samba - Oct 2002 - Active Directory user authentication with a Samba File server???

I currently have a file/print server running on a W2K machine that crashes
almost daily and would like to start using Samba as a file server, instead.

Our 5 domain controllers are all setup using native mode so as to not share
active directory with any NT servers.

** If I setup samba on a redhat 8.0 box, can it read and write to our current
active directory for user authentication?

I want to have a samba server that is apart of our domain and shares its
authentication with the other DCs, I do not want a user database on the redhat
box that is specific to it. So if a user changes their password on a domain
machine somewhere it will replicate to all other DCs, including the Samba
server. I do not want to maintain a seperate user/password database on the Samba
server.

Are these things currently possible??

Please help. :)

James Miremont
jmiremo@envestnetpmc.com
-------------- next part --------------
HTML attachment scrubbed and removed

> "Miremont, James" wrote:
> 
> I currently have a file/print server running on a W2K machine that
> crashes almost daily and would like to start using Samba as a file
> server, instead.
> 
> Our 5 domain controllers are all setup using native mode so as to not
> share active directory with any NT servers.
> 
> ** If I setup samba on a redhat 8.0 box, can it read and write to our
> current active directory for user authentication?
> 
> I want to have a samba server that is apart of our domain and shares
> its authentication with the other DCs, I do not want a user database
> on the redhat box that is specific to it. So if a user changes their
> password on a domain machine somewhere it will replicate to all other
> DCs, including the Samba server. I do not want to maintain a seperate
> user/password database on the Samba server.
> 
> Are these things currently possible??
Certainly.  You may need to set a username for winbind to use when
contacting the DC (or set 'permissions compatible with pre-windows 2000
computers'). 

See the manpage for wbinfo -A

Or Samba 3.0 alphas allow you to do it natively, but be warned, the
documentation in our prerelease code is lacking (which is much of the
reason it is still pre-release).

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet@pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet@samba.org
Student Network Administrator, Hawker College   abartlet@hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

> Message: 12
> Date: Mon, 7 Oct 2002 12:38:00 -0600
> From: "Miremont, James" <jmiremont@envestnetpmc.com>
> To: <samba@lists.samba.org>
> Subject: [Samba] Active Directory user authentication with a Samba File
server???
> 
> This is a multi-part message in MIME format.
> 
> ------_=_NextPart_001_01C26E30.A98CBDF8
> Content-Type: text/plain;
> 	charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
> 
> I currently have a file/print server running on a W2K machine that >
crashes almost daily and would like to start using Samba as a file > server,
instead.
> 
> Our 5 domain controllers are all setup using native mode so as to not >
share active directory with any NT servers.
> 
> ** If I setup samba on a redhat 8.0 box, can it read and write to our >
current active directory for user authentication?
> 
FYI, Mandrake 9.0 can do this for you, if you choose 'Windows Domain' as
the authentication method (might require an 'expert' install) during 
installation (unfortunately, not available after install).

After installation, you may want to replace the basic 
/etc/samba/smb.conf configured during the install with a better generic 
winbind config (/etc/samba/smb-winbind.conf) and just set the 
'workgroup' paramter back. You will then have an out-the-box file 
server. If you want downloadable printer drivers on the machine, you 
should just have to change the ownership of the driver directory:

# chgrp -R 'Domain Admins' /var/lib/samba/printers/*
# chmod -R g+w /var/lib/samba/printers/*
> I want to have a samba server that is apart of our domain and shares its
> authentication with the other DCs, I do not want a user database on the
> redhat box that is specific to it. So if a user changes their password >
on a domain machine somewhere it will replicate to all other DCs, > including
the Samba server. I do not want to maintain a seperate > user/password
database on the Samba server.
No problem. Mandrake 9.0 is probably the easiest way to get this running 
(IMHO, of course).

Buchan

-- 
|----------------Registered Linux User #182071-----------------|
Buchan Milne                Mechanical Engineer, Network Manager
Cellphone * Work            +27 82 472 2231 * +27 21 8828820x121
Stellenbosch Automotive Engineering         http://www.cae.co.za
GPG Key                   http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7