I suspect you might run ito problems if you don't research this a bit
more.
Running a windows NT domain with linux/samba has some advantages, but
there are some issues you need to be aware of.
1)Samba can only use the users unix password if you are not using
encrypted passwords in Windows NT etc. In recent versions of Windows,
encrypted passwords are the default, but that can be changed with a reg
hack (available in the samba doc that ship with the rpm).
2)Unfortunately, you can not change to unencrypted passwords if you are
going to run a domain. This is a "feature" of Windows.
3)Samba has no support for PDC/BDC relationships or interdomain trust.
This will be a long time in coming, although some features are available
in samba-tng.
4)There are issues with joining win2k clients to the domain. You will
need to run the current CVS version if you need to add win2k clients.
OK, now for the good news
1)Since the smbpasswd is not checked as well as the unix password, you
are ok on migrating the passwords. Note that there are actually scipts
for doing the whole process that come with samba.
2)Even though samba does not use the unix password when in a domain, you
can authenticate unix services off the samba password database.
My suggestion to you would be to keep your PDC/BDC, but just move all
your services off to the linux boxes.
I use pam-smb (I am wanting to get authentication of uw-imap working,
but am having trouble) for pam-enabled services, and can currently login
to the linux boxes with my windows password.
For squid, the auth-smb module works fine.
File and print services with samba are quite good (getting better in
samba 2.2.0cvs), as long as you join your linux boxes to the domain.
You might want to susbscibe to the samba-ntdom mailing list, where the
samba/NT domain integration pros hang out. See the samba website for
details. (http://www.samba.org)
We actually run a samba 2.0.7 machine as PDC, mainly because of the cost
of licenses for all the machine we would have to run (servers and
clients). If you can afford to have an NT machine as PDC, and you
availability is sufficient, stick with that.
Regards,
Buchan
Jorge Ramírez Llaca wrote:
>
> I'm in the process of migrating all my NT servers to Linux Mandrake 7.2
>
> Currently, there's a PDC holding all the user's network folders and a couple
> of SDC's running a variety of services, including IMAP, SMTP, LDAP, web
> cache, printing, etc.
>
> All my users authenticate against the NT domain. So far I think i've got
> this covered. I already cracked all my users passwords (using l0phtcrack
> 2.52). Right now I'm in the process of writing a couple of migration scripts
> that will add the users, first to Linux and then to Samba 2.07, then move
> all the files from the NT file server to the Mandrake server and finally
> their mailboxes to a second Mandrake server. After taking the the NT PDC
> offline I'll reconfigure Samba to act as a PDC on the file server and as a
> SDC on the mail server.
>
> If all goes well, my users won't notice the change. Or at least that's my
> goal,a completely transparent migration experience (at least for them).
>
> My problem is that some of my users have very weak passwords and Mandrake
> won't allow them. I intend to address that issue sometime soon but I need to
> migrate them ASAP. So the question is: How do I instruct Mandrake to accept
> whaterver silly thing the users have chosen as their password.
>
> Can anyone help me please?
--
|----------------Registered Linux User #182071-----------------|
Buchan Milne Mechanical Engineer, Network Manager
Cellphone * Work +27 82 472 2231 * +27 21 808 2497
Stellenbosch Automotive Engineering http://www.cae.co.za
