[EMAIL PROTECTED], [EMAIL PROTECTED] wrote: > >I have a big project coming up here at work to cut down on the amount of >*coughcrappycough* Novell we use. It's going to involve the following: > Increasing microsoft use to decrease Novell use may not be the best strategy, but we will go with that for the moment. NDS is probably better than AD ;-) >1 - Users authenticate to a Win2k Active Directory for access to Samba >shares >2 - Once authenticated, Samba will share the user's home directory on the >linux Samba server (which is mapped to a drive letter for each individual >user) >3 - The user's directories size will be kept under control by the native >quota system in linux > >We've already managed to handle #1 on a different server (before the >hardware died, so I gotta figure it out again). #2 and #3 are a little >different though. > >Does anyone know how user directory is handled in the case of external >authentication on a linux server? I would rather not manually create a home >directory for each user if possible (there's almost 200 people involved). > The easiest way is to use the winbind from samba-2.2.4, which will allow you linux system (not only samba) to see all the users and groups from your windows 2000 system as normal users. All authentication will also be passed off to the domain controllers. By using the pam_mkhomedir pam module, you can get pam to create the home directories if they don't exist whenever anyone connects to a pam-configured service (which can include samba). >Does anyone know how well Samba interacts with the quota system, especially >with the addendum of an external authentication scheme? I have only tested with XFS on linux, and it works as expected, with the bonus that ACLs work (well, mostly, I have some issues). <plug type=shameless>Mandrake 8.2 ships with support for winbind (probably the easiest winbind available), as well as support for ACLs and quotas on XFS. Mandrake RPMs of 2.2.4 are also available on the samba ftp mirrors. 2.2.4 brings the advantage of the "default domain" parameter to winbind, which means users can connect as "username" rather than "DOMAIN\username". This may not affect you for file service via samba, but simplifies life for people running terminal services or mail with winbind.</plug> btw, this question (but not my plug ;-)) is probably more suited to the [EMAIL PROTECTED] mailing list, where there are lots of people who are doing this kind of thing. We use samba as our domain controller and fileserver on a machine sharing 140GB of RAID disk to about 65 Windows and linux desktops. Finally, please read throught the documentation (specifically the winbind-related stuff in the Samba-HOTWO-Collection, available in the source tarball or probably on the samba pages also). There is also some doc at http://mandrakeuser.org/connect/csamba5.html#winbind , but it is horribly out of date and makes it look more difficult than it is (most of the steps are done for you with the Mandrake RPMs). Buchan
