Johnny Hughes wrote:
You would then need to setup "Samba Authentication" for your Linux Client machines.
The best method to do that depends on your business, who you have to interface with, what services you are running on the network, etc.
I run a Samba PDC (using LDAP as a backend) with Samba BDC's in several remote locations. If you do not require ADS network, then this can work great as LDAP databases can be replicated from the PDC to the BDCs and Linux machines can easily be setup to use LDAP for authentication.
However, if you need an ADS domain, then the LDAP method does not work since Samba can not be a Domain Controller for ADS. That would require you to be a Domain "Member Server" and enable samba authentication for Linux clients.
I've been able to use SMB authentication against an AD just by filling in the entries in system-config-authentication. I'm not sure if that requires any compatibility settings on the AD side or not - it just worked for me so I didn't ask questions. The down side is that you do have to add the users and maintain groups on the linux side which isn't too difficult if they don't change a lot, just adduser -u uid -g gid login_name with the same values on all the boxes and copy changes to /etc/group around. The up side is that you can control which users have access separately and only have to deal with passwords for users that aren't in AD - and you don't have to ask permission to join the linux boxes to the domain.
The methods to do that are too hard to explain on list. Much research needs to be done on samba.org docs (assuming you already understand the whole Windows Domain concept and how it works on Windows). The way that you will proceed is an infrastructure decision and based your individual needs and infrastructure.
Winbind can automatically create users from AD, but you have to join the domain and I'm not sure what you have to do to coordinate the uid mapping across machines so NFS shares work.