> Here's a big difference, which may be common to many other *nix > admins...in > my $WORK there's a substantial AD infrastructure (about 3~4K user > accounts) > which is managed by a separate group. There is very limited interaction > with > the AD administrators, and little or no chance of getting any changes > to the AD > schema or getting SFU installed on the AD servers. The AD admins have > > ... > > My current plan is to configure the servers with Samba as domain > clients
I do have a word of caution for you here - because I have the same trouble myself. If AD is managed by some other group, without obsessive communication, I'll discourage the winbind/samba approach. Because it's very easy to change something in AD which causes the non-windows clients to cease functioning. And then you've got no alternative. It's a very real danger. As a real life example - I do normally join linux clients onto the domain and share the "root /" just so I can browse the filesystem using native CIFS client in windows. I'll tell users about it, but for years I've continually called it "experimental" and tell them the supported tool is WinSCP (sftp client) instead. Then I repeated my procedure at a new customer's site, and couldn't join the domain. For no apparent reason; simply something in their schema makes it incompatible, can't be done without a real-life AD/Kerberos/Whatever super genius expert guru priest. I mean - I know this stuff pretty well - but I'm no genius expert - and I spent hours examining and repeating everything. Eventually gave up. _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
