<html><body><div style="color:#000; background-color:#fff; font-family:bookman old style, new york, times, serif;font-size:12pt"><div><span>have you tried Zentyal for running a Samba/AD.</span></div><div><br><span></span></div><div><span>i have used this for a couple of year and i can testify that it works fine.<br></span></div><div><br></div><div style="font-family: bookman old style, new york, times, serif; font-size: 12pt;"><div style="font-family: times new roman, new york, times, serif; font-size: 12pt;"><font size="2" face="Arial"><hr size="1"><b><span style="font-weight:bold;">From:</span></b> Peter Childs <pchilds@bcs.org><br><b><span style="font-weight: bold;">To:</span></b> Kent Linux User Group - General Topics <kent@mailman.lug.org.uk><br><b><span style="font-weight: bold;">Sent:</span></b> Friday, 29 April 2011, 20:09<br><b><span style="font-weight: bold;">Subject:</span></b> Re: [Klug-general] Samba....<br></font><br>On 29 April
2011 19:52, David Halliday <<a ymailto="mailto:david.halliday@gmail.com" href="mailto:david.halliday@gmail.com">david.halliday@gmail.com</a>> wrote:<br>> Using my method you get pam to point to AD and let it manage everything for<br>> you. This results in the box acting like any other client machine on an AD<br>> network but still providing all the functionality (services and<br>> applications) of a Linux box.<br>> Unless you need more domain servers to handle authentication requests then I<br>> wouldn't worry to implement that part of Samba.<br><br>I don't disagree, The only reason for getting Samba to be do the<br>authentication is if you don't have an AD but loads of Windows Clients<br>who would like one.<br><br>Peter<br><br>> Some interesting reading for heterogeneous networking is this book<br>> (published bu Oreilly) Linux in a Windows World:<br>> Book page: <a
href="http://oreilly.com/catalog/9780596007584" target="_blank">http://oreilly.com/catalog/9780596007584</a><br>> Commons (Free Online<br>> Reading): <a href="http://commons.oreilly.com/wiki/index.php/Linux_in_a_Windows_World" target="_blank">http://commons.oreilly.com/wiki/index.php/Linux_in_a_Windows_World</a><br>> This book was a big launchpad for me in the Linux/MS world. Some of it is<br>> out of date (but some reading of documentation can bring you back up to<br>> speed) but it gives a good overview of things. I do have a print copy<br>> somewhere but I can't seem to find it in my shelf at this moment in time. If<br>> you or anyone else is interested in (and will use) this book then I can have<br>> a hunt for it. Since it is only gathering dust I'm happy to give it to a<br>> good home.<br>><br>> On 29 April 2011 19:42, Peter Childs <<a ymailto="mailto:PChilds@bcs.org.uk"
href="mailto:PChilds@bcs.org.uk">PChilds@bcs.org.uk</a>> wrote:<br>>><br>>> On 29 April 2011 18:52, David Halliday <<a ymailto="mailto:david.halliday@gmail.com" href="mailto:david.halliday@gmail.com">david.halliday@gmail.com</a>> wrote:<br>>> > I did (a few years ago when still in Rochester) spend quite some time<br>>> > working with samba and authentication.<br>>> > I wanted to achieve a number of goals:<br>>> ><br>>> > Users access a FTP, SSH and other services on a Linux server using AD<br>>> > usernames/passwords.<br>>> > Users authenticate to Linux workstations using their AD credentials.<br>>> ><br>>> > Since I wanted to provide a number (and provide many more) services to<br>>> > users<br>>> > I found that the solution was to configure pam (which is one of the main<br>>> > central authentication engines)
to allow authentication against the AD<br>>> > server. This might be overkill or it might prove to be the simple<br>>> > solution<br>>> > to all your problems, but once you get one service working through pam,<br>>> > you<br>>> > can have any other authenticating against the same method.<br>>> > My notes are here: <a href="http://david-halliday.co.uk/?Linux:AD_Authentication" target="_blank">http://david-halliday.co.uk/?Linux:AD_Authentication</a><br>>> > They are a little old but reference a more in depth guide. I recently<br>>> > helped<br>>> > implement a similar configuration (with in the past 6 months on a<br>>> > centos installation) at work and little had changed.<br>>> > The most important thing to check (and maintain) is that the Linux box<br>>> > and<br>>> > the Microsoft server that it is authenticating against
have the same<br>>> > time.<br>>> > Where possible make them sync against the same server regularly (or<br>>> > one against the other) as the time being out (and it doesn't have to be<br>>> > much) can be a confusing hurdle.<br>>> ><br>>> > For anyone who is interested in playing with authentication pam is<br>>> > interesting as it is modular and you can fairly quickly build and<br>>> > implement<br>>> > your own methods including authentication against something like a MySQL<br>>> > server database if you particularly wanted.<br>>> ><br>>> > I have not used any of the purpose built NAS on a CD distros (but many<br>>> > look<br>>> > good).<br>>> > We use CentOS at work and they seem good, I have used Cent OS in other<br>>> > places too. CentOS looked good a few years ago
