On Fri, 31 Jan 2003, Andreas Hasenack wrote: > Em Thu, Jan 30, 2003 at 10:14:47PM +0000, John H Terpstra escreveu: > > If your Win2K DC is your authentication server for your domain, then DO > > NOT set "domain logons = Yes" on samba - it can cripple your Win2K DC! > > > > Instead, in your smb.conf [globals] you want: > > security = domain > > password server = * > > > > Then join the domain by: > > smbpasswd -r 'PDC_name' -j 'Domain_Name' > > > > This way your MS Windows clients should be domain members and will log > > onto the Win2K DC and will be able to seemlessly access your samba server. > > The win2k machine is on the other side of a WAN link, a different > subnet, but the windows clients will be accessing shares on the local samba server. > Users will be created and managed in the win2k machine, that's why I need the > samba server to check passwords against the remote win2k machine.
I would try to NOT use Samba for logon services atthei time. There are not big issues with doing this over a WAN link so long as there are not too many clients _and_ you have sufficient bandwidth. > > And, since the w2k server is on a different subnet, I don't think I can make it > the logon server for my clients, or can I? I mean, broadcasts mean a lot in a > MS network... You must use WINS to avoid broadcast traffic. With WINS the important UDP traffic will be unicast. WINS can reduce UDP broadcast traffic by up to 95%. Using WINS, you clients will readilly locate the logon server. I would recommend not using file and print shares over the WAN link though. > > Should I then just make the clients authenticate against the remote w2k machine > anyway? I know, in both scenarios, the w2k server will be contacted anyway, either > by the samba server or by the linux client. Correct. That's my recommendation. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
