Hi, I am migrating from WinNT 4 to Samba 3 beta3 in a production environment. It would be nice to have some advice, because I don't know if Samba is ready for assuming this ;-) I never heard about any one that had something like this. This is kind of a big network so it will be 1 PDC (Samba) , 4 BDC's (Samba) and 2 File Servers (w2k). I will have a minimum of 800 machines and 2000 users logging on to Samba. There are more users because of Internet Authentication. I have Samba 3 beta3 working with NIS and rsync synchronization of smbpasswd, no db backend. Is this a problem? And I can't find a solution for using account policy to block the user account after bad logins, pdbedit doesn't seem to work. If more information is needed just ask me. Any thoughts will be welcome. Thanks in advance for advices! ------------------------------------------------------------------------ -- Fernando Henrique Ribeiro da Silva ------------------------------------------------------------------------ --
On Tue, 2003-09-16 at 21:54, Fernando Ribeiro wrote:> Hi, > > I am migrating from WinNT 4 to Samba 3 beta3 in a production > environment. > It would be nice to have some advice, because I don't know if Samba is > ready for assuming this ;-) > I never heard about any one that had something like this. > This is kind of a big network so it will be 1 PDC (Samba) , 4 BDC's > (Samba) and 2 File Servers (w2k). I will have a minimum of 800 machines > and 2000 users logging on to Samba. > There are more users because of Internet Authentication. > I have Samba 3 beta3 working with NIS and rsync synchronization of > smbpasswd, no db backend. Is this a problem?Yes. Machines may change their machine account with any BDC, and samba will 'loose' this apon the next rsync from the PDC. You will need to use LDAP (as it has the correct 'talk to the PDC' logic).> And I can't find a solution for using account policy to block the user > account after bad logins, pdbedit doesn't seem to work.A patch to implement this is under consideration - Jeremy has implemented part of this, but it is not yet operational. Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20030916/2f986809/attachment.bin
Hi,> And I can't find a solution for using account policy to block the user > account after bad logins, pdbedit doesn't seem to work.I've just posted a patch concerning this functionnality on samba-technical mailing list which can be fould here : http://lists.samba.org/pipermail/samba-technical/2003-September/047099.html For Samba-3.0.0-rc4. Regards, Aur?lien Degr?mont
On Tue, 16 Sep 2003, Fernando Ribeiro wrote:> Hi, > > I am migrating from WinNT 4 to Samba 3 beta3 in a production > environment. > It would be nice to have some advice, because I don't know if Samba is > ready for assuming this ;-)Samba has not been written to act as a psychiatrist - it does not give advice. :-))))> I never heard about any one that had something like this. > This is kind of a big network so it will be 1 PDC (Samba) , 4 BDC's > (Samba) and 2 File Servers (w2k). I will have a minimum of 800 machines > and 2000 users logging on to Samba.So long as you have enough memory and CPU power there should be no problem with this number of users. Samba is used in much larger sites.> There are more users because of Internet Authentication. > I have Samba 3 beta3 working with NIS and rsync synchronization of > smbpasswd, no db backend. Is this a problem?It's not a problem for me, but it may be for you! NIS is not secure, so I would not use it.> And I can't find a solution for using account policy to block the user > account after bad logins, pdbedit doesn't seem to work.Did you read the Samba-HOWTO-Collection.pdf that ships with Samba-3? You need to read the chapters on Domain Control, Domain Membership, Advanced Management. Short answer is: Use the NT4 Domain User Manager. Instructions for how to obtain this are in the HOWTO. - John T.> If more information is needed just ask me. > > Any thoughts will be welcome. > > Thanks in advance for advices! > > ------------------------------------------------------------------------ > -- > Fernando Henrique Ribeiro da Silva > ------------------------------------------------------------------------ >-- John H Terpstra Email: jht@samba.org