On Fri, 2007-01-19 at 12:20 -0800, Joshua Penix wrote: This may not be the answer you're looking for but...
The proper way to handle permissions and authentication in a mixed environment is to authenticate to a LDAP server. The Samba server should be the domain controller and be running LDAP. The AD server(s) (if used after getting LDAP going) should replicate from or use the LDAP server for authentication. This is because AD does not play nice with the LDAP standard when it comes to communication (it'll replicate FROM LDAP, but not TO LDAP). So, basically: 1. Set up Open LDAP. 2. Set up Samba to use the LDAP server for authentication. Both LDAP and Samba would run on the same box. 3a. Get rid of the AD servers or replace them with LDAP/Samba. 3b. Any AD servers on the network use the Samba server as the WINS, password, and Domain Controller servers, or they replicate from the LDAP server. 4. Use the LDAP server to set file and folder permissions. This makes future changes far easier. Also, getting rid of the AD servers eliminates the cost of running AD. We are going down this path now. Our AD server is being replaced by RHES and LDAP this weekend. Once this is done, all our Linux, UNIX, and Windows systems will authenticate using that server. Currently we have problems with file/user permissions between Samba and Windows environments because of the fact that AD will not play nice with the rest of the world. PGA -- Paul G. Allen BSIT/SE Owner/Sr. Engineer Random Logic Consulting www.randomlogic.com -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
