Admin Server
Hardware
Currently dual-core Pentium D with 512MB RAM and 2x500GB drives.
Samba configuration
Windows clients will remain stand-alone because there isn't a central domain controller, although this might be implemented in the future
security =
We want to force NTLMv2 because we're not interested in clients older than XP
ntlm auth = no lanman auth = no
Enable LDAP backend for user database. This will store the password, group mapping, SIDs, and other Windows attributes
passdb backend = ldapsam:"ldap://localhost"
Use encrypted passwords to increase security from network sniffing. This increases the complexity of password management because we have to keep 2 different hashes of a password.
encrypt passwords = yes
User management tools
The user management tools will have to be modified to update both crypt and samba hashes, and users who want samba access will have to re-enter or change their passwords.