Samba as a file server 2

[LinuXelite]

Hi!

How are you today? I am very happy to annonce that I finally made our company switch to linux! Hourray! In one condition.. they hve to manager users from their windows 2000 pro desktop.

Alright I have a samba pdc in my basement. I manage my right from win2k pro. Oppp...

We have a Citrix server, exchange. We already paid the CALs. so the domain is going to be on a windows 2000 server...

Our new server is going to share files, printers and mysql/apache/cvs.

I know there are PLENTY of docs for samba! But I can't find what I need!

I need samba to syncronise the groups, domains and users FROM the active directory. Thats means that I want to add a user from windwos2000, create a directory over the network and assign my new users (or groups) to this directory. Witouh having to touch samba or linux (passwd file).

Please help me! I need some infos!

TY!

Francois

 

[LinuXelite]

some hint? anyone?

 

[jrjuiliano]

From the Samba pages (

http://us1.samba.org/samba/development.html):

What does the Samba Team plan to do to integrate Samba servers into native Windows 2000 domains?

The Samba Team hope to gain more volunteers to help with this effort. There are basically three areas of functionality in regards to this. The ball has already started rolling with some research done by IBM's Linux Technology Center.

* A Kerberos 5 client implementation in Samba that understands the proprietary MS PAC
* A UNIX based Kerberos 5 KDC that can issue Windows 2000 PACs
* The ability to read data from an Active (i.e. LDAP) Directory Server via the authorization credentials (TGT) received from the Windows 2000 Domain KDC

Of course, Samba is currently able to continue to operate in a Windows 2000 domain assuming that the domain supports Windows NT 4.0 File and Print servers. The new ADS (Active Directory) work has gained us much in the ability to act as a server in an ADS domain, but nothing in becoming a PDC.


+++

If you're not running native mode then you can probably set this up as an NT-type server or BDC. I think there's a couple of O'Reilly articles, or at least something at IBM Developerworks (google search for them) on setting that aspect up.

Techrepublic also has an article on the upcoming Samba 3.0 release, which has support for Windows 2000 functionality, but it is still a beta release!

Hope that helps.

J.R. Juiliano
Information Systems Specialist
Tri-City Emergency Medical Group

 

[fluid11]

Create a computer account in the domain for the Linux machine. Make sure to select "Allow Pre-Windows 2000 computers to use this account".

From Linux, join the Win2K domain using...

smbpasswd -r pdc -j domain

Use the NetBIOS name of your domain controller and domain.

In the smb.conf file, add the following directives...

security = domain
password server = *
encrypt passwords = yes
add user script = /usr/sbin/useradd %u


This will use your Win2K DC's to authenticate Samba users. If you try to connect to a Samba share using a Win2K account that does not exist on the Linux box in /etc/passwd, it will be created automatically. You don't need a password for each UNIX account since your authenticating from the Win2K side.

If you do want to synchronize passwords for some other reason, have a look into "Microsoft Windows Services for UNIX 3.0". You don't need this for Samba to work though.


ChrisP

 

[LinuXelite]

Thanks Chris.

I already figured out how to do that in the Mandrake Users docs ;o) few hours ago you're help is appreciated. JrJuliano thanks for your post.

Now can u tell me if samba can authentifiate users with their groups?

This is the only question that remains. I read "Samba 2.2 does not support domain groups". Dammit I only it could support that, I would be able to move my file/print server on samba!!

Please tell me it supports domains groups :/

Francois,

 

[fluid11]

It supports Unix groups if you want to use them instead.


CP