Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
03-25-2003, 10:13 AM
|
#1
|
Member
Registered: Apr 2002
Location: Montreal, Quebec
Distribution: Debian, Gentoo, RedHat
Posts: 142
Rep:
|
User database
I am working in a mixed Win NT/2000 and Linux environment.
I was wondering if there was a way to share the user account between the two. I know samba can use NT domain controller to authenticate users wanting to acces a share but I need more than that.
The best would be to create one set of user name and password in one environment, and be able to use it to log on the linux boxes as well as on the Win NT/2000 boxes.
Thanks for any help.
|
|
|
03-25-2003, 10:58 AM
|
#2
|
Senior Member
Registered: May 2001
Location: Left Coast - Canada
Distribution: s l a c k w a r e
Posts: 2,731
Rep:
|
You want to give NT usernames shell access to the linux boxes?
|
|
|
03-25-2003, 11:11 AM
|
#3
|
Member
Registered: Apr 2002
Location: Montreal, Quebec
Distribution: Debian, Gentoo, RedHat
Posts: 142
Original Poster
Rep:
|
Not exactly, (sorry if it was unclear)
let me give an example.
A new person needs an account to work. I log in my NT box (as admin) open user domain manager and create a new username for the guy with a password. Now, the guy can log on every Windows workstation that uses my domain controller.
Now what if the guy as to go sit in front of a linux workstation. he needs to log in. But his username and password he was using in Windows, is not valid on the linux box. So I would need to log on linux as root, create a new user and password for the guy.
Now the problem is when the guy want's to change is password, he needs to change his password at two places.
I was wondering if there were a way, either for linux or windows, to use the user database of the other one.
I suspect it would be aesier for linux to use windows user database than the other way around.
Sorry again if the first post was not completely clear.
And thanks for the fast answer.
|
|
|
03-28-2003, 02:20 PM
|
#4
|
Member
Registered: Apr 2002
Location: Montreal, Quebec
Distribution: Debian, Gentoo, RedHat
Posts: 142
Original Poster
Rep:
|
Does it (the absence of reply) mean it can't be done??
|
|
|
03-28-2003, 02:40 PM
|
#5
|
Member
Registered: Mar 2003
Distribution: Slackware
Posts: 234
Rep:
|
user logins
I would give linux access on a per user basis. Meaning, not everyone's going to use linux. (Or perhaps for your purposes they would?) But anyway, you'd only be cluttering your linux box by adding every user that's on the domain to it.
If you wanted to make it easier for yourself, you could write a little cgi/html form to add the user to the linux box for you, though it should only take a few seconds to add a user to your linux box anyway.
Comments, complains, b*tches, moans? Let me know what you think or if my understanding needs improved.
|
|
|
03-28-2003, 03:13 PM
|
#6
|
Member
Registered: Dec 2002
Posts: 327
Rep:
|
au contraire...
>Let me know what you think or if my understanding needs improved.
Let me enlighten you my friend.
http://nic-ks.greatplains.net/samba/winbind.html
winbind.
contained within samba 2.2. Lets you authenticate users on your linux box against your Windows PDC without creating entries in /etc/passwd
The link above is a nice one - gives you an overview of what winbind is, and a how-to on getting it configured.
Life is good... flowers are pretty, and users are happy
Slick.
|
|
|
03-28-2003, 03:53 PM
|
#7
|
Member
Registered: Mar 2003
Distribution: Debian
Posts: 158
Rep:
|
Set up Samba to be the PDC and force all NT boxen to authenticate against it.
You now have a single point of authentication.
|
|
|
03-28-2003, 04:08 PM
|
#8
|
Member
Registered: Dec 2002
Posts: 327
Rep:
|
Um.. no.
Sorry to say this, but Windows 2000 will not play nicely with a samba pdc.
As it stands, at this minute in time, you can't reliably set up a samba machine to be a pdc while Windows 2000 machines are joining up.
When samba TNG is finished you might be able to do that, but currently your best *stable* *working* environment is to host the PDC on a 2k machine and have your linux authenticate to the windows machine.
This guy is in a *corporate* environment and no matter how well your (or my) home networks work with our 2 or 3 machines doing smb'ish things back and forth, it simply doesn't translate into a workplace where you have many users, admin tasks and stuff you do with domains that don't happen at home.
I could be out of date on this, but when I last looked at SambaTNG it wasn't ready yet, and you certainly can't do this with Samba 2.x
Slick.
|
|
|
03-28-2003, 04:35 PM
|
#9
|
Member
Registered: Mar 2003
Distribution: Slackware
Posts: 234
Rep:
|
eh
I wasn't asking if someone else thought their idea superseded my own, I was asking if my understanding of his situation was being accomplished.
In a networking environment I admin, I know that I don't want all users to f*ck with linux. This increases the load on the help desk for someone that wants to mess with the server in their free time for non-work related issues. (even if we had to tell them that when they called, that's still a load that needs considered.) Not mentioning the load put on the server. And, of course, there's the "power user" profile, among many others that would just add added strain to the server.
In conclusion, winbond may be great in an environment where all users knew both sides of the OS house for general operating purposes, but this utopia doesn't exist in a large scale office.
Last edited by Blindsight; 03-28-2003 at 04:36 PM.
|
|
|
03-28-2003, 06:40 PM
|
#10
|
Member
Registered: Apr 2002
Location: Montreal, Quebec
Distribution: Debian, Gentoo, RedHat
Posts: 142
Original Poster
Rep:
|
Thanks slickwilly, that is exactly what I was looking for. Having the linux boxes as part of the domain is perfect. It will reduce problem with double passwords and so on.
Blindsight:
Your points are extremely valid, but all the users in my situation are computer engineers and programmers. We all need access to both windows machines and linux machines.
Although I have not finished reading the doc, I suppose winbind is able to control user access on linux in the same way you can do it in a win NT environment. If it is the case, all the user security settings can be easily modified from one single location.
(example: if someone quits, his login can be remove from the systems easily. Windows or linux alike)
Thanks again.
|
|
|
All times are GMT -5. The time now is 01:30 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|