samba - May 2004 - Suse Linux OpenExchange Server (Samba 2.2.5) and XP

Sorry of I'm going over old ground ...

We are in the process of putting in a Suse Linux OpenExchange Server 
(SLOX) which at present includes Samba 2.2.5*. We are also attempting 
to use this as a PDC for XP clients that we are going to be rolling 
out.

Now, everything seems to be going down the pan, and it looks like the 
problem is that XP has dropped support for 'old style' controls and 
only supports Access Control Lists - so tit seems to log in a user, 
but then the permissions are all screwed as it can't get the info it 
wants from the server. Reading the howtos suggests that Samba 3* 
supports stuff that XP is looking for, but the guy who we've taken on 
to do the XP stuff isn't convinced - suggesting that even with 'group 
mapping (is that the right bit ?) XP will still fail.

All I want is for users to have to authenticate against the central 
database (LDAP), and for the various group memberships to be honoured 
when accessing files off the server.

Has anyone else dealt with this sort of thing ? Does XP work reliably 
with Samba 3 as PDC ?

* Why 2.2.5, well it's all down to support and integration. The whole 
system is supplied and installed as an integrated package - with 
Samba already set up to use the LDAP database that is begind the 
groupware stuff etc. The consultants setting all this up say that 
they have put Samba 3 in there for another customer without problems, 
but obviously it's not something Suse will support (yet, I guess 
it'll come during some future upgrade). I think it's a case of 
selecting packages (and versions) for stability (and the work in 
integrating any upgrades), rather than being bleeding edge'.


I'm also told that if we have roaming profiles, then the XP machines 
will store loads of c**p on the server and keep moving it back and 
forth as each user logs in/out - is this the case ? Is there any way 
of dealing with it (eg having the machine pull the files down as 
needed) ?

It's been suggested that since we don't actually have people moving 
between machines, it would be better not to use roaming profiles (for 
the reason given above). How esy is it then to have user default to 
their home directory on the server instead of 'My Documents' ?

Simon

PS - any help gratefully received, preferably before my manager 
starts saying things to the effect of "this wouldn't have happened if 
you'd stuck with MS".

-- 
Simon Hobson, Technology Specialist
Colony Gift Corporation Limited
Lindal in Furness, Ulverston, Cumbria, LA12 0LD
Tel 01229 461100, Fax 01229 461101

Registered in England No. 1499611
Regd. Office : 100 New Bridge Street, London, EC4V 6JA.

> Now, everything seems to be going down the pan, and it looks like the 
> problem is that XP has dropped support for 'old style' controls and
> only supports Access Control Lists - so tit seems to log in a user, 
> but then the permissions are all screwed as it can't get the info it 
> wants from the server. Reading the howtos suggests that Samba 3* 
> supports stuff that XP is looking for, but the guy who we've taken on 
> to do the XP stuff isn't convinced - suggesting that even with
'group
> apping (is that the right bit ?) XP will still fail.
Rubbish,  we have a Samba 3.0.3 PDC with LDAP SAM and XP with all the
latest patches works fine except for the password change issue which is
fixed in 3.0.4 (and only started occurring a couple of patches ago).
> All I want is for users to have to authenticate against the central 
> database (LDAP), and for the various group memberships to be honoured 
> when accessing files off the server.
Work great.
> Has anyone else dealt with this sort of thing ? 
Every day, we've had a Samba PDC with LDAP backed since 2.2.1a
> Does XP work reliably with Samba 3 as PDC ?
Yes.
> I'm also told that if we have roaming profiles, then the XP machines 
> will store loads of c**p on the server and keep moving it back and 
> forth as each user logs in/out - is this the case ?
Yes, if your net-admin is a 'nit, and doesn't define any policies.  Even
with a "real" PDC you get this behaviour.
>  Is there any way 
> of dealing with it (eg having the machine pull the files down as 
> needed) ?
Yes, "ntconfig.pol"
> PS - any help gratefully received, preferably before my manager 
> starts saying things to the effect of "this wouldn't have happened
if
> you'd stuck with MS".
Yes, it all will.  You'll face ALL the same issues you've mentioned.

Simon Hobson schrieb:
> Sorry of I'm going over old ground ...
> 
> We are in the process of putting in a Suse Linux OpenExchange Server 
> (SLOX) which at present includes Samba 2.2.5*. We are also attempting to 
> use this as a PDC for XP clients that we are going to be rolling out.
> 
> Now, everything seems to be going down the pan, and it looks like the 
> problem is that XP has dropped support for 'old style' controls and
only
> supports Access Control Lists - so tit seems to log in a user, but then 
> the permissions are all screwed as it can't get the info it wants from 
> the server. Reading the howtos suggests that Samba 3* supports stuff 
> that XP is looking for, but the guy who we've taken on to do the XP 
> stuff isn't convinced - suggesting that even with 'group mapping
(is
> that the right bit ?) XP will still fail.
> 
> All I want is for users to have to authenticate against the central 
> database (LDAP), and for the various group memberships to be honoured 
> when accessing files off the server.
> 
> Has anyone else dealt with this sort of thing ? Does XP work reliably 
> with Samba 3 as PDC ?
> 
> * Why 2.2.5, well it's all down to support and integration. The whole 
> system is supplied and installed as an integrated package - with Samba 
> already set up to use the LDAP database that is begind the groupware 
> stuff etc. The consultants setting all this up say that they have put 
> Samba 3 in there for another customer without problems, but obviously 
> it's not something Suse will support (yet, I guess it'll come
during
> some future upgrade). I think it's a case of selecting packages (and 
> versions) for stability (and the work in integrating any upgrades), 
> rather than being bleeding edge'.
> 
> 
> I'm also told that if we have roaming profiles, then the XP machines 
> will store loads of c**p on the server and keep moving it back and forth 
> as each user logs in/out - is this the case ? Is there any way of 
> dealing with it (eg having the machine pull the files down as needed) ?
> 
> It's been suggested that since we don't actually have people moving
> between machines, it would be better not to use roaming profiles (for 
> the reason given above). How esy is it then to have user default to 
> their home directory on the server instead of 'My Documents' ?
> 
> Simon
> 
> PS - any help gratefully received, preferably before my manager starts 
> saying things to the effect of "this wouldn't have happened if
you'd
> stuck with MS".
> 
Hi , samba 3 acts perfect as pdc,
with all stuff you might need ( include roaming)
but its not an active directory.
but you forget slox is prof produkt, if you upgrade
you will have version 2.2.8a or perhaps
2.2.9 , slox is a universal server it can do many things
and suse has implemented many guis to control , samba dhcp postfix cyrus 
and so on , this is all done with ldap,
to clear you have to talk to suse , cause its there job to upgrade your 
packs in a whole for slox ( cause you payed for it !!!)
i worked with version slox 4 which was a very nice pdc
but i decided to part samba from the machine, and slox only does mail now.
Regards