PDA

Click to See Complete Forum and Search --> : Add domain members to Linux machine

jdvilla
10-13-2003, 06:08 PM
ok, I set up a Red Hat Linux computer to be part of a domain. So anyone can browse the network and when they "click" on the linux machine, an account is added for them. It's added to /etc/passwd and they have a home directory...

What I am looking to do is to allow people to log onto this machine so long as they belong to the windows domain I can go to any Windows machine on our network and login. I would like this to happen for the Linux machine as well.

I wonder if I should have selected smb type authentication during the installation process.

I am also aware that windows encryption differs from Unix

What steps do I need to look into?

Here is my current smb.conf file.

[global]
workgroup = OURDOMAINNAME
security = domain
password server = OURPWDSERVERWHICHISAWIN2KBOX
encrypt passwords = YES
add user script = /usr/sbin/useradd %u
hosts allow = 192.168.X. 127.

[homes]
comment = Home Directories
browseable = no
writable = yes
valid users = %S
create mode = 0700
directory mode = 0775
pl1ght
10-14-2003, 05:54 PM
We are basically doing the same thing you are trying to do, only this box is setup as NAS for nightly backups. Our windows backup machine dumps to this NetBSD box everynight via domain authentication. Maybe this will help.
We are specifying the exact user that can access, but that shouldnt matter in your case.



[global]
workgroup = OURDOMAIN
netbios name = BOX
security = SERVER
encrypt passwords = Yes
password server = 2k Domain controller
log file = /var/log/samba/log.%m.%I
wins server = 2k domain controller/WINS
host msdfs = Yes

#[homes]
# comment = Home Directories
# read only = No
# browseable = No

[dup001]
path = /export/backup/dup001
write list = @backup
jdvilla
10-14-2003, 05:58 PM
Actually, the solution I was looking for was found in winbind. I'm not eager about giving user authentication control to Windows, but for this purpose, I think it will be ok.

I haven't tried it yet, I'll post my findings when done.
ph34r
10-14-2003, 06:00 PM
You could also use ldap for authentication...
pl1ght
10-14-2003, 06:04 PM
Winbind should work fine, but the main problem i have found with it is that if a user happens to have a SPACE in their password they will not be able to auth with whatever is querying winbind. We have a rather large userbase where i work so that has been an issue, may not be in other situations. We mainly use winbind for user authentication on our intranet web apps.
jdvilla
10-14-2003, 06:09 PM
You could also use ldap for authentication...

We use Active Directory and I'm slowing starting to show some of the things that can be done with Linux.