P.S. Unix / Windows Interoperability

Matthew Geddes mgeddes at tellurian.com.au
Thu Dec 5 12:29:42 CST 2002


On Thu, 2002-12-05 at 10:36, Adam Smith wrote:

> It seems that my current ideal setup looks like the following:
> 
> WINDOWS:	Windows 2000 ActiveDirectory domain containing users and
> groups.

When you install AD, you'll probably want to allow NT 4.0 machines to
join the domain. Samba can apparently join an active directory, but I've
never tried it.

> UNIX:		PAM_NTDOM to allow Unix systems to authenticate against
> an NT Domain.

As long as by PAM_NTDOM, you mean the winbind pam module, that should be
OK. The original pam_ntdom module was full of holes and has been
unmaintained for a couple of years now.

> SAMBA:	SAMBA possibly using XFS, which supports ACLs

Or you could use ext2/ext3 with the ACL patch. BTW, ext2/ext3 ACLs made
it into the 2.5.x kernel series (yay!).

> Suddenly, it seems so simple.  At least for testing.  It'll still take a
> great deal of testing and running in yet :-)

Simple, errr, yes. Couldn't be, ummm, easier.....

It shouldn't be too bad :-)

> I'll keep the list posted as to my progress, because I'm still a little
> nervous about taking this venture ;)

A few more suggestions:

 * Set up a test environment first, so that you can see how the pieces
fit together (BTW, you'll need a hammer) and you shouldn't go too far
wrong.

 * Keep your eye on the logs (log.nmbd and log.smbd in particular)

 * Having a line in your smb.conf like:

	log file = /var/log/samba/log.%m

   Is really cool. It creates a different log file for each machine it
deals with. So if you're having problems with machine \\FOO, you could
look in /var/log/samba/log.foo.

 * Compile the latest Samba from source, if you're confident.

 * RTFManual

 * RTFMailing lists. Particularly the samba-ntdom list, if it's still in
existence. The generic samba list is good too.

 If you get stuck, feel free to send a detailed message outlining your
problem to the list and I'm sure someone will offer suggestions. Some
might even be helpful :-). Feel free to contact me off list if you get
really stuck.

As I mentioned before, there's also companies that will set this stuff
up for you (or give assistance) that are based in Adelaide, should you
get *really* stuck.


Hope it helps,
Matt


-- 
LinuxSA WWW: http://www.linuxsa.org.au/ IRC: #linuxsa on irc.openprojects.net
To unsubscribe from the LinuxSA list:
  mail linuxsa-request at linuxsa.org.au with "unsubscribe" as the subject



More information about the linuxsa mailing list