Re: [Samba] Single Sign On, authentication, and Windows XP Home
Chris Smith wrote: On Thursday 27 December 2007, Gary Dale wrote: Not necessarily. If you have a business where each person only logs onto one computer, then Home is probably all you need. For example, a small business with only one computer in a department/section or one with multiple computers but each staff member only uses the computer assigned to them. This latter case covers a lot of businesses - but many larger businesses in this class still should prefer Pro over Home for domain policy setting. There's always the exception but in most cases I find centralized authentication invaluable. No need to have local accounts whatsoever. Plus it's not just the system being used for login purposes, there's all of the other shared resources that need to be managed. IMO any business with 5 or more systems (and sometimes even fewer) can save lots of time and trouble by implementing domain control. Actually, I look after an office with only two computers that needs Pro both for the roaming profiles (they want to able to work from either computer) and for the centralized backup roaming profiles allows (since the profiles are stored on the server, I just have to back up the one machine). Having said that, there are other small offices where different circumstances make Pro unnecessary. For example, a lot of small businesses have an accountant come in to look after their books. He/She backs up the accounting files onto a USB stick so they always have an off-site backup. Other sites have a policy that all files are stored on the server so that personal files on your computer are your responsibility. Small businesses don't usually have a lot of shared resources to be managed, so there's not a lot to gain by centralising the authentication - everything else is already pretty centralised on their one server. Surprisingly, the place where probably Home shouldn't be used is at home. At home you are quite likely to have different people using any given computer and keeping passwords sync'ed is a problem. However, home users put up with it because they usually aren't running a server. I agree, but not for your reasons, only because Home has too many other limitations (only safe mode for acl editing). ACL editing on a home network? Few home users would even know what it is. :) The expensive mistake both home and business users are making is using Windows in the first place. That we can agree on. The hard part is getting people to switch over. I put Linux on a computer and people love it. It's getting them to even try that's difficult. The better the devil you know attitude is hard to overcome. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Single Sign On, authentication, and Windows XP Home
To the best of my knowledge, you can't join XP Home machines to a domain. Which would be a major argument against ever using XP Home in a work environment. (I realize many businesses buy this because they think it is cheaper.) If you don't use a domain setup, if you have a user account for each user on the server at set the password to be the same user's account on his or her own machine, the file access should be pretty transparent. My experience is that once you have more than 3 machines in a workgroup, switching to the domain model is well worth the effort. (And I would suspect less effort then going with an LDAP or NIS client.) just my 2c. On Dec 21, 2007 3:11 PM, Matt Lozier [EMAIL PROTECTED] wrote: Hello, I have a small (medium?) sized network of about 30 XP machines. About 2/3 of these machines are running Home Ed. while the other 1/3 are running Professional Ed. I currently have two samba shares, and I'm using 'user' security. I want to implement single sign on, some way, somehow. I've considered: NIS and LDAP, but I can't get the NIS pGina plugin to work with my NIS server, and LDAP seems like a beast to setup, though I'm willing to go for it if it means that I'll be able to get SSO working. Does any one have any suggestions / recommendations? Thanks, Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Single Sign On, authentication, and Windows XP Home
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Not sure why you didn't use Google (apparently, as this didn't take me very long), but I did: http://www.ntcompatible.com/story8718.html Take a gander. Matt Lozier wrote: Yes, this is all correct and I fully agree with everything that Gaiseric has said. However, the problem I'm dealing with is that I *still* have XP Home machines that I need to work with. Until these are phased out, and replaced with Pro Ed., I'm stuck if I want to implement SSO -- I think, unless I run an LDAP server and install pGina with the LDAP plugin. I didn't want to have to go this route, but I think that it may be the only option available! Thank you to everyone for their input -- --- Matt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gaiseric Vandal Sent: Thursday, December 27, 2007 8:46 AM To: samba@lists.samba.org Subject: Re: [Samba] Single Sign On, authentication, and Windows XP Home To the best of my knowledge, you can't join XP Home machines to a domain. Which would be a