I have a similar enviroment. Samba should be sufficient. There are actually two "problems" to solve. The first is how do you have a unified "unix" account back end. The 2nd is how do you have unified "windows" back end.
Samba as a domain controller will provide the unified windows backend. (Presume you are familiar with the "domain" concept in windows.) There are two approaches for the unix logins. The same machine can also be used as NIS or LDAP server to provide centralized unix accounts (and other info) for the linux systems. (I used to use NIS, converted to LDAP. ) unix and samba use different password schemes so you don't have a single password field. But you can configure samba to change the appropriate unix passwords whenever a windows user changes his password, so effectively they can appear to be the same to the user. Alternately, you can configure linux clients to use winbind for authentication, which means that your linux/unix logins use your windows password. I have not done this. I think this is more appropriate when you have a true Windows server as your PDC. You can configure LDAP to handle both the backend stuff for samba and unix accounts. Each account will have an ldap and unix password field, as well as various fields for other samba and unix attributes. I use Sun (Oracle) Directory Server- which had already been implemented for another project, so it made sense to leverage that for unix account support and samba support. (Plus it plays nice with Solaris clients.) But openldap or other servers should be fine. If you have a "packaged" authentication solution with an LDAP backend, that may be the easiest. Samba will have a schema file to add to whatever LDAP server to allow you to extend the schema. it really helps if you can have a graphical tool to manage the LDAP data. I use Apache Directory Studio (the Sun management tools are lacking.) LDAP can be kind of tricky for unix authentication - RHEL 5, Fedora Core 11 thru 14 require the use of an ldap proxy account. Cent OS 6.2 will probably be the same. If you are using autofs that is also a little tricky. On 05/11/12 08:59, Cliff Nieuwenhuis wrote: > I have a small network with mixed OS's -- some Linux (mix of distros, > Ubuntu, PCLinuxOS, CentOS) and some Windows (XP and Win7). I'm > replacing my server and have installed CentOS 6.2 on it. There are no > Windows servers on the network. > > I'd like to have the server manage user accounts and passwords. > Ideally, I'd be able to log in to any computer on my network with the > same username and password. Furthermore, I'd like to access to the > server's Samba shares to be based on the 'centralized' user account. > > Is Samba (alone) sufficient to accomplish this, or do I need to also > set up NIS or IPA or something else? If Samba is sufficient, what > security mode is recommended? > > I did look at IPA and it seems to address my centralized user account > management, but I haven't found a clear discussion on how it can be > used with Samba, or which should be set up first -- Samba or IPA. > > I also looked at NIS, but the information I found was all several years > old so I have concerns that it may not be the correct choice. > > I'd really appreciate thoughts and comments. I'm not looking for > detailed instructions, but rather some advice on the overall plan. > > Sincerely, > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
