On Sunday, 3 February 2008 21:02:05 Ira Abramov wrote: > A(nother) client of mine is fighting the old fight of central directory > management. Situation went quickly downhill yesterday when their Active > Directory server's hardware died. I've been originally asked to come > help them integrate it with Linux but instead tomorrow it will be an > emergency fire fight and maybe a different approach should be > considered. > > The comapny has a Gnu/Linux-based product and development nodes, but > most of the tech staff was decided to run on windows machines (don't > ask). The question now is whether I help them disjoin their machines > from the disfunct 2003 server's domain and help them work with a bunch > of standalone XPs and a Samba server, or could I use the Samba as a PDC > and build a second one as BDC? I know Samba is capable of that, but I > have never heard about a real world case where that works, and if it > works well. > > Also, if a Samba machine is a direcotry server, can I get the rest of > the Gnu/Linux nodes on the LAN authenticate against that somehow or do I > have to synchronise that to a YP map? what's the best way of > synchronising a password change to both the yp master as well as the > Samba's internal DB? I always just change password for both on the > commandline but in a real world environment I suppose there should be a > web interface maybe to do that? should I look at SWAT?
1. I think you should be using an LDAP backend to samba. This way Unices would auth against LDAP, and windowses against samba (but LDAP DB). I guess samba has more backends (mysql maybe?), but LDAP fits best.. 2. PDC/BDC setup would probably miss many features (still it's 90s technology); Samba 4 should be able to mimic Win2k DC, but it's alpha. 3. I indeed never heard of someone using samba as a DC, although I tend to trust the samba guys.. they do good job :) 4. Have you considered winbind? Either against samba, or actually reinstalling a win2k3 DC, while unices authenticate using winbind? - Oren ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