major argument against ever using XP Home in a work environment. (I realize many businesses buy this because they think it is cheaper.) If you don't use a domain setup, if you have a user account for each user on the server at set the password to be the same user's account on his or her own machine, the file access should be pretty transparent. My experience is that once you have more than 3 machines in a workgroup, switching to the domain model is well worth the effort. (And I would suspect less effort then going with an LDAP or NIS client.) just my 2c. On Dec 21, 2007 3:11 PM, Matt Lozier [EMAIL PROTECTED] wrote: Hello, I have a small (medium?) sized network of about 30 XP machines. About 2/3 of these machines are running Home Ed. while the other 1/3 are running Professional Ed. I currently have two samba shares, and I'm using 'user' security. I want to implement single sign on, some way, somehow. I've considered: NIS and LDAP, but I can't get the NIS pGina plugin to work with my NIS server, and LDAP seems like a beast to setup, though I'm willing to go for it if it means that I'll be able to get SSO working. Does any one have any suggestions / recommendations? Thanks, Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba - -- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II |$| |__| | | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHc75Kmb+gadEcsb4RArn6AJ9Z0LLsWVwuVi9ceByzaJoEH7xLrQCgjr71 gfzwXbN2XaSP+manZcolCp4= =rFmW -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Single Sign On, authentication, and Windows XP Home
Yes, this is all correct and I fully agree with everything that Gaiseric has said. However, the problem I'm dealing with is that I *still* have XP Home machines that I need to work with. Until these are phased out, and replaced with Pro Ed., I'm stuck if I want to implement SSO -- I think, unless I run an LDAP server and install pGina with the LDAP plugin. I didn't want to have to go this route, but I think that it may be the only option available! Thank you to everyone for their input -- --- Matt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gaiseric Vandal Sent: Thursday, December 27, 2007 8:46 AM To: samba@lists.samba.org Subject: Re: [Samba] Single Sign On, authentication, and Windows XP Home To the best of my knowledge, you can't join XP Home machines to a domain. Which would be a major argument against ever using XP Home in a work environment. (I realize many businesses buy this because they think it is cheaper.) If you don't use a domain setup, if you have a user account for each user on the server at set the password to be the same user's account on his or her own machine, the file access should be pretty transparent. My experience is that once you have more than 3 machines in a workgroup, switching to the domain model is well worth the effort. (And I would suspect less effort then going with an LDAP or NIS client.) just my 2c. On Dec 21, 2007 3:11 PM, Matt Lozier [EMAIL PROTECTED] wrote: Hello, I have a small (medium?) sized network of about 30 XP machines. About 2/3 of these machines are running Home Ed. while the other 1/3 are running Professional Ed. I currently have two samba shares, and I'm using 'user' security. I want to implement single sign on, some way, somehow. I've considered: NIS and LDAP, but I can't get the NIS pGina plugin to work with my NIS server, and LDAP seems like a beast to setup, though I'm willing to go for it if it means that I'll be able to get SSO working. Does any one have any suggestions / recommendations? Thanks, Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Single Sign On, authentication, and Windows XP Home
On 12/26/2007, Matt Lozier ([EMAIL PROTECTED]) wrote: I just want to provide a means to allow all users who use the machines on the LAN to be able to login to *any* machine and have access to their Samba share. This kind of functionality is one of the many features of running a Windows Domain. With a DC in the mix, and every user a member of the domain, you only need to add the 'Domain Users' group to the 'Power Users' group on each workstation to accomplish this... then you can control which user can access which machine (by default, all users can access all mnachines). Unfortunatley I know of no way to provide this functionality without using Samba as a full blown PDC... -- Best regards, Charles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Single Sign On, authentication, and Windows XP Home
On Thursday 27 December 2007, Ryan Novosielski wrote: Not sure why you didn't use Google (apparently, as this didn't take me very long), but I did: http://www.ntcompatible.com/story8718.html My experience is that that hack is relatively useless for this purpose. The app may have improved but what I found: the user still needs a local account and all it does is persistently apply a set of credentials that will allow access to domain resources. Which can easily be done with a persistent share, albeit the domain credentials will need to be entered on startup unless the local credentials are identical. XP Home simply sucks, even DOS with the Workgroup Add-On can interface with an MS Domain better. The Vista Home editions are probably just as sucky in this regard although I haven't seen them yet. Businesses that license the home editions are making an expensive mistake. -- Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Single Sign On, authentication, and Windows XP Home
