Hi.
In few weeks I'm planning to set up a windows network over our departmental
net. I need some advices, suggestions about what you would do. We're in front
of a large network. I'm expecting having 50++ computers logging in the
not that large :-)
friend of mine is running 300+ computers with samba.
I run 80+ computers samba domain.
windows domain, many different users. Servers will be just unix (linux
mainly, and aix/bsd for experiments only)
there's very important point, called KISS (keep it simple, stupid).
complicated things like linux/aix/bsd/w2k3/w2k/AFS/krb5 are known hard to
maintain.
The underlying structure is really simple. All clients (aix, bsd, linux,
macosx) are authenticating over our kerberos realm (linux kdcs). User
informations are on ldap (home, shell, gid, uid, additional gids...), no
password since ldap uses kerberos via gssapi. File serving is provided by
AFS. All users have their home in /afs/cell.name/users/INITIAL/username, no
local users. It works perfectly.
Now, I'd like to add windows clients. Since they cannot authenticate over MIT
using AFS and LDAP, I'm working with samba. Before starting from the wrong
assumptions, I'd appreciate some suggestions. This is my plan for windows.
-Since we have a realm CELL.NAME, I'd use a workgroup: WIN.CELL.NAME
-Netbios name for pdc should be the same as in the dns: SMB.CELL.NAME
-We have NO ldap passwords: tbsam.
if You have passwords in tdb, You can migrate to ldap by using pdbedit.
I have some concerns. What I'd really like is probably not good.
- Passwords. We're using kerberos... Any change to samba should be redirected
to kerberos. Anyone doing some tricks here?
it has been discussed many times, just search the list, samba3 goes well
with Heimdal. which kerberos do You have ?
- Home directories. The logon home should be \\AFS\CELL.NAME\users\initial\%U
--- quite weird for windows. Moreover, this creates some directories in the
unix space (users and settings\user, with desktop co).
- Profiles. Is it a good idea to store profiles in each user's home?
yes. it is good.
I'm confused, ms-network makes more difficulties than solving problems, but I
have to do that...
Can you give me some impressions? Add that I'd like to add a BDC... Any
suggestion is really appreciated. I want to plan better before rather than
complainig after :)
Thanks!
--
Sensei [EMAIL PROTECTED]
cd /pub
more beer
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
