 4 sources of authentication. We have
Novell thats used or all users, OpenLDAP thats used for all mail accounts and
> some NT accounts that are used for things like Citrix users in addition to
standalone accounts on many Solaris and Linux boxes....
>
> We now have to unify the logon process so that the same username and
passwords
> are used no matter what system you are using.
>
> At the moment, the Windows-boys :) are all for moving to Windows 2000 and
using ADS, but I am a little unsure about that due to the way the non-windows
> systems will intergrate into this setup, the stability of ADS and the
> potential MS-creep that this will force on the network.
>
> I know that I could do pretty much what I want to do just via Samba,
however
> due to the way the company works, this isn't really an option, and I
must somehow integrate it to a Windows network.
>
> Basically, what I want to do is have all the usernames and passwords stored
in
> an OpenLDAP server, Samba pulls the users from the OpenLDAP and offers them
to the W2K ADS domain.
>
> Everything else can be done as per normal with W2K ADS and all its
management
> tools.
>
> This is the sort of situation I am trying to get : (Hope the tabs work out)
>
> OpenLDAP ->Samba ->Windows 2K with ADS
> | | |
> | Major Static Shares Groups, Roaming
Profiles
> qmail Software
Deployment
> Apache Shares,Printers
> UNIX Accounts
>
> The questions I have are :
>
> If a user was added via a W2K admin, on a W2K machine would this go back
into
> the OpenLDAP directory?
>
> Can the W2K servers be used in this situation for things like managing
roaming
> profiles, assigning printers on login and managing groups or users,
basically
> all the things that would usually be done with W2K.
>
> Can I somehow have the Samba server as a "backup" server so if
the W2K domain
> goes down, the users can still log on via Samba??
>
> Overall, I think that all I want is for a W2K ADS domain to use OpenLDAP
ato
> authenticate its users against, this way we can fully integrate it into out
network with all the OS types we have.
>
> Does anyone have ny experience with this sort of set up?
>
> What do people recommend?
>
> --
> Thanks,
>
> Andrew McCall
> Internet/Linux System Administrator
> I.C.T. Division
> Oldham MBC
> Civic Centre
> West Street
> Oldham
> OL1 1UU
>
> Tel : 0161 911 3990
> Fax : 0161 911 3998
> Email : it.andrew.mccall@oldham.gov.uk
>
> **********************************************************************
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> This footnote also confirms that this email message has been swept by
> MIMEsweeper for the presence of computer viruses.
>
> www.oldham.gov.uk
> **********************************************************************
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
--
Yuri Pismerov, Sr. System Administrator,
TUCOWS.COM INC. (416) 535-0123 ext. 1352