Hans van der Merwe wrote:
On Wed, 2007-02-28 at 16:26 +0000, Russell Jones wrote:
So Samba AD-enabled with LDAP managed users/groups is probably the best
bet for replacing File and Print services?
That depends on a bunch of factors. If you want to integrate Linux
systems into your existing AD setup (on Windows servers), I'd think
winbind (which makes windows AD users and groups the ones in Linux)
would suit. I'm a little hazy on how essential users (e.g. 'nobody')
are handled if they are not in AD. I'd think that as with LDAP there
are fallbacks to /etc/group and /etc/passwd (ish) when users are not
found in AD.
I don't know about using LDAP authentication against AD. AD is not LDAP,
it's a proprietary X500 derived set of conventions. You may be able to
get it to talk LDAP or LDAPishly enough to work. I'd be wary of the
latter, though.
OTOH, if you are happy for users just to go directly to print/file
servers (rather than find them via a directory search) the server
doesn't need to be that integrated with the domain and can just do
certain types of authentication against it.
Ech, it's been a while since I looked at this, and I'm not clear what
you're trying to do.
There is no "best bet", IMO. It depends too much on your existing
set-up. You need to look at what Samba can provide and consider what you
want to do.
I'm not even sure if you need to use Samba... Do you need to work with
AD? Can you put Linux on the desktop?
I have the luxury of implementing a clean system at a clients with about
10 users (7 XP, 1 Vista, 2 OSX). In the future couple of Linux clients.
I would like to provide:
1. Login and File/Print sharing.
Doing this in Samba just feels natural? because it's what most of the
client PCs talk.
I'm not sure about AD, no-AD? Do I need it?
You only "need" AD if you already have it (or have a specific
requirement for one of the features that you cannot provide another way).
2. Central user/password management
LDAP will provide central user management. This will also help with
Apache/Tomcat auth and any other services in the future that can talk
LDAP.
I think SuSE provides some similar functionality in the LDAP Yast2
modules, but I'm not familiar with those. You could also have a look at
the LDAP users module for webmin. It's quite nice.
Any other ideas?
Try typing "ldap pam nss howto" into google (sans quotes) and see what
you find. IIRC, this is how I got started.
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
