On Thu, 2003-12-18 at 13:45, Craig White wrote:> 3 computers...
>
> - WinNT4 - presently PDC-soon BDC - some file serving - print serving -
> AV server
>
> - Linux 1 - presently joined to domain - slave DNS/LDAP - primary file
> server - primary SMB HOME/PROFILES and SHARES
>
> - Linux 2 - presently BDC-soon PDC - web & mail server - master
DNS/LDAP
> - DHCP server
>
> Should I be running winbind on Linux 1?
>
> Does Samba 3.0.0 with LDAP obviate the need to fix signorseal registry
> on WinXP Prof clients? How about if I get kerberos working?
> Thanks,
---
replying to my own post - I have now read the excellent documentation
and found out most of these answers which gives me perhaps simpler
questions.
1 - Group (Linux) - Groups (Windows) seems to confusing to me so I
mapped Groups to Group in the smbldap-tools and the nss/ldap.conf so I
would only have one group called Group. This seems reasonable to me - is
there a problem with that thinking?
2 - Now I know, I can't have WinNT PDC or BDC and thus have 3 choices...
a) create a new domain and set up a trust between the two - still
leaves me without a BDC for original domain.
b) reformat/reinstall WinNT on current PDC and make it a server on
Linux managed domain
c) turn off logon services (never done this on NT domain controller but
presume that it can be somewhat disabled) - anyone done anything down
this path?
3 - If I make a new domain and set up trusts between old domain and new
domain - do I have to then add the group Groups to get continuity
(proper mapping) between the two domains?
4 - I can't discern the significance of having the local users with
uid's 500+ and sambaSamAccount/uid's 1000+ and I'm thinking that
this
convention came into being only to make it simpler to identify. Am I
missing something? It would seem that a uid in any range could have
objectclasses with sambaSamAccount and/or posixAccounts
Thanks,
Craig