I did (a few years ago when still in Rochester) spend quite some time working with samba and authentication. <div><br></div><div>I wanted to achieve a number of goals:</div><div><ol><li>Users access a FTP, SSH and other services on a Linux server using AD usernames/passwords.</li>
<li>Users authenticate to Linux workstations using their AD credentials.</li></ol><div>Since I wanted to provide a number (and provide many more) services to users I found that the solution was to configure pam (which is one of the main central authentication engines) to allow authentication against the AD server. This might be overkill or it might prove to be the simple solution to all your problems, but once you get one service working through pam, you can have any other authenticating against the same method.</div>
</div><div><br></div><div>My notes are here: <a href="http://david-halliday.co.uk/?Linux:AD_Authentication">http://david-halliday.co.uk/?Linux:AD_Authentication</a></div><div>They are a little old but reference a more in depth guide. I recently helped implement a similar configuration (with in the past 6 months on a centos installation) at work and little had changed.</div>
<div><br></div><div>The most important thing to check (and maintain) is that the Linux box and the Microsoft server that it is authenticating against have the same time. Where possible make them sync against the same server regularly (or one against the other) as the time being out (and it doesn't have to be much) can be a confusing hurdle. </div>
<div><br></div><div><br></div><div>For anyone who is interested in playing with authentication pam is interesting as it is modular and you can fairly quickly build and implement your own methods including authentication against something like a MySQL server database if you particularly wanted.</div>
<div><br></div><div><br></div><div>I have not used any of the purpose built NAS on a CD distros (but many look good). </div><div><br></div><div>We use CentOS at work and they seem good, I have used Cent OS in other places too. CentOS looked good a few years ago as Red Hat (from which its derived) was the "solid business choice" and many proprietary applications that were targeted at businesses were predominantly tested (and supported) on Red Hat, so having a Red Hat based distribution makes life easier there. I have wanted to use Debian in production servers but have always been out voted by people who have a red hat background.</div>
<div><br></div><div>With the rise of Ubuntu and now Ubuntu Server... Things could shift in support/consensus.</div><div><br></div><div><br></div><div><br></div><div><div class="gmail_quote">On 28 April 2011 12:38, Peter Childs <span dir="ltr"><<a href="mailto:pchilds@bcs.org">pchilds@bcs.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Samba need good book, any ideas.....<br>
<font color="#888888"><br>
Peter.<br>
</font><div class="im"><br>
On 26 April 2011 20:07, Laurence Southon <<a href="mailto:laurence@southon.uk.net">laurence@southon.uk.net</a>> wrote:<br>
</div><div><div></div><div class="h5">> On 26/04/11 18:27, Peter Childs wrote:<br>
>> I've been asked to set up a File Server for a network of windows based<br>
>> machines, So I'm guessing Samba here..... I guess I need to set up<br>
>> Samba to run as a Windows PDC to sort out security and get all the<br>
>> Windows XP Pro (I think thats what they have) to join the "Network"<br>
>> Unless I can get the Samba server look like AD, but I'm not sure how<br>
>> to go about this... They want passwords and some "Security" over the<br>
>> files on the file server.....<br>
>><br>
> You can have username:passwd security without a PDC, and unless the<br>
> workstations definitely are XP Pro they won't be able to join a domain.<br>
><br>
> It's a lot of work to set up the domain and then join each machine to<br>
> it. Personally I would avoid it, and another downside is that by default<br>
> Samba will use roaming profiles which will likely lead to trouble in the<br>
> long run. You can disable that but it's yet another setting to get dead<br>
> right.<br>
><br>
>> While doing a bit of reading up on doing this I worked out it should<br>
>> be possible to use Samba to do shared home directories on Linux and it<br>
>> should work *better* than NFS.<br>
><br>
> Yes, homes are easy to set up in Samba. Be careful where you place them,<br>
> and consider user quotas to stop disc usage getting out of control.<br>
>><br>
>> Also can I join the Wins bit of the SMB to my DNS and not have so much<br>
>> duplication of service.<br>
> Samba will become a WINS server, just put 'wins support = yes' in the<br>
> [global] part of smb.conf. Job done.<br>
><br>
> Samba is a leviathan, there are literally hundreds of possible settings,<br>
> any of which can trip you up. Good place to start is the official<br>
> documentation:<br>
><br>
> <a href="http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/" target="_blank">http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/</a><br>
><br>
> Feel free to fire questions, but a couple of tips on things that are<br>
> guaranteed to drive you up the wall at some point:<br>
><br>
> You can grant whatever permissions you like in Samba, but if the<br>
> appropriate Unix permissions are not in place, then they won't work, and<br>
> you won't know why.<br>
><br>
> Some config changes in Samba take effect straightaway, others require a<br>
> Windows logon/logoff or even reboot to take effect, so always worth<br>
> trying that before giving up.<br>
><br>
> Good luck!<br>
><br>
> LS<br>
> --<br>
> Laurence Southon<br>
> Tiger Computing, Bexley<br>
> <a href="http://www.tiger-computing.co.uk" target="_blank">www.tiger-computing.co.uk</a><br>
><br>
> _______________________________________________<br>
> Kent mailing list<br>
> <a href="mailto:Kent@mailman.lug.org.uk">Kent@mailman.lug.org.uk</a><br>
> <a href="https://mailman.lug.org.uk/mailman/listinfo/kent" target="_blank">https://mailman.lug.org.uk/mailman/listinfo/kent</a><br>
><br>
<br>
_______________________________________________<br>
Kent mailing list<br>
<a href="mailto:Kent@mailman.lug.org.uk">Kent@mailman.lug.org.uk</a><br>
<a href="https://mailman.lug.org.uk/mailman/listinfo/kent" target="_blank">https://mailman.lug.org.uk/mailman/listinfo/kent</a><br>
</div></div></blockquote></div><br></div>