To clarify... Unless I'm force to, which would terminate the project, we are not looking for a complete replacement for Netware. At this point, it would be "cool" to be able to add in a Samba server to the existing authentication process.
We don't do print serving. As far as I know, our PCs only print to a JetDirect attached printer (i.e. LPR). When I look at the properties for the Netware FileServer, IPX: is shown as N/A. IP: had an IP address associated with it. I'm guessing that means we are doing authentication over IP. Right now, we have 9 Samba servers running. Some in production and others in test. Due to their limited number of users, I didn't need to worry about authentication. Our "manual" server, everyone has read access to it. Another server, is part of an application which uses UNC for viewing. The end users don't have any idea they are accessing Samba. All additions/updates are done under the covers by the application. I'm just in the process of rolling out Samba servers to replace LANRES/VSE. Couple dozen users. Not a security headache. They do have to enter in their Samba password if it is not the same as their Netware password (which it isn't). And with the success of these Samba servers, management is asking if we can replace the 2,000 Netware users with Samba. The big sticking point that I know of, if I need to be able to sync the Samba password with their Novell password. Lack of that function affects everyone. I would like to be able to keep using Netware to define the users directory, but that is more of a training issue then a real requirement. We can use SWAT to manage Samba users if necessary. Thanks for the suggestions. Tom Duerbusch THD Consulting >>> David Boyes <dbo...@sinenomine.net> 8/28/2011 1:59 AM >>> > > The eDirectory product is only available on Netware (as you have now) > > and Open Enterprise Server (OES) running on SLES on Intel/AMD systems. > > If you're going to be running OES for eDirectory, you might as well > > use the other parts of OES on that system, which include the various > > file server functions that people are used to from Netware. I believe > > this does involve Samba, but I'm not all that familiar with OES. Well, there's 3 things to solve here: authentication, file service, and printing. You're going to have to touch all the endpoints for all three things. Best solution (without trying to convince Attachmate to port OES) is: 1) Use Active Directory or Kerberos/LDAP to replace Netware authentication. 2) Use Samba and winbind to manage the file service component 3) Use CUPS to replace the print functions. AD is essentially Kerberos/LDAP, but with a pretty face on it. If you have extensive reliance on Windows, you might as well use AD too. It addresses most of the issues that made Netware user management and authentication a PITA in the past, although it has its own evils. The winbind piece will cause Samba to deal properly with the uid and gid issues -- if you convert to AD using the netware to AD tools, most of the ACLs will still work properly. CUPS will probably need some tinkering with if you have non-mainstream (eg, non-HP) printers, especially Canon printers (for some reason, they seem to hate Linux and Mac users and don't publish good PPF files for their printers). Contact me offlist if you want to discuss it. -- db > > My knowledge is a bit rusty on this but let me clarify a few things. > > eDirectory is a standalone product althought it is included in many Novell > products like OES. eDirectory can run on a number of OSes like Linux, > Solaris, > AIX and Windows and is an LDAP based directory. eDirectory only runs on > Linux on x86/x86_64 based systems. > > One option is that you could keep the Netware around and connect Samba > via LDAP. eDirectory on Netware 5 is old and that might cause problems. > > A better option would be to get eDirectory installed on Linux, join the > directory tree on the Netware server so it can become a replica, and then > promote the directory on the Linux box so the Netware server could be > turned off. Not that I want to see a Netware box get turned off but maybe > the organization is more comfortable with Linux. > > A couple of ideas for you to contemplate.... > > Mike > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, send email to > lists...@vm.marist.edu with the message: INFO LINUX-390 or visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > ---------------------------------------------------------------------- > For more information on Linux on System z, visit http://wiki.linuxvm.org/ ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/ ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