as Red Hat (from which<br>>> > its<br>>> > derived) was the "solid business choice" and<br>>> > many proprietary applications<br>>> > that were targeted at businesses were predominantly tested (and<br>>> > supported)<br>>> > on Red Hat, so having a Red Hat based distribution makes life easier<br>>> > there.<br>>> > I have wanted to use Debian in production servers but have always been<br>>> > out<br>>> > voted by people who have a red hat background.<br>>> > With the rise of Ubuntu and now Ubuntu Server... Things could shift in<br>>> > support/consensus.<br>>> ><br>>> ><br>>> > On 28 April 2011 12:38, Peter Childs <<a ymailto="mailto:pchilds@bcs.org" href="mailto:pchilds@bcs.org">pchilds@bcs.org</a>> wrote:<br>>> >><br>>> >> Samba need good book, any ideas.....<br>>>
>><br>>> >> Peter.<br>>> >><br>>> >> On 26 April 2011 20:07, Laurence Southon <<a ymailto="mailto:laurence@southon.uk.net" href="mailto:laurence@southon.uk.net">laurence@southon.uk.net</a>><br>>> >> wrote:<br>>> >> > On 26/04/11 18:27, Peter Childs wrote:<br>>> >> >> I've been asked to set up a File Server for a network of windows<br>>> >> >> based<br>>> >> >> machines, So I'm guessing Samba here..... I guess I need to set up<br>>> >> >> Samba to run as a Windows PDC to sort out security and get all the<br>>> >> >> Windows XP Pro (I think thats what they have) to join the "Network"<br>>> >> >> Unless I can get the Samba server look like AD, but I'm not sure how<br>>> >> >> to go about this... They want passwords and some "Security" over the<br>>>
>> >> files on the file server.....<br>>> >> >><br>>> >> > You can have username:passwd security without a PDC, and unless the<br>>> >> > workstations definitely are XP Pro they won't be able to join a<br>>> >> > domain.<br>>> >> ><br>>> >> > It's a lot of work to set up the domain and then join each machine to<br>>> >> > it. Personally I would avoid it, and another downside is that by<br>>> >> > default<br>>> >> > Samba will use roaming profiles which will likely lead to trouble in<br>>> >> > the<br>>> >> > long run. You can disable that but it's yet another setting to get<br>>> >> > dead<br>>> >> > right.<br>>> >> ><br>>> >> >> While doing a bit of reading up on doing this I worked out it should<br>>>
>> >> be possible to use Samba to do shared home directories on Linux and<br>>> >> >> it<br>>> >> >> should work *better* than NFS.<br>>> >> ><br>>> >> > Yes, homes are easy to set up in Samba. Be careful where you place<br>>> >> > them,<br>>> >> > and consider user quotas to stop disc usage getting out of control.<br>>> >> >><br>>> >> >> Also can I join the Wins bit of the SMB to my DNS and not have so<br>>> >> >> much<br>>> >> >> duplication of service.<br>>> >> > Samba will become a WINS server, just put 'wins support = yes' in the<br>>> >> > [global] part of smb.conf. Job done.<br>>> >> ><br>>> >> > Samba is a leviathan, there are literally hundreds of possible<br>>> >> > settings,<br>>>
>> > any of which can trip you up. Good place to start is the official<br>>> >> > documentation:<br>>> >> ><br>>> >> > <a href="http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/" target="_blank">http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/</a><br>>> >> ><br>>> >> > Feel free to fire questions, but a couple of tips on things that are<br>>> >> > guaranteed to drive you up the wall at some point:<br>>> >> ><br>>> >> > You can grant whatever permissions you like in Samba, but if the<br>>> >> > appropriate Unix permissions are not in place, then they won't work,<br>>> >> > and<br>>> >> > you won't know why.<br>>> >> ><br>>> >> > Some config changes in Samba take effect straightaway, others require<br>>> >> >
a<br>>> >> > Windows logon/logoff or even reboot to take effect, so always worth<br>>> >> > trying that before giving up.<br>>> >> ><br>>><br>>><br>>> Interesting. I'll have to do some playing, and see what I can get working.<br>>><br>>> I've used most of the building blocks before but not together....<br>>><br>>> From what I can see so far,<br>>><br>>> Samba can be used with LDAP and Kerbros to emulate an AD but you can't<br>>> mix it with Winodows AD servers.<br>>><br>>> I can't stand LDAP I've always found it a beast and can't find a good<br>>> tool to administrate it correctly.<br>>><br>>> You still need to keep multiple databases in sync ie Kerbros, LDAP and<br>>> I guess your file permissions too.<br>>><br>>> Peter.<br>>><br>>>
_______________________________________________<br>>> Kent mailing list<br>>> <a ymailto="mailto:Kent@mailman.lug.org.uk" href="mailto:Kent@mailman.lug.org.uk">Kent@mailman.lug.org.uk</a><br>>> <a href="https://mailman.lug.org.uk/mailman/listinfo/kent" target="_blank">https://mailman.lug.org.uk/mailman/listinfo/kent</a><br>><br>><br>> _______________________________________________<br>> Kent mailing list<br>> <a ymailto="mailto:Kent@mailman.lug.org.uk" href="mailto:Kent@mailman.lug.org.uk">Kent@mailman.lug.org.uk</a><br>> <a href="https://mailman.lug.org.uk/mailman/listinfo/kent" target="_blank">https://mailman.lug.org.uk/mailman/listinfo/kent</a><br>><br><br>_______________________________________________<br>Kent mailing list<br><a ymailto="mailto:Kent@mailman.lug.org.uk" href="mailto:Kent@mailman.lug.org.uk">Kent@mailman.lug.org.uk</a><br><a href="https://mailman.lug.org.uk/mailman/listinfo/kent"
target="_blank">https://mailman.lug.org.uk/mailman/listinfo/kent</a><br><br><br></div></div></div></body></html>