| View previous topic :: View next topic |
| Author |
Message |
VinzC
Watchman
Joined: 17 Apr 2004
Posts: 5098
Location: Dark side of the mood
|
 Posted: Thu Aug 25, 2005 8:49 pm Post subject: Using Samba 3 as an active Directory controller |
 |
|
Hi.
I'm sorry if the question has already been ansered some way but I must admit I'm totally confused about Samba and Active Directory integration. Here is what I'd like:
I have setup a VPN tunnel between two sites. The primary site is an Active Directory domain (W2K, mixed). The second site has no (Windows) domain controller yet - and I don't plan to have any from M$. Both VPN routers are Gentoo machines that I (successfully) setup with OpenSwan. The Gentoo box on the second site is a full DHCP/Bind server with dynamic DNS updates. The second site should allow Windows machines that were previously joined to the domain.
Now I'd like to do something so that windows machines on the second site can use Samba as an Active Directory controller so that they "think" they're in the domain. I'd like to prevent Windows machines on the second site to make queries against the main Active Drirectory controller on the first site to spare bandwidth. So I'd like to setup sort of a "satellite domain controller" with Samba 3 so that I can:
- install new Windows machines on the second site and join the AD domain;
- log onto a windows machine with a newly created domain user account and setup his profile;
- optionnally let users who log onto their windows machine run the same logon scripts as on the first site (I presume this involves replicating logon scripts between AD and Samba?);
- prevent the error message "No active directory domain controller was found" in the event log.
I don't want to log onto the Linux box using AD user accounts (i.e. I don't want to use pam_smb to authenticate Linux users against the domain controller). I still want to be able to create Linux user accounts independently and to use them locally (i.e. on the Linux box).
Can such a scenario be done with Samba 3? Now if that can be achieved without Samba I don't mind. Note I's still need a local file server to store and share files on the second site without requiring a round-trip between both sites.
Thanks for any suggestion.
_________________
Gentoo addict: tomorrow I quit, I promise!... Just one more emerge...
1739! |
|
| Back to top |
|
 |
VinzC
Watchman
Joined: 17 Apr 2004
Posts: 5098
Location: Dark side of the mood
|
| Posted: Thu Sep 01, 2005 6:18 pm Post subject: |
|
|
Good, I'm answering my own question...
| http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-pdc.html#id2545441 wrote: | | In short, Samba-3 is not NT4 and it is not Windows Server 200x: it is not an Active Directory server. We hope this is plain and simple enough for all to understand. |
_________________
Gentoo addict: tomorrow I quit, I promise!... Just one more emerge...
1739! |
|
| Back to top |
|
|
|
Networking & Security
