Hi, CC
Thank you for the excellent message. we have a windows centric system and that cannot
be changed, for historical, political and management reasons.
As linux in this org started from a few isolated desktops, when more and more people
use it, we set up a centralized server for auth and nfs services. most Linux users
still have their windows desktops and some use exceed. when people log into windows,
they are authenticated by a win2k domain. when they log into Linux, auth by a nis
server (should migrate to ldap). The two systems are independent of each other apart
from backup and email, which are communicating via agents.
this may be not a neat technical set-up, but easy to manage and support. Then we have
this file access problem, when the linux/windows users log into any system, them want
to access files in both systems.
What I am trying to achieve here is:
when people log into linux, they do not need to type \\winserver\users\share and/or
supply username and password, but simply type e.g. "cd /home/user1/mywin" to access
her home folder in widows (like a mapped drive in windows).
Cheng
>
hi cheng,
> Hi, Christopher
>
> we are using windows 2000 servers. we configured samba to use win server to
> authenticate users when they access Linux file from windows environment.
ok, i am just a wee bit confused then; you have a windows 2000 advanced server running
as a domain controller, additionally, you have linux box where samba has been
configured to use the windows 2k as it's authentification server. further, you have
shares on the linux box available to the network. does this sound about right?
there is nothing particularily wrong with this arrangement, although I would have
configured linux to be the domain controller and the 2k box as a domain member. this
tends to be the preference if ever you decide to activate the terminal services (as
microsoft reccommends that a terminal server not be a domain controller at the same
time). needless to say, that you do not have to pay the client license when your
domain controller is running under samba -- this can be a very persuaive argument to
change the role --
i assume then you have pesuasive reason for the 2k server as well -- some sort of
application that running there that cannot be migated to linux? (hint)
typically, if not always, when a windows client becomes member of a windows domain, it
create a hidden share for each drive/partition (i.e. c$, etc.). additionally, the
windows client global group administrators is modified to include the domain
administrator. once again, there is no need (or desire) to have all of the client
passwords maintained somewhere for the administrator -- by having the domain admin
declared as a local administrator on the client, the domain admin, from any machine on
the network, can access any other domain member machine. to try, logon to w2k as
admin, open up explorer, and type\\netbiosname\c$ and hit enter. if the client machine
is a member, than no password is required to have full access to the client's disk
should you wish to maintain a windows centric solution, than you could consider
running winbind, which allows linux logins based on nt security. again, only under
special instances would you want to do this ... but you may have a case that justifies
it. check out winbind in the samba-howto collection.
Cheers
CC
--------------------------------------------------------
This email is confidential and intended solely for the use of the person(s) ('the
intended recipient') to whom it was addressed. Any views or opinions presented are
solely those of the author and do not necessarily represent those of the Paterson
Institute for Cancer Research or the Christie Hospital NHS Trust. It may contain
information that is privileged & confidential within the meaning of applicable law.
Accordingly any dissemination, distribution, copying, or other use of this message, or
any of its contents, by any person other than the intended recipient may constitute a
breach of civil or criminal law and is strictly prohibited. If you are NOT the
intended recipient please contact the sender and dispose of this e-mail as soon as
possible.
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
