Samba 3 + AD Winbindd or not? - SMB

This is a discussion on Samba 3 + AD Winbindd or not? - SMB ; Red Hat 9, Samba 3 Windows 2000 Native mode I want unified logons for my samba server. I'd like directories and printers on my samba to accept the Windows credentials (ie..not prompt.) Do I need winbindd stuff for this or ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: Samba 3 + AD Winbindd or not?

  1. Samba 3 + AD Winbindd or not?

    Red Hat 9, Samba 3 Windows 2000 Native mode

    I want unified logons for my samba server. I'd like directories and
    printers on my samba to accept the Windows credentials (ie..not
    prompt.) Do I need winbindd stuff for this or will following the
    "Active Directory Member Server" stuff accomplish the same goal?

    Thanks!

  2. Re: Samba 3 + AD Winbindd or not?

    In article <4cb37d27.0310220912.5c3cda37@posting.google.com>,
    cbell@msbv.com (SprMan) writes:
    >
    > I want unified logons for my samba server. I'd like directories and
    > printers on my samba to accept the Windows credentials (ie..not
    > prompt.) Do I need winbindd stuff for this or will following the
    > "Active Directory Member Server" stuff accomplish the same goal?


    If your users just use the Samba server computer for the Samba server
    software, Winbind is unnecessary. What Winbind does is to enable
    non-Samba server programs and other tools that require authentication
    (like logon) to access the domain controller's authentication tools.
    Thus, you might want to install it if, say, your local users have shell
    access to the Samba server computer and you don't want to maintain the
    local Unix account database for these users.

    --
    Rod Smith, rodsmith@rodsbooks.com
    http://www.rodsbooks.com
    Author of books on Linux, FreeBSD, and networking

  3. Re: Samba 3 + AD Winbindd or not?


    "Rod Smith" wrote in message
    news:ueo8nb-j2b.ln@speaker.rodsbooks.com...
    > In article <4cb37d27.0310220912.5c3cda37@posting.google.com>,
    > cbell@msbv.com (SprMan) writes:
    > >
    > > I want unified logons for my samba server. I'd like directories and
    > > printers on my samba to accept the Windows credentials (ie..not
    > > prompt.) Do I need winbindd stuff for this or will following the
    > > "Active Directory Member Server" stuff accomplish the same goal?

    >
    > If your users just use the Samba server computer for the Samba server
    > software, Winbind is unnecessary. What Winbind does is to enable
    > non-Samba server programs and other tools that require authentication
    > (like logon) to access the domain controller's authentication tools.
    > Thus, you might want to install it if, say, your local users have shell
    > access to the Samba server computer and you don't want to maintain the
    > local Unix account database for these users.
    >


    I don't quite agree, there is a catch. When you join your Samba server to AD
    (Active Directory) as a member server, Samba will authenticate to the AD
    DC's (Domain Controllers). However, while Samba authenticates to AD, it
    gives the user priveleges according to a matching Linux account. So you
    still must maintain Linux accounts to match the AD accounts, or use smbusers
    to map the AD users to a Linux user(s).

    > --
    > Rod Smith, rodsmith@rodsbooks.com
    > http://www.rodsbooks.com
    > Author of books on Linux, FreeBSD, and networking




  4. Re: Samba 3 + AD Winbindd or not?

    "m.marien" wrote in message news:...
    > "Rod Smith" wrote in message
    > news:ueo8nb-j2b.ln@speaker.rodsbooks.com...
    > > In article <4cb37d27.0310220912.5c3cda37@posting.google.com>,
    > > cbell@msbv.com (SprMan) writes:
    > > >
    > > > I want unified logons for my samba server. I'd like directories and
    > > > printers on my samba to accept the Windows credentials (ie..not
    > > > prompt.) Do I need winbindd stuff for this or will following the
    > > > "Active Directory Member Server" stuff accomplish the same goal?

    > >
    > > If your users just use the Samba server computer for the Samba server
    > > software, Winbind is unnecessary. What Winbind does is to enable
    > > non-Samba server programs and other tools that require authentication
    > > (like logon) to access the domain controller's authentication tools.
    > > Thus, you might want to install it if, say, your local users have shell
    > > access to the Samba server computer and you don't want to maintain the
    > > local Unix account database for these users.
    > >

    >
    > I don't quite agree, there is a catch. When you join your Samba server to AD
    > (Active Directory) as a member server, Samba will authenticate to the AD
    > DC's (Domain Controllers). However, while Samba authenticates to AD, it
    > gives the user priveleges according to a matching Linux account. So you
    > still must maintain Linux accounts to match the AD accounts, or use smbusers
    > to map the AD users to a Linux user(s).
    >


    You can map direcory ownership / group rights directly to Domain
    Groups and users so that isn't totally true.

    you can have file and directory rights that belong to
    Domain+Useromain+group

  5. Re: Samba 3 + AD Winbindd or not?


    "Nate" wrote in message
    news:2ff168b3.0310281100.41096b0@posting.google.co m...
    > "m.marien" wrote in message

    news:...
    > > "Rod Smith" wrote in message
    > > news:ueo8nb-j2b.ln@speaker.rodsbooks.com...
    > > > In article <4cb37d27.0310220912.5c3cda37@posting.google.com>,
    > > > cbell@msbv.com (SprMan) writes:
    > > > >
    > > > > I want unified logons for my samba server. I'd like directories and
    > > > > printers on my samba to accept the Windows credentials (ie..not
    > > > > prompt.) Do I need winbindd stuff for this or will following the
    > > > > "Active Directory Member Server" stuff accomplish the same goal?
    > > >
    > > > If your users just use the Samba server computer for the Samba server
    > > > software, Winbind is unnecessary. What Winbind does is to enable
    > > > non-Samba server programs and other tools that require authentication
    > > > (like logon) to access the domain controller's authentication tools.
    > > > Thus, you might want to install it if, say, your local users have

    shell
    > > > access to the Samba server computer and you don't want to maintain the
    > > > local Unix account database for these users.
    > > >

    > >
    > > I don't quite agree, there is a catch. When you join your Samba server

    to AD
    > > (Active Directory) as a member server, Samba will authenticate to the AD
    > > DC's (Domain Controllers). However, while Samba authenticates to AD, it
    > > gives the user priveleges according to a matching Linux account. So you
    > > still must maintain Linux accounts to match the AD accounts, or use

    smbusers
    > > to map the AD users to a Linux user(s).
    > >

    >
    > You can map direcory ownership / group rights directly to Domain
    > Groups and users so that isn't totally true.
    >
    > you can have file and directory rights that belong to
    > Domain+Useromain+group


    You have me interested. However, I can only find reference to Domain+User in
    the winbind documentation. Is it possible without winbind ? and is there
    some documentation ?



+ Reply to Thread