Hi list
Folks I am facing a boring problem which would request some netapp gurus lights ...
We use OpenLDAP as centralized authentication system with Samba for windows clients.
We have two filers ( F85 & F87 ) to store users data.The first one is a NFS server to be used by students and professors , it runs in UNIX mode and is accessed thru Samba + NFS for windows clients, this works slowly, but it works.
Now I want to setup a CIFS only filer for administrative people that only use windows, the problem is I have no **real** windows PDC as our samba servers are acting as PDC to our windows clients. The problem is it is IMPOSSIBLE to tell the filer to use the Samba PDC as it seems to require a real M$ PDC which I haven't. It is MANDATORY for us to keep our unique and centralized authentication system with OpenLDAP as we have several platforms that *all* use LDAP. ( Windows, HP-UX, Debian Linux, FreeBSD, Red Hat Linux ... )
The question is : what is the solution to make a CIFS only filer ?
Does any of you has ever start an Active Directory server as a slave of the OpenLDAP master ???
Thanks for any info.
On Wed, Jun 04, 2003 at 11:11:46AM +0200, Frank Bonnet wrote:
Hi list
Folks I am facing a boring problem which would request some netapp gurus lights ...
We use OpenLDAP as centralized authentication system with Samba for windows clients.
We have two filers ( F85 & F87 ) to store users data.The first one is a NFS server to be used by students and professors , it runs in UNIX mode and is accessed thru Samba + NFS for windows clients, this works slowly, but it works.
Now I want to setup a CIFS only filer for administrative people that only use windows, the problem is I have no **real** windows PDC as our samba servers are acting as PDC to our windows clients. The problem is it is IMPOSSIBLE to tell the filer to use the Samba PDC as it seems to require a real M$ PDC which I haven't. It is MANDATORY for us to keep our unique and centralized authentication system with OpenLDAP as we have several platforms that *all* use LDAP. ( Windows, HP-UX, Debian Linux, FreeBSD, Red Hat Linux ... )
The question is : what is the solution to make a CIFS only filer ?
Does any of you has ever start an Active Directory server as a slave of the OpenLDAP master ???
I have looked into this a bit a while ago...
My understanding is that Samba doesn't work with a filer because it does only ASCII-type authorization where a filer does only UNICODE-type auth.
Samba 3.0alpha supposedly has support for UNICODE, and also claims to act as an Active Directory PDC, with OpenLDAP at its back end.
You may want to examine the latest and greatest Samba packages...
-- Dave Le Blanc Unix Systems Administrator Computer Science Department California Institute of Technology (626)395-2402
On Wed, Jun 04, 2003 at 11:11:46AM +0200, Frank Bonnet wrote:
We use OpenLDAP as centralized authentication system with Samba for windows clients.
So... why don't you get 6.4 and use LDAP for filer access?
p.
On Wed, Jun 04, 2003 at 11:18:00PM +0200, Piotr KUCHARSKI wrote:
On Wed, Jun 04, 2003 at 11:11:46AM +0200, Frank Bonnet wrote:
We use OpenLDAP as centralized authentication system with Samba for windows clients.
So... why don't you get 6.4 and use LDAP for filer access?
because
1 - it needs to manipulate windows registry to send passwd in cleartext
2 - Loosing some functionnality of the PDC
-
David Le Blanc -
Frank Bonnet -
Piotr KUCHARSKI