3

I'm replacing our old Windows XP Pro office server with a HP Microserver running Ubuntu Server 12.04 LTS.

I'm not a Linux expert but I can find my way around a terminal prompt, I'm a Mac user by choice.

The office use a mix of Windows XP Pro machines and OSX Lion laptops. I included Samba during installation, and I'm planning on using Netatalk for the AFP and Bonjour sharing.

I'd quite like to have samba make the server appear in 'My network places' on the Windows machines the way Bonjour makes it appear in finder on the Macs, if this is possible?

I want to get to a point so that a user logging into Windows, gets connected to the Ubuntu server (do they need an Ubuntu user account?) which get them their shares and their Windows user profile (though a standard profile across users would do).

The upshot is to make centralised control of user accounts (e.g. If a person leaves, killing their account on the server stops their Windows logon and ability to access Samba shares) and to ensure files aren't stored on the individual machines for backup/security purposes.

I want to make this as simple as possible, so don't want to have loads of stuff I don't need, I just can't figure out:

What I need at the server end: - will Samba be enough (already installed as part of initial installation), or will I need to cock around with LDAP (and how does this interact with Samba) - For someone of moderate Linux competence like me, is there a package that offers easy admin of user accounts, e.g. a GUI like phpLDAPadmin (if LDAP is necessary)

How to configure the XP machines: - do I need to have the XP machines set up as a domain controller (I've no idea on this aspect of Windows and Im struggling to find a meaningful definition of domains/profiles/AD/etc) - roaming profiles looks to offer the feature of putting the user's files on the server rather than the machine itself along with a profile that follows the user from machine to machine.

Syncing Mac user's home folders with the server This is less of a concern because I can set up Time Machine if it comes to it, but I'd appreciate any recommendations of what approach I should take having the Mac home folders synced to the server.

Dan
  • 261
  • 4
  • 11

1 Answers1

1

If you want roaming profiles, your best bet may be Samba 4, which has recently become stable enough to have release candidates.

Here's a Samba 4 HowT-To which takes you step-by-step. In this howto, you configure Samba 4 as a domain controller. Then you can join your Windows clients to the domain, which gets you roaming profiles, group policy, centralized account management, redirected folders, and so on. Here you'd manage your domain using Microsoft's graphical tools (MMC snap-ins) called Remote Server Administration Tools (RSAT), so you'd never need to use OpenLDAP's command-line tools. (Though you could use those tools to query your Active Directory.)

Here's another ServerFault thread about what you can expect with Samba4: Active Directory Domain with SAMBA or Other Tool.

I am not sure about syncing Mac's user home folders with the server. Here you could take several approaches... use something to join Macs to the domain (if such a thing exists), or give Macs the ability to access files over NFS / SFTP. Here the worry is that Samba 4 uses the filesystem's extended attributes / ACLs to track file access control list, and if you give users direct access to the filesystem on your Linux/Samba server, bypassing Samba 4, NTFS permissions will be messed up. I don't know a way around this. I hope others contribute to this question.

Community
  • 1
Philip
  • 781
  • 5
  • 10
  • Thanks for the response, this definitely gives me hope :) the MS tools that you refer to (MMC snapins) - are they available freely, and I assume they run under Windows? – Dan Oct 16 '12 at 10:41
  • Also, I'm concerned I could screw things up by using AFP/Netatalk to get the Macs files from the server. I wonder if anyone knows if Netatalk for Ubuntu supports extended attributes / ACLs... – Dan Oct 16 '12 at 11:17
  • 1
    Added info about MMC snap-ins. If you find my answer useful, I encourage you to upvote it or even accept it as your answer. :-) – Philip Oct 16 '12 at 12:20
  • Done and done :) After a bit of research, am I right in thinking RSAT is too new for our WinXP clients ? – Dan Oct 16 '12 at 14:02
  • 1
    RSAT would run on your administrative computer, not on the clients. You need just one RSAT installation to manage the whole domain. For example, I have a Windows 7 laptop with RSAT installed. With it, I manage about 60 Windows XP clients. – Philip Oct 16 '12 at 14:41
  • Ah, cool, so I can run it from the XP VM on my Mac? Thanks :) – Dan Oct 16 '12 at 15:17