Mailinglist Archive: opensuse (2634 mails)

< Previous Next >
Re: [opensuse] Linux AD server for Windows clients - Was: Win vs Lin info
  • From: Russell Jones <russell.jones@xxxxxxxxxxxx>
  • Date: Thu, 01 Mar 2007 09:18:48 +0000
  • Message-id: <45E69A78.5090102@xxxxxxxxxxxx>
Hans van der Merwe wrote:
On Wed, 2007-02-28 at 16:26 +0000, Russell Jones wrote:

So Samba AD-enabled with LDAP managed users/groups is probably the best
bet for replacing File and Print services?
That depends on a bunch of factors. If you want to integrate Linux systems into your existing AD setup (on Windows servers), I'd think winbind (which makes windows AD users and groups the ones in Linux) would suit. I'm a little hazy on how essential users (e.g. 'nobody') are handled if they are not in AD. I'd think that as with LDAP there are fallbacks to /etc/group and /etc/passwd (ish) when users are not found in AD.
I don't know about using LDAP authentication against AD. AD is not LDAP, it's a proprietary X500 derived set of conventions. You may be able to get it to talk LDAP or LDAPishly enough to work. I'd be wary of the latter, though.
OTOH, if you are happy for users just to go directly to print/file servers (rather than find them via a directory search) the server doesn't need to be that integrated with the domain and can just do certain types of authentication against it.
Ech, it's been a while since I looked at this, and I'm not clear what you're trying to do.
There is no "best bet", IMO. It depends too much on your existing set-up. You need to look at what Samba can provide and consider what you want to do.
I'm not even sure if you need to use Samba... Do you need to work with AD? Can you put Linux on the desktop?

I have the luxury of implementing a clean system at a clients with about
10 users (7 XP, 1 Vista, 2 OSX).  In the future couple of Linux clients.

I would like to provide:
1.  Login and File/Print sharing.
Doing this in Samba just feels natural? because it's what most of the
client PCs talk. I'm not sure about AD, no-AD? Do I need it?
You only "need" AD if you already have it (or have a specific requirement for one of the features that you cannot provide another way).
2.  Central user/password management
LDAP will provide central user management. This will also help with
Apache/Tomcat auth and  any other services in the future that can talk
LDAP.
I think SuSE provides some similar functionality in the LDAP Yast2 modules, but I'm not familiar with those. You could also have a look at the LDAP users module for webmin. It's quite nice.
Any other ideas?
Try typing "ldap pam nss howto" into google (sans quotes) and see what you find. IIRC, this is how I got started.
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
References