Re: [Samba] Re: password change on WinXP
On Sat, 17 Jun 2006, Petteri Larjos wrote: Thank you Conrad for answering. If I remember correctly the laptop users need two accounts (local and remote) even though samba is PDC or one could not logon when not connected to LAN. How this is handled? As I understand it, Windows clients will cache logon information. So you can logon once while connected to the LAN and thus having the PDC accessible, then in the future when you are disconnected from the LAN, you can still logon and the Windows client will authenticate you using the locally cached authentication info. Here's a MS knowledge base article about it: http://support.microsoft.com/kb/q172931/ Now, what I don't know is whether taking advantage of this is considered a best practice in the Windows world. For all I know, the cached information might expire after a week or something, which could leave someone in a bind if they are away from the LAN for too long (say, on a business trip). Anyone have comments about that? - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: password change on WinXP
Thank you Conrad for answering. If I remember correctly the laptop users need two accounts (local and remote) even though samba is PDC or one could not logon when not connected to LAN. How this is handled? Far as I understand situation is much like as previously described. Almost half of our users are using a laptop. Seems that I am back on square one. regards, Petteri Conrad Lawes wrote: Windows XP and Samba are working as expected. You would see the same result if your server was a Windows NT or Win2k box. In the Windows world, a user can have 2 accounts: one that resides locally on the workstation and another on the domain controller. Both accounts are distinct and separate from each other. This means that changes made to the local account has no impact or influence on the domain account and visa versa. As a system administrator, you must choose ONE account. Having users with both accounts will, undoubtably, make your job more difficult as you are seeing now. Domain accounts are must easier to manage. An experienced system administrator will always choose domain-based user accounts unless there's a compelling reason to do otherwise. In my case, end users do not have local accounts on their Windows desktops. This ensures that every end user MUST log onto the Samba domain. This also means that they (and myself) only have one password to worry about. Furthermore, any password change is automatically updated on the Samba server. Some the benefits of domain-based user accounts: * Centralized management.e.g. the system admin can reset or disable a users account without having to physically access that user's workstation. * Roaming profiles * Login scripts * Folder redirection * Ease of software installation - you can leverage login scripts to automate this process. * Sharing of resources - DVD, CD and printers can be shared easily * Security * Data protection - a failed workstation does not necessarily mean lost data if roaming profile and folder redirection are implemented properly. On 6/15/06, *Petteri Larjos* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: We have samba (3.0.22) configured as 'standalone server' type and security mode is 'user'. I have configured 'smb.conf' so that windows xp users may change their passwords from windows box (using ctrl+alt+del) and I got it work (regardless some sources which say that is not possible with standalone server). The remaining problem is that now users should specify a host to log on in 'change password' dialog box to make it work. There is field called 'log on to' which defaults to local computer name (for example 'MYXP (this computer)'). If user changes 'log on to' value to name of our samba server or workgroup name and completes rest of the fields then passwords are changed on server side (sambapassword and linux password) but local password remains the old. On the other hand if the 'log on to' field value is local computer name, then only local password is changed (not samba). Is there any way to combine the process so that passwords on both sides are changed (server and client)? Is there any utility program which we could use as a workaround? Am I still missing something on samba side or is this windows xp related problem? I would like to keep our samba simple as possible, so PDC server type is out of the question. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: password change on WinXP
Windows XP and Samba are working as expected. You would see the same result if your server was a Windows NT or Win2k box. In the Windows world, a user can have 2 accounts: one that resides locally on the workstation and another on the domain controller. Both accounts are distinct and separate from each other. This means that changes made to the local account has no impact or influence on the domain account and visa versa. As a system administrator, you must choose ONE account. Having users with both accounts will, undoubtably, make your job more difficult as you are seeing now. Domain accounts are must easier to manage. An experienced system administrator will always choose domain-based user accounts unless there's a compelling reason to do otherwise. In my case, end users do not have local accounts on their Windows desktops. This ensures that every end user MUST log onto the Samba domain. This also means that they (and myself) only have one password to worry about. Furthermore, any password change is automatically updated on the Samba server. Some the benefits of domain-based user accounts: - Centralized management.e.g. the system admin can reset or disable a users account without having to physically access that user's workstation. - Roaming profiles - Login scripts - Folder redirection - Ease of software installation - you can leverage login scripts to automate this process. - Sharing of resources - DVD, CD and printers can be shared easily - Security - Data protection - a failed workstation does not necessarily mean lost data if roaming profile and folder redirection are implemented properly. On 6/15/06, Petteri Larjos [EMAIL PROTECTED] wrote: We have samba (3.0.22) configured as 'standalone server' type and security mode is 'user'. I have configured 'smb.conf' so that windows xp users may change their passwords from windows box (using ctrl+alt+del) and I got it work (regardless some sources which say that is not possible with standalone server). The remaining problem is that now users should specify a host to log on in 'change password' dialog box to make it work. There is field called 'log on to' which defaults to local computer name (for example 'MYXP (this computer)'). If user changes 'log on to' value to name of our samba server or workgroup name and completes rest of the fields then passwords are changed on server side (sambapassword and linux password) but local password remains the old. On the other hand if the 'log on to' field value is local computer name, then only local password is changed (not samba). Is there any way to combine the process so that passwords on both sides are changed (server and client)? Is there any utility program which we could use as a workaround? Am I still missing something on samba side or is this windows xp related problem? I would like to keep our samba simple as possible, so PDC server type is out of the question. regards, Petteri -- Petteri Larjos /\ 609 90225,050-5587347 \ / ASCII Ribbon Campaign ETLAX -NO HTML/RTF in e-mail / \ -NO Word docs in e-mail -- Regards, Conrad Lawes PXE Guru -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
