| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] |
Thanks to the following people for their responses: Mike Renfro, Jason Dixon, Will Backman and Mike Brodbelt. My original post is at the end. Since there were only a few responses (but very good ones!), I'm just going to copy and paste (verbatim) the majority of the four responses I received. I'll be going with the first response since it's a very simple environment and this solution will work very nicely (with less headaches to boot). In a more complex environment, I'd look more closely at the fourth response. 1) (All of the following is assuming your NT box isn't going away any time soon, and possibly never.) I wouldn't make the Linux box any type of DC unless absolutely necessary. Just make it a member server, and set samba up with 'security = server' to have it pass off all authentication duties to another DC. WINS and DHCP should be almost trivial (enable WINS in Samba, set up dhcpd as a separate task). Also, unless your users require shell access on the Linux box for Domino or some other purpose, don't bother with winbind. Winbind has no way to maintain consistent UID/GID information among clients, which will completely screw any attempts to use NFS if you start adding on other Linux machines. Just set up disabled accounts for your users on the Linux box as part of your normal account procedure. 2) Samba servers can only operate as BDC's in a Samba-only DC environment (or as PDC's in a Samba/NT DC environment). I've been dealing with this recently myself. Unfortunately, even the alpha releases of Samba and Samba-TNG appear to be focusing on Active Directory and LDAP, so it's hard to say whether this will *ever* be a priority with developers. 3) No PDC/BDC features in Samba, gotta get Solaris for that. Samba can act as a member server and authenticate off the domain, or it can act as a PDC, but NT cannot be BDC. The PDC/BDC protcols have not been figured out yet. Winbind is only really needed if you don't want to add users by hand to both the NT and Linux machines. Your setup is easy enough where it might not be needed. You would add the user to NT, and add the user to Samba. Tell Samba server to ask domain for yes/no on password. 4) Get you server up and running with Linux and Samba first. I'd suggest using Samba 2.2.8. Set the security to "domain", and the use smbpasswd to join the domain - details in the HOWTO. After you've done that you have a couple of choices - you can add all your users with real accounts in /etc/passwd, or you can use winbind to do dynamic mapping of NT users. If you plan to make the Linux machine a PDC, I'd probably choose the former. > Can I make the Windows server a BDC > if I make the Linux server the PDC? Not with Samba 2.2.x, no. Samba 3 should support this, and is in alpha at the moment. > Is it possible to make the Linux server > a BDC or does Samba only support it as a PDC? PDC and member server are supported by 2.2.x, BDC support and trust relationships require Samba 3. > Do I need Winbind for any of > this? How would you guys recommend I do this? Samba has an "ldapsam" option, which should be something you use, maybe not immediately, but certainly later. If you set Samba up as a member server, you'll have no problems, but making Samba take over the PDC role will require you to remove and re-add all the machines to the domain. The reason this is necessary is that Windows uses relative ID's, (RIDs) for user identification in ACL's on the filesystes, and in the registry. Samba does not store the mapping between UIDs and RIDs in the same way as NT, and so the RIDs change when a Samba PDC takes over the domain, effectively breaking things. If you use the ldapsam options, you'll have a security backend that can store the real RIDs, and this won't be a problem. You'll require either Samba 3, or some leg work in the background to make the domain migration possible. > I have experience with Samba servers but not integrating them with Windows > PDCs/Domains. > Any advice or suggestions would be greatly appreciated! My suggestion - go with Samba 2.2.8, make it a member server, then get file & print, dhcp, and wins all working to your satisfaction. Then get openldap installed, and move to an ldapsam setup. Finally, install Samba 3, and migrate the PDC functionality. By the time you've got the first two steps working smoothly, Samba 3 may be out of alpha.... -sr ------------------------- ORIGINAL POST: I'm looking to add a Linux server running Samba to a small environment (around 20 users) that currently has a single NT 4.0 server. The NT 4.0 server will remain since it is running Windows-based POS software. I would like to move everything else to a Linux server. Below is the information regarding the current setup and the initial plans for the new setup. Current server duties (running NT 4.0 Server): 1) POS server 2) File Server 3) DHCP server 4) WINS server 5) Lotus Domino R5 server 6) PDC for authentication **New Configuration** Old server duties (running NT 4.0 Server): 1) POS server 2) PDC or BDC for authentication New server duties (running Linux with Samba): 1) File Server (Samba) 2) DHCP server 3) WINS server 4) Lotus Domino R6 server 5) PDC or BDC for authentication My main question is: What is the easiest way to integrate a Linux server acting as a Samba/WINS/PDC server in an NT 4.0 Server environment? The majority of clients are Windows 2000 Professional, but there are a few Windows 98 boxes I haven't upgraded yet. Can I make the Windows server a BDC if I make the Linux server the PDC? Is it possible to make the Linux server a BDC or does Samba only support it as a PDC? Do I need Winbind for any of this? How would you guys recommend I do this? I have experience with Samba servers but not integrating them with Windows PDCs/Domains. Any advice or suggestions would be greatly appreciated! Thanks! -sr _______________________________________________ LinuxManagers mailing list - http://www.linuxmanagers.org submissions: LinuxManagers@linuxmanagers.org subscribe/unsubscribe: http://www.linuxmanagers.org/mailman/listinfo/linuxmanagers
[Home] [Kernel List] [Linux SCSI] [Video 4 Linux] [Linux Admin] [Yosemite News] [Motherboards]