I have successfully setup PAM, Winbind and Samba on a RedHat8 (Linux) computer so that a windows 2000 workstation can login to a Windows 2000 server domain, and then browse and mapped a drive to Redhat8. All of the users and groups information are residing on the Windows 2000 server domain and not on RedHat8.

The limitation of Winbind is that if there are multiple Linux computer that authenticate to a Windows 2000 server domain, then the same user on a Windows 2000 server domain would have a different UID (user id) on each Linux computer that is running Winbind.

Questions:

1) Am I correct that in order to solve this problem, I have to run Samba 2.2.7 with LDAP installed on the Linux machine ?

2) If I use Samba 2.2.7 with LDAP on the Linux side to authenticate to a Windows 2000 server domain, then do I need to use PAM on the Linux machine ?

3) On RedHat 8 and RedHat 9, if I use Samba 2.2.7 with LDAP on the Linux side to authenticate to a Windows 2000 server domain, then do I need to use Kerberos authentication on the Linux machine ?

4) On RedHat 8 and RedHat 9, if you run /usr/bin/authconfig, Then there is a section on Kerberos 5 for you to fill out. Am I correct that if Kerberos 5 authentication were to be used then it means that LDAP must be used in conjunction to it ?

Linh

I'm not sure that Samba and LDAP wouldn't solve the problem but you can use rsync to keep the file that holds the mappings between Windows UIDs and Linux UID synchronised on all the machines. That way you'll always gets the same UID on each box you log into with your Win2K Domain (ADS) user.

As I understand it yes, you'll need PAM and Winbind. Note that you won't need a seperate LDAP server as this is basically what your Win2K domain already provides. Or were you thinking of trying to get Win2K to authenticate against your LDAP server (run for the hills!).?

Note sure on this one. Win2K ADS use kerberos auth part of its authentication mechanism. I would have though that you would just use PAM and Winbind to talk to the domain controllers directly.

Pass... Sorry I don't use Redhat and don't really know much about Kerberos...

cheers

Jamie...

know I'm a little bit fuzzy on your setup. Maybe you over looked this idea or concept.

First of all you have a strong understanding of Server to client relationship. The problem is your confusing me.

We know a client computer accesses files on a Server.

But the way your approaching this to me is confusing me.

Your stating your running a Linux Samba Server and a Windows 2000 Server.

look at my example of how the files should be shared ok.


linux Samba Server
Linux client computers should then be hooked up to the Samba Server and share files directly to the Samba Server.


Windows 2000 Server
WIndows 2000 pro or clients should save files to the Windows 2000 Server.

What I'm implying is that if a server is used to save data and share documents.

Why are you trying to force the Windows 2000 server to connect to multiple sessions of Samba if all you need to do is setup the Samba server to share files to its local pool of computers being the linux workstations.

What I'm saying is all the Samba Server in your case is used for is a gateway to the Windows 2000 server to share resources.

The next point is do you need more then one Samba Server to access the Windows 2000 server because it puts to much of a load on the Single samba sever....

The question I might have is can the Unix Samba server share the mounted folder that is in the Root folder or can you create a user account on the Samba server for users to mount there own shares with windows 2000 Server. Which would allow each individual to login to a dummy terminal and access the Samba share themselves without using the root account.

You brought up some good points I feel. Maybe one day Samba might produce the product to allow Linux clients to connect individually on a workstation by workstation basis.