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chris Smith wrote: On Thursday 27 December 2007, Ryan Novosielski wrote: Not sure why you didn't use Google (apparently, as this didn't take me very long), but I did: http://www.ntcompatible.com/story8718.html My experience is that that hack is relatively useless for this purpose. The app may have improved but what I found: the user still needs a local account and all it does is persistently apply a set of credentials that will allow access to domain resources. Which can easily be done with a persistent share, albeit the domain credentials will need to be entered on startup unless the local credentials are identical. XP Home simply sucks, even DOS with the Workgroup Add-On can interface with an MS Domain better. The Vista Home editions are probably just as sucky in this regard although I haven't seen them yet. Businesses that license the home editions are making an expensive mistake. There's one thing we can agree on. :) - -- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II |$| |__| | | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHc88fmb+gadEcsb4RAosTAJ9b5g0W+HigQJmrdn/W54a0UbFpCACginW4 wAZEW7oKNuqyxDpAkX0uINg= =Ovkv -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Single Sign On, authentication, and Windows XP Home
On Thursday 27 December 2007, Gary Dale wrote: Not necessarily. If you have a business where each person only logs onto one computer, then Home is probably all you need. For example, a small business with only one computer in a department/section or one with multiple computers but each staff member only uses the computer assigned to them. This latter case covers a lot of businesses - but many larger businesses in this class still should prefer Pro over Home for domain policy setting. There's always the exception but in most cases I find centralized authentication invaluable. No need to have local accounts whatsoever. Plus it's not just the system being used for login purposes, there's all of the other shared resources that need to be managed. IMO any business with 5 or more systems (and sometimes even fewer) can save lots of time and trouble by implementing domain control. Surprisingly, the place where probably Home shouldn't be used is at home. At home you are quite likely to have different people using any given computer and keeping passwords sync'ed is a problem. However, home users put up with it because they usually aren't running a server. I agree, but not for your reasons, only because Home has too many other limitations (only safe mode for acl editing). The expensive mistake both home and business users are making is using Windows in the first place. That we can agree on. -- Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Single Sign On, authentication, and Windows XP Home
Chris Smith wrote: On Thursday 27 December 2007, Ryan Novosielski wrote: Not sure why you didn't use Google (apparently, as this didn't take me very long), but I did: http://www.ntcompatible.com/story8718.html My experience is that that hack is relatively useless for this purpose. The app may have improved but what I found: the user still needs a local account and all it does is persistently apply a set of credentials that will allow access to domain resources. Which can easily be done with a persistent share, albeit the domain credentials will need to be entered on startup unless the local credentials are identical. XP Home simply sucks, even DOS with the Workgroup Add-On can interface with an MS Domain better. The Vista Home editions are probably just as sucky in this regard although I haven't seen them yet. Businesses that license the home editions are making an expensive mistake. Not necessarily. If you have a business where each person only logs onto one computer, then Home is probably all you need. For example, a small business with only one computer in a department/section or one with multiple computers but each staff member only uses the computer assigned to them. This latter case covers a lot of businesses - but many larger businesses in this class still should prefer Pro over Home for domain policy setting. Surprisingly, the place where probably Home shouldn't be used is at home. At home you are quite likely to have different people using any given computer and keeping passwords sync'ed is a problem. However, home users put up with it because they usually aren't running a server. The expensive mistake both home and business users are making is using Windows in the first place. :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Single Sign On, authentication, and Windows XP Home
