[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Sunday 14 June 2009 10:47, Rob Beard wrote: ... > > And its just occurred to me that I used to write code that set up users > > and passwords on NT4 and it wouldn't be too hard to write a small > > (web?)app to allow user creation/deletion/modification/group control on > > both controllers so the admins and users only really see a single sign-on > > approach. Tom te tom te tom > > I'm confused, why would this be needed? > > I mean the Windows machines will talk to a Samba server acting as a > domain controller anyway, and I gather that it's a pretty small network > that Richard has. If he's running SME Server as his Linux server it has > a nice easy to use web interface anyway for adding/removing/editing > users, groups and shares. There are some features of windows security that will not map (by MS design) to LDAP and if these are already in use and cant be replaced* then an MS domain controller is required as well and this normally results in two stores of usernames/passwords being required. Tom te tom te tom *I haven't been 'close' to ms user configuration since w2k but looking at notes from a friends XP server admin training course it looked as if a massive effort was being made to ensure that by the time people started looking at replacing AD with LDAP it would be too damned inconvenient for most. If you can start with samba/LDAP you may be able to allow Windows users to have sensible security arrangements from the outset but I dont know -LDAP can do it but I'm not sure it can be used from the MS side without this 'mirrored' central control - Samba implementation notes suggest not. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html