RE: [plug] unified windows domain / linux login accounts using PDC + Winbind + PAM

Mon, 24 Nov 2003 22:17:54 -0800 

i've experienced setting up SAMBA-based Domain
Controller + WinBind + PAM, and user account
management have never been this easy. the
combo fits a win32 dominated network where users
have to login to a domain before using any NT/
Linux/Solaris/AIX based resources.

usually, sysads will have to setup a separate account
on the Linux boxes (or on NIS) in order for a user
to utilize the services. for example, when a user access
a SAMBA file server configured as "security=domain" or
"security=server", SAMBA authenticates the user to the
domain controller (either NT or SAMBA-based) but a local
account should also exist on the file server in order to
have a successful file access.

this is when Winbind will be useful. Winbind allows the
Linux box to access the user/group accounts of a domain
controller (and other controllers thru trust relationships)
and treat it as a local linux account. meaning, sysads no
longer have to create a separate linux account on the samba
file server for the authentication and then samba shares can
be set simply like ff:

[share]
        ...
        valid users   = @"DOMAIN+Domain Admins" \
                        DOMAIN+Username1
        invalid users = @"DOMAIN+Domain Users"  \
                        DOMAIN+Username2
        ...


Now, if you want to use winbind to provide authentication
for other services such as ftp,terminal sessions, etc.
you'll be needing PAM.

read more about the configuration at
http://us3.samba.org/samba/ftp/docs/htmldocs/winbind.html


HTH




[EMAIL PROTECTED] wrote:
>i've been requested (meaning not work related, hehe) to setup a domain
>with mixed win2k and linux pc's. [now normally i'd say 'batet di na
>lang linux lahat? however, they really need those m$ boxes for some
>hardware sdks

>so now, my problem is proving a unified windows/linux login. what
>techniques have people done for this?

>samba pdc + ldap + pam?
>windows pdc + winbind ?

:D




--
Ariz C. Jacinto, ECE
Systems Operations
SPI Technologies-PS




--
Philippine Linux Users' Group (PLUG) Mailing List
[EMAIL PROTECTED] (#PLUG @ irc.free.net.ph)
Official Website: http://plug.linux.org.ph
Searchable Archives: http://marc.free.net.ph
.
To leave, go to http://lists.q-linux.com/mailman/listinfo/plug
.
Are you a Linux newbie? To join the newbie list, go to
http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie

Reply via email to