Hi Ron, Some suggestions, assuming they're gonna be stuck with Windows:
1) Login password ageing can be set on the Windows administrative side. I don't know how this is done but for the end user it has the same effect as the Unix password ageing. You can set minimum number of characters, etc. If the Unix/Linux system running SAMBA is permitted to be part of the Windows Domain, the passwords can be automatically updated. That means SAMBA has to be able to update /etc/passwd or whatever you are using for your user account management. There are some details in the SAMBA troubleshooting guide as well as the manual. 2) Sharing correct drive mappings has to be done on the Windows authentication / startup side - get the Windows administrator to set up some mapping scripts to do this, park them on a generally accessible system -- usually they are .bat scripts. I have set up SAMBA to share out the user's Unix home directory privately to that user; this is a nicer touch than making them all wide open. 3) This can be done again on the Windows administrative side, but the Windows admin needs to set up "roaming profiles". They might have to buy some licenses for this. Apparently roaming profiles are a PITA to set up. 4) Yes. That will happen if the above items are set up. The thing to do on the Windows side is to make sure they don't have admin rights on the PCs. You can do it all with thin clients but if they are intending to run some high bandwidth thing like "head office sends this video clip of how to do whatever", then you are stuck. Assuming that's not the case, I have a Linux system setup here with Citrix Metaframe; I can use all my X11 apps by telnetting or ssh-ing to the appropriate Unix system, and I can access any of my Windows apps through the "fit client". The Sunrays will do this too, but maybe not CAD or high bandwidth apps. Regards, Jill. -----Original Message----- From: Ron Daniel [mailto:[EMAIL PROTECTED] Sent: Monday, 23 June 2003 12:07 PM To: [EMAIL PROTECTED] Subject: [SLUG] Samba / Linux User administration and Authenticationand desktops. We have a Samba server sharing drives and printers to my PC users in a network. The difficulty we currently face is the (soon to be) burgeoning number of users that move from PC to PC and need to have their own "desktop's" with their own network drives and printer shares, at each of the PC's to which they move. The PC's are running windows XP or Windows 2000. My PC guy tells me that if we installed a Windows 2000 server with domains we would be able to authenticate them onto the network using this Windows 2000 server, and also control their user profiles and desktops at each of the machines. I have a strong (at times irrational) aversion to Windows 2000 servers. What we would really like is for Samba and Solaris, or even Linux, to : 1) Authenticate the users and force them to change their passwords according to an expiry period, no matter which PC they log into 2) Share the correct drive mappings based on the user id they log into from the PC, not the PC machine name. 3) Allow their own private desktop's to appear no matter which PC they log into. 4) They need to run two MS-based applications. Sounds like a job for thin clients or something. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug ---------------------------------------------------------------------- IMPORTANT NOTICES This email (including any documents referred to in, or attached, to this email) may contain information that is personal, confidential or the subject of copyright or other proprietary rights in favour of Aristocrat, its affiliates or third parties. This email is intended only for the named addressee. Any privacy, confidence, copyright or other proprietary rights in favour of Aristocrat, its affiliates or third parties, is not lost because this email was sent to you by mistake. If you received this email by mistake you should: (i) not copy, disclose, distribute or otherwise use it, or its contents, without the consent of Aristocrat or the owner of the relevant rights; (ii) let us know of the mistake by reply email or by telephone (+61 2 9413 6300); and (iii) delete it from your system and destroy all copies. Any personal information contained in this email must be handled in accordance with applicable privacy laws. Electronic and internet communications can be interfered with or affected by viruses and other defects. As a result, such communications may not be successfully received or, if received, may cause interference with the integrity of receiving, processing or related systems (including hardware, software and data or information on, or using, that hardware or software). Aristocrat gives no assurances in relation to these matters. If you have any doubts about the veracity or integrity of any electronic communication we appear to have sent you, please call +61 2 9413 6300 for clarification. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
