[gentoo-server] OT - Samba ADS

[gentoo-server] OT - Samba ADS

[Sean Cook]

About a month ago, some one posted a great link/howto on integrating samba
with win2k.  I have in advertantly lost that email and can't find it while
googling... if anyone has that please send to me off line and I will crawl
back into the whole from which I came.

Sean


-- 
gentoo-server@gentoo.org mailing list

Re: [gentoo-server] OT - Samba ADS

[Paul Kölle]

Sean Cook wrote:
> About a month ago, some one posted a great link/howto on integrating samba
> with win2k.  
What do you mean by "integrate"? net ads join?
I have in advertantly lost that email and can't find it while
> googling... if anyone has that please send to me off line and I will crawl
> back into the whole from which I came.
I'm subscribed for a few days now so I of no help here, however you can
always look at news.gmane.org.

cheers
 Paul
-- 
gentoo-server@gentoo.org mailing list

Re: [gentoo-server] OT - Samba ADS

[Erik Anderson]

On 5/20/05, Sean Cook <scook@kinex.net> wrote:
> About a month ago, some one posted a great link/howto on integrating samba
> with win2k.  I have in advertantly lost that email and can't find it while
> googling... if anyone has that please send to me off line and I will crawl
> back into the whole from which I came.

Sean - I've recently followed this guide for setting up a few samba
fileservers and a cvs server:

http://forums.gentoo.org/viewtopic-t-114837-highlight-samba+ldap.html

Worked great for me...

-Erik Anderson

-- 
gentoo-server@gentoo.org mailing list

Re: [gentoo-server] OT - Samba ADS

[Robert Larson]

On Friday 20 May 2005 02:38 pm, Sean Cook wrote:
> About a month ago, some one posted a great link/howto on integrating samba
> with win2k.  I have in advertantly lost that email and can't find it while
> googling... if anyone has that please send to me off line and I will crawl
> back into the whole from which I came.
>
> Sean

Hi Sean,

I posted this to the list a little bit ago, and in the off chance it may be 
what you were looking for, I thought I would post it again...


I have actually set this up as an NT domain, as close to ADS as I could 
possibly get.  The implementation was a little tricky, but it involves 
(heimdal)kerberos, sasl, openldap, pam, djbdns, dhcp, and samba.  A web 
document I had found helped me significantly when I approached technical 
issues:
http://www.opentechnet.com/auth-howto/

Along the lines of replacing ADS, I think this is as close as you may get.  
The thing that sets Microsoft's ADS apart is that they use a form of Remote 
Procedure Calls that implements a lot of the leg work.  This makes microsoft 
incompatible against samba.

In AD mode, a Microsoft computer won't authenticate against a linux host 
(though it would as a PDC in NT mode) since it would be trying to communicate 
in misc forms of RPC talk.  On the flip side, it should be possible to 
authenticate samba against ADS.  Here is a tool that allows for flexibilty 
with authentication under windows:
http://pgina.xpasystems.com/info/

As far as drawbacks, that's it.  I haven't seen anything wrong with doing it 
NT style, and with all of the added bells and whistles.  

I don't know the specifics, but the SMB-TNG is a lot more bleeding edge 
technology when it comes to samba in an enterprise environment.  It may 
provide you with a solution closer to what you are looking for:
http://www.samba-tng.org

I had a lot of fun setting this up!  ;)

Regards,

Robert

-- 
echo "Your stdio isn't very std."
             -- Larry Wall in Configure from the perl distribution
-- 
gentoo-server@gentoo.org mailing list

RE: [gentoo-server] OT - Samba ADS

[Wilkins, Vern]

[-- Attachment #1: Type: text/plain, Size: 667 bytes --]

http://www.geocities.com/rbr28/ADS-linux.html

Here's a bit of documentation I started for integrating Linux into an Active Directory domain.



-----Original Message-----
From:	Sean Cook [mailto:scook@kinex.net]
Sent:	Fri 5/20/2005 2:38 PM
To:	gentoo-server@lists.gentoo.org
Cc:	
Subject:	[gentoo-server] OT - Samba ADS
About a month ago, some one posted a great link/howto on integrating samba
with win2k.  I have in advertantly lost that email and can't find it while
googling... if anyone has that please send to me off line and I will crawl
back into the whole from which I came.

Sean


-- 
gentoo-server@gentoo.org mailing list






[-- Attachment #2: winmail.dat --]
[-- Type: application/ms-tnef, Size: 2583 bytes --]

Re: [gentoo-server] OT - Samba ADS

[Sean Cook]

Robert,

Thats the one!  Thank you!
Sean

On Fri, 2005-05-20 at 15:52 -0500, Robert Larson wrote:
> On Friday 20 May 2005 02:38 pm, Sean Cook wrote:
> > About a month ago, some one posted a great link/howto on integrating samba
> > with win2k.  I have in advertantly lost that email and can't find it while
> > googling... if anyone has that please send to me off line and I will crawl
> > back into the whole from which I came.
> >
> > Sean
> 
> Hi Sean,
> 
> I posted this to the list a little bit ago, and in the off chance it may be 
> what you were looking for, I thought I would post it again...
> 
> 
> I have actually set this up as an NT domain, as close to ADS as I could 
> possibly get.  The implementation was a little tricky, but it involves 
> (heimdal)kerberos, sasl, openldap, pam, djbdns, dhcp, and samba.  A web 
> document I had found helped me significantly when I approached technical 
> issues:
> http://www.opentechnet.com/auth-howto/
> 
> Along the lines of replacing ADS, I think this is as close as you may get.  
> The thing that sets Microsoft's ADS apart is that they use a form of Remote 
> Procedure Calls that implements a lot of the leg work.  This makes microsoft 
> incompatible against samba.
> 
> In AD mode, a Microsoft computer won't authenticate against a linux host 
> (though it would as a PDC in NT mode) since it would be trying to communicate 
> in misc forms of RPC talk.  On the flip side, it should be possible to 
> authenticate samba against ADS.  Here is a tool that allows for flexibilty 
> with authentication under windows:
> http://pgina.xpasystems.com/info/
> 
> As far as drawbacks, that's it.  I haven't seen anything wrong with doing it 
> NT style, and with all of the added bells and whistles.  
> 
> I don't know the specifics, but the SMB-TNG is a lot more bleeding edge 
> technology when it comes to samba in an enterprise environment.  It may 
> provide you with a solution closer to what you are looking for:
> http://www.samba-tng.org
> 
> I had a lot of fun setting this up!  ;)
> 
> Regards,
> 
> Robert
> 
> -- 
> echo "Your stdio isn't very std."
>              -- Larry Wall in Configure from the perl distribution

-- 
gentoo-server@gentoo.org mailing list