[TriLUG] Samba Question

Turnpike Man turnpike420 at yahoo.com
Sun Mar 9 19:16:47 EST 2003 

YES!  This is what I was talking about... but I had horrible luck... no go for
me... but then again, I'm not an expert... so if anyone gets this... I'd LOVE
to know!  Thanks,
David

--- Jon Carnes <jonc at nc.rr.com> wrote:
> I was just looking at some ADS/Linux integration stuff last week for a
> possible client.  Looks a bit complex, but from what I've read, very
> do-able. 
> 
> Here on some sites that cover the use of Active Directory for
> authenticating Unix/Linux servers:
> 
> ======
> http://www.css-solutions.ca/ad4unix/
> 
> Microsoft Active Directory for Unixes
> 
> MKSADExtPlugin
> 
> MKSADPlugins - is an extension plug-in for the Microsoft Active
> Directory Server, that enable for the UNIX related information to be
> stored in Active Directory.
> 
> Primary goal of that solution - create the unified account database for
> Windows and UNIX servers.
> 
> Most organizations, that have large user database (relatively large :-),
> for me 300 accounts enough :-)) and have heterogeneous network with
> Windows and UNIX servers, have to maintain and synchronize the user
> accounts databases on both systems. Also, if NIS or similar (like LDAP)
> services is not used for UNIX side, there is problem to synchronize the
> passwd and shadow database on all UNIX computers.
> 
> That plug-in could help organize a wide accounts information
> infrastructure that will be used by Windows computers natively (as
> members of Active Directory Domain) and by any UNIX computers, that
> support LDAP access to Name Service Information.
> 
> 
> Supported platforms now:
> 
> - Any platform that supported by PADL NSS-LDAP and PAM-LDAP modules 
> Linux, Solaris (read please Documentation section about Solaris8) for
> sure... other - check on PADL web site
> - AIX v.4 and v.5
> 
> ======
> http://online.securityfocus.com/infocus/1563
> 
> Active Directory and Linux 
>  by David Elson 
>  last updated April 3, 2002 
>  
> 
>  Introduction 
> 
>  This article discusses the use of Microsoft's Active Directory as an
> authentication service for Linux systems. Although Linux has a perfectly
> good directory based authentication system (OpenLDAP), it may be
> desirable on some sites to authenticate Linux users against a Microsoft
> Windows 2000 server. 
> 
> Although this article discusses Linux (because that is the system I have
> available in my office), this authentication mechanism works well
> against other Unix systems that have a PAM/NSS mechanism. Currently that
> includes Solaris, although discussion has taken place on the possibility
> of getting this to work on HP-UX. Since most of the work is done at the
> Windows 2000 end, the instructions for getting this to work on Solaris
> are not too different from what I have described here.
> 
> ======
> 
> I hope you find the above articles useful. Of course if you can wait
> till the end of Fall before needing the ADS/Linux integration then the
> new Samba tools for ADS should greatly simplify the task!
> 
> Jon Carnes
> 
> ======
> 
> On Sun, 2003-03-09 at 14:38, Roy Vestal wrote:
> > Glad to help. Sorry it took so long to get back to you.
> > 
> > BTW, has anyone investigated Samba and Win2k/XP ADS? I just found out we 
> > are going ADS come hell or highwater, we're Exchange dependants and 
> > without a long discussion because of it, we have to use ADS in order to 
> > use Exchange 2002.
> > 
> > I'm not asking for comments, snickers or the like on what I am required to 
> > use, just anything folks may have run into.
> > 
> > TIA.
> > 
> > On 27 Feb 2003, Mark Fowle wrote:
> > 
> > > I removed all the locks and upgraded to 2.2.7a and it seems to work
> > > better now.  Thanks!
> > > 
> > > Mark
> > > 
> > > On Thu, 2003-02-27 at 13:21, Roy Vestal wrote:
> > > > One thing that I've run into is the samba locks that occur on the samba
> > > > server.  shutdown the service (both smbd and nmbd) and check
> > > > /var/opt/samba/locks. Usually when I have communication errors,
> removing the
> > > > temporary locks seems to fix it. Once you've removed them, simply
> restart
> > > > the services.
> > > > ----- Original Message -----
> > > > From: "Mark Fowle" <mark at thefowles.com>
> > > > To: "trilug" <trilug at trilug.org>
> > > > Sent: Saturday, February 22, 2003 10:57 PM
> > > > Subject: Re: [TriLUG] Samba Question
> > > > 
> > > > 
> > > > > On Sat, 2003-02-22 at 19:12, Jon Carnes wrote:
> > > > > > What happens when you restart the service on the server (or just
> the
> > > > > > nmdb)?
> > > > > >
> > > > > I don't see any error messages in the nmdb.log -- but even restarting
> > > > > the nmdb doesn't seem to cure it.
> > > > >
> > > > > > I think this error has something to do with the "ultra secret
> security"
> > > > > > number that is generated by a PDC for a domain and then shared with
> > > > > > authenticated machines at the point when you authenticate them.  If
> the
> > > > > > server can't access this "ultra secret security" number then it
> can't
> > > > > > authenticate any other windows (samba) server to the domain, and it
> > > > > > can't add a new server to the domain.
> > > > > >
> > > > > Is this the secrets.tdb ? Is there a way to regenerate this file or
> some
> > > > > way to find out exactly whats missing without dumping everything and
> > > > > starting over?
> > > > >
> > > > > > A domain has a SAM associated with it that authenticates each
> machine as
> > > > > > being a member of the domain.  Each server on the domain has an
> > > > > > individual SAM associated with it that authenticates that servers
> > > > > > identity.
> > > > > >
> > > > > Should there also be a SAM account in the smbpasswd ?  I've never
> seen a
> > > > > reference that says to....
> > > > >
> > > > > Thanks,
> > > > > Mark
> > > > >
> > > > >
> > > > > > _______________________________________________
> > > > > > TriLUG mailing list
> > > > > >     http://www.trilug.org/mailman/listinfo/trilug
> > > > > > TriLUG Organizational FAQ:
> > > > > >     http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
> > > > >
> > > > >
> > > > > _______________________________________________
> > > > > TriLUG mailing list
> > > > >     http://www.trilug.org/mailman/listinfo/trilug
> > > > > TriLUG Organizational FAQ:
> > > > >     http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
> > > > >
> > > > >
> > > > 
> > > > _______________________________________________
> > > > TriLUG mailing list
> > > >     http://www.trilug.org/mailman/listinfo/trilug
> > > > TriLUG Organizational FAQ:
> > > >     http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
> > > 
> > > 
> > > _______________________________________________
> > > TriLUG mailing list
> > >     http://www.trilug.org/mailman/listinfo/trilug
> > > TriLUG Organizational FAQ:
> > >     http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
> > > 
> > > 
> > 
> > -- 
> > ---------------------------------------
> > Roy Vestal
> > rvestal at trilug.org
> > http://www.trilug.org/~rvestal
> > 
> > I'm not a geek, I just play one on tv.
> > ---------------------------------------
> > 
> > _______________________________________________
> > TriLUG mailing list
> >     http://www.trilug.org/mailman/listinfo/trilug
> > TriLUG Organizational FAQ:
> >     http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
> 
> 
> _______________________________________________
> TriLUG mailing list
>     http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ:
>     http://www.trilug.org/~lovelace/faq/TriLUG-faq.html


__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/

More information about the TriLUG mailing list