Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I have 10 XP clients authenticating against a Samba PDC, using passwd as the passdb backend. The Samba PDC provides several shares to the XP clients.
Priviledges on the Samba PDC are controlled by *nix user and group permissions.
I do not have any Windows servers on my network, so we do not use any of the Windows group capabilities beyond the default groups.
My Samba PDC is running out of room, so I want to move the shares to a new server with more storage, but I want the Samba PDC to continue to authenticate my XP clients.
Should I maintain the definition of the shares on the Samba PDC, but actually store the data on the new server and make it available to the PDC via NFS. In other words, do not use Samba on the new server, but use NFS instead?
Should I use Samba and winbind on the new server to provide access to the shares and control permissions?
hmm, that's an interesting idea. I don't see why it wouldn't work. but you are adding another level of complexity and your NFS set up had better be dead right. In production environments, taking even small risks is not always possible..... I'm intrigued by this, i might have a go on my hp-ux servers!
can't you get samba on the new server to use the old PDC to authenticate (ab)users onto it? but if you are going to do that, surely it would be eaiser to just move the samba pdc functions to the new server (as this would be fairly easy)....
what's the thinking behind keeping the old box as PDC?
To answer your second question first, you are right. The simple solution would have been to make the new box the PDC, which I may still do. However, I may be adding a second member server soon, so I needed to figure out how to integrate the member server into my network anyway.
On to your first question. I have been able to get samba on the new server to use the old PDC to authenticate the users. And, I have been able to verify with wbinfo -u. However, I run into a problem with group permissions.
When I do a wbinfo -r <username> on the member server, I get a list of numeric group ids for the user. The count matches the number of groups that the user belongs to on the PDC. Having virtually no experience with samba, I thought that might not be a big deal, especially since I could determine the group name by using the following commands:
wbinfo -G <group-id> wbinfo -s <SID from the command above>
Now, if I change the group ownership to the appropriate GID (in this case, 10012), the chgrp command works and my XP clients can access the directory with the appropriate permissions, which I guess I can do. But, if something happens to winbind idmap tables and things get renumbered for some reason, I don't want to have to face the task of fixing the GIDs across some files and directories.
Does any of that make sense?
I am running Debian-sarge, which uses samba 3.0.14.
And, what should I do if there is overlap? For example, when I first set up the PDC, I took advantage of what appeared to be a default group, staff (GID=50), which of course is on the member server as GID 50, but the member server sees it as GID 10001. Should I just replace it with some new group that does not overlap with any of the default groups?
Hmmm...well, I guess that explains it. For some reason, I thought that winbind would take care of mapping the group names as well as the usernames, but clearly, I was mistaken.
And, after doing a quick test by using scp, it appears that I am going to have to manually reset the permissions on the files and folders after I move them from the PDC to the member server. That just seems like a lot of work. I wish that there was an easier way to do.
Thank you for your help and your quick responses. At least now, I can stop trying to get over this hurdle and move forward. Thanks again.