UCS 2.4 - Univention
UCS 2.4 - Univention
UCS 2.4 - Univention
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
8 Services for Windows<br />
With this program a <strong>UCS</strong> server can adopt the role of a member server and the role of a primary domain<br />
controller (PDC) or a backup domain controller (BDC) in the domain (More information on server roles can<br />
be found in Chapter 2.1.<br />
Thus, the combination Samba/OpenLDAP is a hybrid between Windows NT domains and Active Directory.<br />
From the perspective of a Windows client, it is a Windows NT domain. <strong>Univention</strong> AD Connector can be<br />
used for connecting an Active Directory service.<br />
However, as far as the administration of user, group and computer information is concerned, it is a complete<br />
directory service based solution with all of its advantages.<br />
Attention:<br />
Replication between Windows-based and Linux-based domain controllers is not implemented in Samba as<br />
standard. <strong>Univention</strong> can, however, provide Samba BDC packages for <strong>UCS</strong>, with which a <strong>UCS</strong> system can<br />
be operated under a Windows NT PDC (primary domain controller) in a Windows NT domain as a BDC<br />
(backup domain controller). Otherwise only domain controllers with the same directory service can be used<br />
within one domain, so that changes can be replicated to the other directories from the changed master<br />
directory. That means that without the expansion mention above, it is not possible to operate Windows-<br />
based domain controllers and Samba-based domain controllers with OpenLDAP in one domain. Notes on<br />
the synchronisation of directory service objects with Windows 2000/2003/2008 with Active Directory can<br />
be found in the documentation for the <strong>Univention</strong> Active Directory Connector [16]<br />
Further reading on Samba can be found on the website http://www.samba.org/.<br />
8.2.1 Authentication Service<br />
The passwords are stored in the LDAP directory. Users are authenticated against the LDAP directory<br />
when logging into the domain with their username and password, and can then access all the shared<br />
resources of the domain without having to enter their username and password again. Computers with any<br />
kind of Windows operating systems are authenticated in the same way as in Windows NT domains, via<br />
the NTLMv2 protocol.<br />
8.2.2 File server<br />
Users working on Windows clients can also store their files on an <strong>UCS</strong> server. This process is transparent<br />
for the users since they can store their files on a drive, as with Windows. Per default the home directories<br />
of all users are shared by Samba and assigned as drive I: after login. <strong>Univention</strong> Directory Manager allows<br />
the drive letters to be adapted in a comfortable way for each user (see chapter 4.5.1, tab Windows).<br />
The share management of <strong>Univention</strong> Directory Manager makes it possible for users to share other direc-<br />
tories of the Linux file system within the domain in the form of Windows shares (see chapter 4.5.5).<br />
Recommendable file systems on the Linux side are ext3 and XFS. These file systems allow the use of<br />
Access Control Lists (ACLs) and disk space restrictions (quotas) for users or user groups. Both of these<br />
features can be configured under Windows.<br />
188