hi, we want to replace our nt4 pdc/bdc with samba and we use windows nt4 terminal servers with citrix in our environment. as far as i know, we will get a problem here. (extensiver reading of the mailing list led me to this conclusion) regarding: http://ma.ph-freiburg.de/tng/tng-users/2001-05/msg00224.html>Terminal Server has its own User Manager (which has an extra button - >"Config" on the User Properties dialog box) which read/writes additional >information in the SAM that is not used by standard NT4 servers. This extra >information relates to the users configuration in the terminal server >environment. Such things as ->Allow Logon to Terminal Server >Timeout settings for connection, disconnection & idle. >Action to take on broken or timd-out connections >Whether shadowing is enabled >Whether to connect client printers and drives >etc.>I don't think that Samba (in any of its incarnations) support this extended >SAM functionality, so you'll need to use Windows NT Servers as your NT >domain controllers.if this has not already been adressed (has it?) we sure get problems with those citrix settings. we use the session shadowing feature and after migrating to samba, i`m somewhat sure things will mess up, because the information wether shadowing is enabled or not cannot be stored on samba pdc. citrix is very popular and citrix serverfarms usually NEED a domaincontroller "by design" - so i wonder that this hasn`t already been adressed. can someone give me information on this and confirm that this still IS an issue ? if someone is willing to resolve this issue please feel free to contact me. i can probably supply necessary information (network tcpdumps....registry "access logs"....doing testing....whatever....) please contact me via mail, because i`m not subscribed to this list. regards roland ps: while writing this mail i did some further search in the ML archive, so i`m happy to see, that i`m not alone :) http://marc.theaimsgroup.com/?l=samba-technical&m=107787679914877&w=2
Dmitry Melekhov
2004-Mar-06 07:51 UTC
[Samba] citrix stores addition information into SAM on pdc
<quote> hi, we want to replace our nt4 pdc/bdc with samba and we use windows nt4 terminal servers with citrix in our environment. as far as i know, we will get a problem here. (extensiver reading of the mailing list led me to this conclusion) regarding: http://ma.ph-freiburg.de/tng/tng-users/2001-05/msg00224.html </quote> http://lists.samba.org/archive/samba-technical/2004-February/034577.html
FYI (see below) maybe this is of interest for people planning to use samba in a WTS/Citrix environment. it`s about the question, that samba couldn`t store terminal-server-specific user settings (e.g. shadowing on/off) in its SAM (tdbsam or ldapsam). first tests show, that it seems to work with the latest CVS. i`m using tdbsam as the passdb backend. perhaps you wts/citrix/samba admin out there also want to test & share your experience. regards roland ps: ntsec is just a commanline replacement for that click-click-M$-GUI-stuff ;)> we had a short conversation regarding wts/citrix params on irc some days ago. > > i`d like to report, that my first tests look promising. > i`m testing @home - no citrix around here, but ntsec commandline tools (btw: good product! eval. copy available!) let memanipulate> some wts/citrix appropriate params, and they seem to be stored right (see below) > > fine ! :) >> C:\Programme\Pedestal Software\NTSEC>ntuser -wts -s smb3server change root -wts_home_dir_drive c: > > C:\Programme\Pedestal Software\NTSEC>ntuser -wts -s smb3server change root -wts_shadowing_settings 1 > > C:\Programme\Pedestal Software\NTSEC>ntuser -wts -s smb3server change root -wts_home_dir \\test1\test > > C:\Programme\Pedestal Software\NTSEC>ntuser -wts -s smb3server change root -wts_timeout_idle 123 > > C:\Programme\Pedestal Software\NTSEC>ntuser -wts -s smb3server show root > SERVER \\smb3server > NAME root > FULL_NAME root > COMMENT > USR_COMMENT > COUNTRY_CODE 0 > COUNTRY_PAGE 0 > PRIV Guest > HOME_DIR_DRIVE > HOME_DIR c:\temp > SCRIPT_PATH > PROFILE \\smb3server\root\profile > WORKSTATIONS > NUM_LOGONS 0 > LOGON_SERVER \\* > LOGON Not defined > LOGOFF Not defined > LOGON_HOURS None allowed > PASSWORD ***** > PASSWORD_AGE 7202 sec > PASSWORD_EXPIRED False > BAD_PW_COUNT 0 > ACCT_EXPIRES Never > MAX_STORAGE Unlimited > USER_ID 1000 > PRIMARY_GROUP_ID 1001 > WTS Initial Program > WTS Working Directory > WTS Inherit Initial Program True > WTS Allow Logon True > WTS Timeout Connections 0 > WTS Timeout Disconnections 0 > WTS Timeout Idle 123 <---- > WTS Client Drives True > WTS Client Printers True > WTS Client Default Printer True > WTS Broken Timeout 0 > WTS Reconnect Settings 0 > WTS Modem Callback Settings 0 > WTS Modem Callback Phone > WTS Shadowing Settings 1 <---- > WTS Profile Path > WTS Home Dir \\test1\test <---- > WTS Home Dir Drive c: ? <---- > WTS Remote Home Dir True > FLAGS AND POLICIES: (513) > UF_SCRIPT : The logon script executed. This value must be set for LAN Manager 2.0 or Windows NT. > UF_NORMAL_ACCOUNT : This is a default account type that represents a typical user. > > > > > | is that mentioned "patch" (or whatever - see below) already available for the public for testing? > | i assume the "wts" enhancement could probably add support for citrix, too. (because citrix probably stores > | informations in the same way as wts does) because we have citrix and i like supporting open-source, > | i would like to offer being an "early adopter" and perhaps could help with testing in a citrix environment > | or supplying probably valuable information/bugreports. is there need for that? > > Jim McDonough has been working on that and would probably appreciate some extra testing. The quickest way is > to grab the latest SAMBA_3_0 cvs code and give it a spin. The work is not quite finished currently IIRC. > You could check with Jim for the latest status. You can find jim (jmcd) on the #samba-technical IRC channel > (irc.freenode.net) or on the samba-technical ml.