> Hi.
>
> In few weeks I'm planning to set up a windows network over our
departmental
> net. I need some advices, suggestions about what you would do. We're in
front
> of a large network. I'm expecting having 50++ computers logging in the
not that large :-)
friend of mine is running 300+ computers with samba.
I run 80+ computers samba domain.
> windows domain, many different users. Servers will be just unix (linux
> mainly, and aix/bsd for experiments only)
there's very important point, called "KISS" (keep it simple,
stupid).
complicated things like linux/aix/bsd/w2k3/w2k/AFS/krb5 are known hard to
maintain.
>
> The underlying structure is really simple. All clients (aix, bsd, linux,
> macosx) are authenticating over our kerberos realm (linux kdcs). User
> informations are on ldap (home, shell, gid, uid, additional gids...), no
> password since ldap uses kerberos via gssapi. File serving is provided by
> AFS. All users have their home in /afs/cell.name/users/INITIAL/username, no
> local users. It works perfectly.
>
> Now, I'd like to add windows clients. Since they cannot authenticate
over MIT
> using AFS and LDAP, I'm working with samba. Before starting from the
wrong
> assumptions, I'd appreciate some suggestions. This is my plan for
windows.
>
>
> -Since we have a realm CELL.NAME, I'd use a workgroup: WIN.CELL.NAME
> -Netbios name for pdc should be the same as in the dns: SMB.CELL.NAME
> -We have NO ldap passwords: tbsam.
if You have passwords in tdb, You can migrate to ldap by using pdbedit.
>
>
> I have some concerns. What I'd really like is probably not good.
>
> - Passwords. We're using kerberos... Any change to samba should be
redirected
> to kerberos. Anyone doing some tricks here?
it has been discussed many times, just search the list, samba3 goes well
with Heimdal. which kerberos do You have ?
>
> - Home directories. The logon home should be
\\AFS\CELL.NAME\users\initial\%U
> --- quite weird for windows. Moreover, this creates some directories in the
> unix space (users and settings\user, with desktop & co).
>
> - Profiles. Is it a good idea to store profiles in each user's home?
yes. it is good.
>
>
> I'm confused, ms-network makes more difficulties than solving problems,
but I
> have to do that...
>
> Can you give me some impressions? Add that I'd like to add a BDC... Any
> suggestion is really appreciated. I want to plan better before rather than
> complainig after :)
>
> Thanks!
>
> --
> Sensei <senseiwa@tin.it>
>
> cd /pub
> more beer
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>