Hi Rune, I just want to provide a means to allow all users who use the machines on the LAN to be able to login to *any* machine and have access to their Samba share. As it is now, there is only local authentication for each machine on the LAN (no Windows Domain here, only a workgroup) -- so if a user wants to be able to use a computer other than what they normally use, an account needs to be created for that user on the new machine, and then they will be able to access their Samba share. I want to allow any user to login to any machine, and be able to access their Samba share. Any suggestions? Thanks, --- Matt -Original Message- From: Rune Tønnesen [mailto:[EMAIL PROTECTED] Sent: Friday, December 21, 2007 4:16 PM To: Matt Lozier Cc: samba@lists.samba.org Subject: Re: [Samba] Single Sign On, authentication, and Windows XP Home Matt Lozier skrev: Hello, I have a small (medium?) sized network of about 30 XP machines. About 2/3 of these machines are running Home Ed. while the other 1/3 are running Professional Ed. I currently have two samba shares, and I'm using 'user' security. I want to implement single sign on, some way, somehow. I've considered: NIS and LDAP, but I can't get the NIS pGina plugin to work with my NIS server, and LDAP seems like a beast to setup, though I'm willing to go for it if it means that I'll be able to get SSO working. Does any one have any suggestions / recommendations? Thanks, Matt What applications do you want sso for? You might be interested in Mandriva directory server http://mds.mandriva.org/wiki/Documentation -- Rune Tønnesen Bedste Hilsner/Best Regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Single Sign On, authentication, and Windows XP Home
First you need to figure out how to get XP home to join a domain. A quick Google search suggests that there may be a way, but I don't know what it is. Then, look at chapter 2 of Samba by Example ( http://us1.samba.org/samba/docs/man/Samba-Guide/small.html or download the PDF - http://www.samba.org/samba/docs/Samba3-ByExample.pdf ) That is basically what you are asking for. Dennis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Lozier Sent: Wednesday, December 26, 2007 9:01 AM To: 'Rune Tønnesen' Cc: samba@lists.samba.org Subject: RE: [Samba] Single Sign On, authentication, and Windows XP Home Hi Rune, I just want to provide a means to allow all users who use the machines on the LAN to be able to login to *any* machine and have access to their Samba share. As it is now, there is only local authentication for each machine on the LAN (no Windows Domain here, only a workgroup) -- so if a user wants to be able to use a computer other than what they normally use, an account needs to be created for that user on the new machine, and then they will be able to access their Samba share. I want to allow any user to login to any machine, and be able to access their Samba share. Any suggestions? Thanks, --- Matt -Original Message- From: Rune Tønnesen [mailto:[EMAIL PROTECTED] Sent: Friday, December 21, 2007 4:16 PM To: Matt Lozier Cc: samba@lists.samba.org Subject: Re: [Samba] Single Sign On, authentication, and Windows XP Home Matt Lozier skrev: Hello, I have a small (medium?) sized network of about 30 XP machines. About 2/3 of these machines are running Home Ed. while the other 1/3 are running Professional Ed. I currently have two samba shares, and I'm using 'user' security. I want to implement single sign on, some way, somehow. I've considered: NIS and LDAP, but I can't get the NIS pGina plugin to work with my NIS server, and LDAP seems like a beast to setup, though I'm willing to go for it if it means that I'll be able to get SSO working. Does any one have any suggestions / recommendations? Thanks, Matt What applications do you want sso for? You might be interested in Mandriva directory server http://mds.mandriva.org/wiki/Documentation -- Rune Tønnesen Bedste Hilsner/Best Regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Single Sign On, authentication, and Windows XP Home
Hello, I have a small (medium?) sized network of about 30 XP machines. About 2/3 of these machines are running Home Ed. while the other 1/3 are running Professional Ed. I currently have two samba shares, and I'm using 'user' security. I want to implement single sign on, some way, somehow. I've considered: NIS and LDAP, but I can't get the NIS pGina plugin to work with my NIS server, and LDAP seems like a beast to setup, though I'm willing to go for it if it means that I'll be able to get SSO working. Does any one have any suggestions / recommendations? Thanks, Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Single Sign On, authentication, and Windows XP Home
Matt Lozier skrev: Hello, I have a small (medium?) sized network of about 30 XP machines. About 2/3 of these machines are running Home Ed. while the other 1/3 are running Professional Ed. I currently have two samba shares, and I'm using 'user' security. I want to implement single sign on, some way, somehow. I've considered: NIS and LDAP, but I can't get the NIS pGina plugin to work with my NIS server, and LDAP seems like a beast to setup, though I'm willing to go for it if it means that I'll be able to get SSO working. Does any one have any suggestions / recommendations? Thanks, Matt What applications do you want sso for? You might be interested in Mandriva directory server http://mds.mandriva.org/wiki/Documentation -- Rune Tønnesen Bedste Hilsner/Best Regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba