David Minard
2012-May-16 02:28 UTC
[Samba] Samba4 for AD using existing LDAP, Kerberos, and Bind Setup.
We run Apple's OD to support our Linux, Mac, and Windows clients and servers. We are under pressure to use AD because more and more software coming out for Windows requires it. We don't want to use AD, so Samba4 looks good. However, we don't want to pull apart our directory to implement samba4. Is there a way to get Samba 4 running so that it is able to use the existing LDAP and Kerberos set up for user info and user auth look up, still support Windows clients with AD, and still use our existing bind for general host look ups, but use samba4's own internal DNS for AD stuff? Cheers, David. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Gémes Géza
2012-May-16 05:26 UTC
[Samba] Samba4 for AD using existing LDAP, Kerberos, and Bind Setup.
On 2012-05-16 04:28, David Minard wrote:> We run Apple's OD to support our Linux, Mac, and Windows clients and servers. We are under pressure to use AD because more and more software coming out for Windows requires it. We don't want to use AD, so Samba4 looks good. However, we don't want to pull apart our directory to implement samba4. Is there a way to get Samba 4 running so that it is able to use the existing LDAP and Kerberos set up for user info and user auth look up, still support Windows clients with AD, and still use our existing bind for general host look ups, but use samba4's own internal DNS for AD stuff? > > Cheers, > David. > >If Apples solution is based on Samba3 (I have no personal experience with it). You would probably need two domains: the existing one and a new Samba4 one. Then set up a cross-domain trust between. Then join your windows boxes to the Samba4 domain. Regards Geza
Gémes Géza
2012-May-18 19:06 UTC
[Samba] Samba4 for AD using existing LDAP, Kerberos, and Bind Setup.
Hi, I don't have a personal experience on it, but in case of suspecting a missing functionalitaty IMHO you should ask at the samba-rtechnical mailing list. Cheers Geza> Geza, > Have you actually set up a cross domain "trust" in Samba4 yet? My > impression was that this was NOT working yet. I know you can > configure the S3 server to join the S4 domain, but I don't think > that's what you are talking about. I've been waiting to be able to > set up a domain trust for some time now (with a WS2008 DC "trusting" a > Samba4 based domain), and would love to know if you've found a way to > do it! > > > On Wed, May 16, 2012 at 1:26 AM, G?mes G?za <geza at kzsdabas.hu > <mailto:geza at kzsdabas.hu>> wrote: > > On 2012-05-16 04:28, David Minard wrote: > > We run Apple's OD to support our Linux, Mac, and Windows clients > and servers. We are under pressure to use AD because more and > more software coming out for Windows requires it. We don't want > to use AD, so Samba4 looks good. However, we don't want to pull > apart our directory to implement samba4. Is there a way to get > Samba 4 running so that it is able to use the existing LDAP and > Kerberos set up for user info and user auth look up, still support > Windows clients with AD, and still use our existing bind for > general host look ups, but use samba4's own internal DNS for AD stuff? > > > > Cheers, > > David. > > > > > If Apples solution is based on Samba3 (I have no personal experience > with it). You would probably need two domains: the existing one and a > new Samba4 one. Then set up a cross-domain trust between. Then > join your > windows boxes to the Samba4 domain. > > Regards > > Geza > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > > > > > -- > Charles Tryon > _________________________________________________________________________ > ?Risks are not to be evaluated in terms of the probability of > success, but in terms of the value of the goal.? > - Ralph D. Winter >
Dewayne
2012-May-18 20:59 UTC
[Samba] Samba4 for AD using existing LDAP, Kerberos, and Bind Setup.
David, I'd echo Gemes comment about posting your question to the samba-technical at lists.samba.org list which would be more appropriate. There is some topical discussion going on there regarding content of a samba4 Beta release, and your question would be well timed. I'd suggest that you also consider the samba4 on existing: dhcp, dns & ntp infrastructure. Good sources of information are at: WhatsNew - http://gitweb.samba.org/?p=samba.git;a=blob;f=WHATSNEW.txt;h=8798a875cc7618 da819e9ecd1db6cb7f25f85a94;hb=edb15ffef29fbb69a4d1dfc862fe8d6a3a027347 Other useful references: 1. https://wiki.samba.org/index.php/Samba4/HOWTO 2. https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC 3. https://wiki.samba.org/index.php/Samba4/samba3upgrade/HOWTO 4. Last updated March 2011 https://wiki.samba.org/index.php/Samba4_DRS_TODO_List#Support_RODC Kind regards, Dewayne.