Admin Server

From New IAC Wiki
Jump to navigation Jump to search


Currently dual-core Pentium D with 512MB RAM and 2x500GB drives.

Samba configuration

Windows clients will remain stand-alone because there isn't a central domain controller, although this might be implemented in the future

security = 

We want to force NTLMv2 because we're not interested in clients older than XP

ntlm auth = no
lanman auth = no

Enable LDAP backend for user database. This will store the password, group mapping, SIDs, and other Windows attributes

passdb backend = ldapsam:"ldap://localhost"

Use encrypted passwords to increase security from network sniffing. This increases the complexity of password management because we have to keep 2 different hashes of a password.

encrypt passwords = yes

User management tools

The user management tools will have to be modified to update both crypt and samba hashes, and users who want samba access will have to re-enter or change their passwords.