samba - Sep 2002 - samba file/service server authentication vs. a remote samba PDC

Hi.

We've got a following network topology:


                   INTERNET
		      |
		      | ppp0
		    __|__
		   [__A__] linux samba PDC ("A")
		    |   |
	       eth0 |   | eth1                     __ __
	 [HUB]______|   |_______[HUB]_____________[__B__]
	 | | |                  | | |                    
      some win2k            some more win2k
     workstations             workstations   +  linux samba ("B")
     (192.168.1.*)           (192.168.2.*) 
		   
The problem:

A is (beside being a firewall,router,www/ftp/dhcp/ssh server,etc.) a samba 2.2.2
linux PDC. It holds a large number of accounts and due to a high load, we've
decided to move most samba-corelated stuff to another linux server - B. The only
thing which is still handled by samba at A is the user database and
authentication. The B is thought to serve files - home dirs, profiles and common
shares. We would also like to give the users an access to a shell via ssh, to
files via ftpd and so on. The main problem is that we would like to have it all
authenticated versus the PDC (A).

Up to today's morning we had been doing the thing with winbind - daemon,
nsswitch and pam module, but we had to reinstall the system due to a hardware
failure. We aren't quite happy with winbind which is still not very stable,
reliable or efficient. What's more it is meant for some other purposes and
does too much unneeded (in our case) things, such as translating UIDs to SIDs
and then back to UIDs. Due to this inconvieniences we're searching for some
other solution.

A solution we've taken into consideration is eg. pam_smbpass module +
password server option in smb.conf. Would this do? And what about
'creating' local accounts or something which would pretend them (as
nsswitch + winbind)?

Thanks in advance for any help.

Grzegorz 'Konik' Kusnierz
 <konik@v-lo.krakow.pl>