Possibly too late for you, but maybe you'll manage to read it ;-)
On Sunday, 3 בFebruary 2008, Ira Abramov wrote:
> The comapny has a Gnu/Linux-based product and development nodes, but
> most of the tech staff was decided to run on windows machines (don't
> ask). The question now is whether I help them disjoin their machines
> from the disfunct 2003 server's domain and help them work with a bunch
> of standalone XPs and a Samba server, or could I use the Samba as a PDC
> and build a second one as BDC? I know Samba is capable of that, but I
> have never heard about a real world case where that works, and if it
> works well.
1. If we talk about not a huge organization, than the easiest setup is
to make Samba a "logon server" for the XP's (NT4 technology before
DC).
2. If you really like DC (PDC/BDC are NT4 technology), than you can use
Samba with your XP's. I have tested it with an XP against Samba 3.
Basically all you have to do is follow the step-by-step guidelines
detailed both in their FAQ and in the Samba3-by-example (released
and included in the free samba docs [Fedora]):
A. Simple setup of Samba (no other DC's, no crap needed). Optionally,
You may want to look at 'logon script', 'logon path', 'logon drive'
B. Create a machine account for each XP (e.g: johndesk$). Machine
account names always end in a '$'.
C. Go to each XP and establish a trust relationship with your Samba.
Follow the *illustrated* guide in the FAQ (don't remember which
dialogs).
NOTE: When I last had to change my Samba DC (exchange hosts), these dialogs
didn't work as expected. My (possibly stupid) workaround was
on the XP:
* Go to the dialog and choose 'Workgroup... something'
instead of 'Doamin...something'
* Reboot as directed by the wonderfull OS.
* Go again to the same dialog and redo the correct 'Domain...'
* Reboot again...
> Also, if a Samba machine is a direcotry server, can I get the rest of
> the Gnu/Linux nodes on the LAN authenticate against that somehow or do I
> have to synchronise that to a YP map? what's the best way of
> synchronising a password change to both the yp master as well as the
> Samba's internal DB? I always just change password for both on the
> commandline but in a real world environment I suppose there should be a
> web interface maybe to do that? should I look at SWAT?
3. The best way (which is clearly indicated in Samba docs) is LDAP.
However, in your current flaming position I suggest using the
(now default) tdbsam password backend (this is what I used).
When everything is back to normal and everybody work against your
Samba server, you'll have enough time to setup a new LDAP server
(openldap or Fedora-DS), migrate users, think about sync policy
etc.
4. Samaba-4 and all the new (and unstable) work is to make Samba work
in a DC-to-DC setups and to work with newer Win* flavors (2003, Vista
etc.) If all you need is simple auth of XP clients with your server
Samba-3 seem to be good enough.
Hope it helps,
--
Oron Peled Voice/Fax: +972-4-8228492
[EMAIL PROTECTED] http://www.actcom.co.il/~oron
ICQ UIN: 16527398
"Software is like Entropy: it's hard to grasp, weighs nothing and obeys the
Second Law of Thermodynamics, i.e. it always increases"
-- Norman Augustine
================================================================To unsubscribe,
send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
