Valéry Roché
2011-Apr-07 13:10 UTC
[Samba] what architecture is required for having a samba working ?
Hi list,
Some years ago, here at University of Poitiers, we used something called
Netware. But it was
expensive, so it was decided to abandonned it : some services migrated to samba
and OpenLDAP, and
others migrated to Windows Server.
So now, Win7 is coming, and unfortunately we can't use Samba2 anymore. So
the solution should be to
use Samba3, wich supports Win7.
But (yes there is always a but) : we won't have the possibility to use AD
features like GPOs, wich
are THE thing that our local administrators are asking for (and this explains
why some of them
migrated to WinServer).
By abandonning Netware, we lost the confort of managing a tree of our computers
and users, this is a
bad thing.
Our environment is very heterogeneous, an it seems hard to change some of our
sensible services like
DNS (local DNS is operated by a Windows Server 2003 machine) or LDAP (yes we use
LDAP for all
informations about our users).
So here is my question : is it possible to integrate a Samba4 server in this
environement that could
be used as AD server. I thought we could join some Samba3 to this AD in order to
use our LDAP
authentication service.
I'm making some tests with virtual machines, Samba4 works fine, it's
possible to join computers to
the domain, but GPOs are not working on Win7 (but working on WinXP) : why ? Is
it because I don't
run Bind9 on the samba4 and try to refer to our Win2003 DNS based service ?
When playing with the console (running under Win7), I sometimes have a message
indicating some
inconsistancies with the AD server.
It seems kerberos doesnt work too : "Cannot contact any KDC for requested
realm: unable to reach any
KDC in realm". Can't find any suitable configuration example.
I don't know where to search for informations, as I can't find any more
useable informations about
my problems. I'm afraid that if we can't make Samba4 working as a global
AD we will soon switch to a
global M$ infrastructure...
Below the configuration files I'm using :
*--- /usr/local/samba/etc/smb.conf ---*
# Global parameters
[global]
server role = domain controller
workgroup = MONONOKE
realm = sci.univ-poitiers.fr
netbios name = GHIBLI
setup directory = setup/
[netlogon]
path =
/usr/local/samba/var/locks/sysvol/ghibli.sci.univ-poitiers.fr/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
*--- /etc/krb5.conf --- *
[libdefaults]
default_realm = sci.univ-poitiers.fr
dns_lookup_realm = false
dns_lookup_kdc = false
default_etypes = des-cbc-crc des-cbc-md5
default_etypes_des = des-cbc-crc des-cbc-mb5
[appdefaults]
proxiable = true
ticket_lifetime = 24h
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
[realm]
SCI.UNIV-POITIERS.FR = {
kdc = ghibli.sci.univ-poitiers.fr
admin_server = ghibli.sci.univ-poitiers.fr
default_domain = ghibli.sci.univ-poitiers.fr
}
[domain_realm]
ghibli.sci.univ-poitiers.fr = SCI.UNIV-POITIERS.FR
sci.univ-poitiers.fr = SCI.UNIV-POITIERS.FR
Valéry Roché
2011-Apr-07 13:18 UTC
[Samba] what architecture is required for having a samba working ?
Hi again, Replying to myself concerning DNSupdates. I found this : "If you are joining Samba4 to an existing Windows DNS domain, or you are using a Windows DNS server instead of bind9, then you need bind version 9.7.2rc1 (or higher) for the nsupdate command to correctly work with recent versions of Windows. If you don't have bind 9.7.2rc1 or better, recent Windows clients (such as Windows7 and Win2K8) won't be able to do dynamic DNS updates to your bind9 server, and bind9 won't be able to do dynamic DNS updates against a Windows DNS server." (https://wiki.samba.org/index.php/Samba4/HOWTO) That should do the work, will try it if I can find some explanations on how to setup Bind9 in this way. Kind regards, Val?ry Roch?
Daniel Müller
2011-Apr-07 13:23 UTC
[Samba] what architecture is required for having a samba working ?
Hi again,
Try samba4 it can gpos even with windows 7, tested in production.
Read about: "HOWTO samba4 centos5.5 named dnsupdate drbd simple
failover"
this list
Perhaps it can point you the way.
Good Luck
Daniel
-----------------------------------------------
EDV Daniel M?ller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 T?bingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------
-----Urspr?ngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
Im
Auftrag von Val?ry Roch?
Gesendet: Donnerstag, 7. April 2011 15:11
An: samba at lists.samba.org
Betreff: [Samba] what architecture is required for having a samba working ?
Hi list,
Some years ago, here at University of Poitiers, we used something called
Netware. But it was
expensive, so it was decided to abandonned it : some services migrated to
samba and OpenLDAP, and
others migrated to Windows Server.
So now, Win7 is coming, and unfortunately we can't use Samba2 anymore. So
the solution should be to
use Samba3, wich supports Win7.
But (yes there is always a but) : we won't have the possibility to use AD
features like GPOs, wich
are THE thing that our local administrators are asking for (and this
explains why some of them
migrated to WinServer).
By abandonning Netware, we lost the confort of managing a tree of our
computers and users, this is a
bad thing.
Our environment is very heterogeneous, an it seems hard to change some of
our sensible services like
DNS (local DNS is operated by a Windows Server 2003 machine) or LDAP (yes we
use LDAP for all
informations about our users).
So here is my question : is it possible to integrate a Samba4 server in this
environement that could
be used as AD server. I thought we could join some Samba3 to this AD in
order to use our LDAP
authentication service.
I'm making some tests with virtual machines, Samba4 works fine, it's
possible to join computers to
the domain, but GPOs are not working on Win7 (but working on WinXP) : why ?
Is it because I don't
run Bind9 on the samba4 and try to refer to our Win2003 DNS based service ?
When playing with the console (running under Win7), I sometimes have a
message indicating some
inconsistancies with the AD server.
It seems kerberos doesnt work too : "Cannot contact any KDC for requested
realm: unable to reach any
KDC in realm". Can't find any suitable configuration example.
I don't know where to search for informations, as I can't find any more
useable informations about
my problems. I'm afraid that if we can't make Samba4 working as a global
AD
we will soon switch to a
global M$ infrastructure...
Below the configuration files I'm using :
*--- /usr/local/samba/etc/smb.conf ---*
# Global parameters
[global]
server role = domain controller
workgroup = MONONOKE
realm = sci.univ-poitiers.fr
netbios name = GHIBLI
setup directory = setup/
[netlogon]
path
/usr/local/samba/var/locks/sysvol/ghibli.sci.univ-poitiers.fr/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
*--- /etc/krb5.conf --- *
[libdefaults]
default_realm = sci.univ-poitiers.fr
dns_lookup_realm = false
dns_lookup_kdc = false
default_etypes = des-cbc-crc des-cbc-md5
default_etypes_des = des-cbc-crc des-cbc-mb5
[appdefaults]
proxiable = true
ticket_lifetime = 24h
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
[realm]
SCI.UNIV-POITIERS.FR = {
kdc = ghibli.sci.univ-poitiers.fr
admin_server = ghibli.sci.univ-poitiers.fr
default_domain = ghibli.sci.univ-poitiers.fr
}
[domain_realm]
ghibli.sci.univ-poitiers.fr = SCI.UNIV-POITIERS.FR
sci.univ-poitiers.fr = SCI.UNIV-POITIERS.FR
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba