I've set up a test Samba PDC with a few test shares. From the first Windows PC I logged on to a local computer account and mapped drives to the shares on the Samba PDC. From the second Windows PC I joined the domain and used a logon script to connect to the shares. My question: What are the benefits of joining a Windows PC to the Samba domain? Both arrangements above appear to meet my needs. Thanks for any comments.
Once a windows computer is joined to the domain, it will use the PDC to authenticate for everything, so centralising the user accounts. There is no need to have local accounts on the clients. If you have few accounts then this isn't so much of a bonus Also, there are other nice features of a global account (such as roaming profiles), but you may not want them. Hope this helps, Alex Forrow On Fri, 23 Jul 2004 23:39:16 -1200, brucehohl@access-4-free.com <brucehohl@access-4-free.com> wrote:> I've set up a test Samba PDC with a few test shares. From > the first Windows PC I logged on to a local computer account > and mapped drives to the shares on the Samba PDC. From the > second Windows PC I joined the domain and used a logon > script to connect to the shares. > > My question: > What are the benefits of joining a Windows PC to the Samba > domain? Both arrangements above appear to meet my needs. > Thanks for any comments.-- Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/
> <brucehohl@access-4-free.com> wrote: > > I've set up a test Samba PDC with a few test shares. > > From the first Windows PC I logged on to a local > > computer account and mapped drives to the shares on the > > Samba PDC. From the second Windows PC I joined the > > domain and used a logon script to connect to the shares. > > > > My question: > > What are the benefits of joining a Windows PC to the > > Samba domain? Both arrangements above appear to meet my > > needs. Thanks for any comments.From: "Alex Forrow" <alex-mailinglists@forrow.com>> Once a windows computer is joined to the domain, it will > use the PDC to authenticate for everything, so > centralising the user accounts. There is no need to have > local accounts on the clients. If you have few accounts > then this isn't so much of a bonus > > Also, there are other nice features of a global account > (such as roaming profiles), but you may not want them. >OK. So by joining a PC to the domain anyone with an account on the Samba PDC can log onto that PC. And, if I also configure roaming profiles the users personal settings will also be loaded. Did I understand this correctly? This is not a feature that has been asked for by any of my users as everyone has their own PC and work area. This sounds like going part way toward a terminal server approach. If I joined each PC to the domain anyway are there any *other* drawbacks or benefits? If I don't join the PC's (WinXP) to the domain can I still get a logon script to run? For the PC that I joined to the domain I disconnected the network cable and rebooted to simulate use of a laptop away from work. At log on I selected the domain and was logged on OK except, of course, no access to network drives. This seemed like an OK result. Would this be the typical approach for a laptop user? Finally, if I logon as user1 on the laptop can I change from one DomainA (at office 1) to DomainB (at office 2) and keep all my personal settings? Again, thanks for any comments.
From: Craig White <craigwhite@azapple.com>> It's rather unfair to ask such basic Windows > Administration questions to this list. This is a samba > list and there are thousands of books, millions of web > pages, endless classes and certifications directed towards > the advancement of the Microsoft Networking model. I would > think that you would be best served by consulting one of > them and this list would be better served by helping > people configure samba into the networking model that have > chosen. >No misuse of the Samba mailing list was intended. I have spent some time reading the Samba3 Howto and Samba3 By Example books. These are excellent books which have answered most of my configuration questions. With some help I have setup and have running LDAP/PDC and LDAP/BDC test boxes. I have had difficulty understanding the value of some of the tools available such as computer accounts (domain logons) and kerberos for a small network such as mine (75 users on Netware). I figure that I should not implement anything for which I can not plainly understand the benefit and explain the benefit to my fellow managers at the small company that I work. Again, no misuse of the list was intended. I am only trying to determine the best way to implement Samba.
From: Greg Talbot <gtalbot@centerone.com>> Bruce, > I would implement a domain if you have 75 users. 3-5 > then no, but if you have been using NDS you are going to > want more control over that many users, i.e. central > logins, and even profile policies if you have to support > the desktops. Plus centralizing helps with change > management in the event you have to move directories, and > even creating users remotely. >Thanks for the reply. In hindsight maybe I should not have asked this question on the list. I have every intention of creating a domain primarily to achieve single sign on. But computer accounts and domain logons are not needed to take advantage of single sign on. The question I was really asking was under Samba what other *important* benefits could I also take advantage of if I joined each PC to the domain and used domain logons for the users. In this regard here's what I see: 1 - Any user can log on from any PC. 2 - Computer/Group/User policies. 3 - Roaming profiles. These capabilites are likely of limited value for *my* environment - lots of professionals who have their own PCs (not shared), and desire and can handle restriction free use of the PCs. Besides that, as a senior manager at the company I can be *very* persuasive in getting users to treat their PC's responsibly. Some of the best control solutions involve management setting the right tone and environment.
>This is not a feature that has been asked for by any of my >users as everyone has their own PC and work area. This >sounds like going part way toward a terminal server >approach. If I joined each PC to the domain anyway are >there any *other* drawbacks or benefits? > >If you back up anything the roaming profiles can be a huge benifit. Most of our engineers are told to store no client data on their machines, mainly so that we have some control over who can get to the data. When you couple that with roaming profiles, they have true ability to drop onto any desk AND if their machine dies we can just swap in a new one and all their data is available and safe. Just have to make sure to keep the mozilla cache to 5mb ;) -- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Information Systems Consultant Fax: 701-281-1322 URL: www.ae-solutions.com mailto: pgienger@ae-solutions.com