On Tue, 27 Mar 2018 22:41:15 +0200 Harry Jede via samba <samba at lists.samba.org> wrote:> Am Dienstag, 27. März 2018, 14:25:47 CEST schrieb Rodrigo Abrantes > Antunes via samba: > > I forgot to mention, I'm using samba 3. > OK. Quiet old thingy :-( > > you should read realy old docs: > https://www.samba.org/samba/docs/old/Samba3-HOWTO/ > InterdomainTrusts.html > > chapter : Interdomain Trust Facilities > > Have fun >Please don't give the OP ideas, Samba 3 is dead and shouldn't be used to set up anything new. I can understand maintaining an existing NT4-style domain, but not setting up a new one. It gets harder and harder to keep windows machines working with an NT4-style domain, it doesn't make sense to set up a new one, not when it is easier to set up and maintain an AD domain. Rowland
Am Dienstag, 27. März 2018, 21:58:22 CEST schrieb Rowland Penny:> On Tue, 27 Mar 2018 22:41:15 +0200 > > Harry Jede via samba <samba at lists.samba.org> wrote: > > Am Dienstag, 27. März 2018, 14:25:47 CEST schrieb Rodrigo Abrantes > > > > Antunes via samba: > > > I forgot to mention, I'm using samba 3. > > > > OK. Quiet old thingy :-( > > > > you should read realy old docs: > > https://www.samba.org/samba/docs/old/Samba3-HOWTO/ > > InterdomainTrusts.html > > > > chapter : Interdomain Trust Facilities > > > > Have fun > > Please don't give the OP ideas,Why not? Are you my master of any kind?> Samba 3 is deadYes> and shouldn't be usedYes> to set up anything new.Hmmh, I thought the op uses two samba3 (NT) style domain with thousands of users.> I can understand maintaining an existing > NT4-style domain, but not setting up a new one. > > It gets harder and harder to keep windows machines working with an > NT4-style domain,No and no, M$ trys to set up new windows client installations to not work with NT- Domains. And yes, that is ok if security is the thing what one prefers. But sometimes sysadmins has other reasons to use old software and wish support.> it doesn't make sense to set up a new one, not when > it is easier to set up and maintain an AD domain.Yes @ Rodrigo Abrantes Antunes An idea to get things to work: Setup a testbed with current samba version. Their are to many changes from old samba3 to current release. You should not expect that old config statements will work with newer releases of samba. So try to find out which server statements in smb.conf maps to your old behaviour. If this is OK for you, try the domain join. But do not expect, that the join command works as described in the old docs. You are using much newer software. PS And yes, NT style domains are insecure from the first day I have seen them. Are Ad domains secure???> Rowland-- Gruss Harry Jede
I'm not setting up a new one, I already have one samba 3 domain with ldap with thousands of users. This domain is only for administratives. Now I need to extend this domain for students. Citando Rowland Penny via samba <samba at lists.samba.org>:> On Tue, 27 Mar 2018 22:41:15 +0200 > Harry Jede via samba <samba at lists.samba.org> wrote: > >> Am Dienstag, 27. März 2018, 14:25:47 CEST schrieb Rodrigo Abrantes >> Antunes via samba: >> I forgot to mention, I'm using samba 3. >> OK. Quiet old thingy :-( >> >> you should read realy old docs: >> https://www.samba.org/samba/docs/old/Samba3-HOWTO/ >> InterdomainTrusts.html >> >> chapter : Interdomain Trust Facilities >> >> Have fun > > Please don't give the OP ideas, Samba 3 is dead and shouldn't be used > to set up anything new. I can understand maintaining an existing > NT4-style domain, but not setting up a new one. > > It gets harder and harder to keep windows machines working with an > NT4-style domain, it doesn't make sense to set up a new one, not when > it is easier to set up and maintain an AD domain. > > Rowland > > -- > To unsubscribe from this list go to the following URL and read > theinstructions: https://lists.samba.org/mailman/options/samba-- Rodrigo Abrantes Antunes Instituto Federal Sul-rio-grandense
Am Mittwoch, 28. März 2018, 11:50:46 CEST schrieb Rodrigo Abrantes Antunes via samba:> I'm not setting up a new one, I already have one samba 3 domain with > ldap with thousands of users. This domain is only for > administratives. Now I need to extend this domain for students.And now, have you made any progress? Have you read: https://www.samba.org/samba/docs/old/Samba3-HOWTO/InterdomainTrusts.html Read it really completely. The last chapter give you a hint, which is important for ldap based setups. -- Gruss Harry Jede
I need LDAP for other uses, how could I have samba4 and ldap without having 2 bases? Citando Harry Jede via samba <samba at lists.samba.org>:> Am Dienstag, 27. März 2018, 21:58:22 CEST schrieb Rowland Penny: >> On Tue, 27 Mar 2018 22:41:15 +0200 >> >> Harry Jede via samba <samba at lists.samba.org> wrote: >> Am Dienstag, 27. März 2018, 14:25:47 CEST schrieb Rodrigo Abrantes >> >> Antunes via samba: >>> I forgot to mention, I'm using samba 3. >> >> OK. Quiet old thingy :-( >> >> you should read realy old docs: >> https://www.samba.org/samba/docs/old/Samba3-HOWTO/ >> InterdomainTrusts.html >> >> chapter : Interdomain Trust Facilities >> >> Have fun >> >> Please don't give the OP ideas, > > Why not? Are you my master of any kind? > >> Samba 3 is dead > > Yes > >> and shouldn't be used > > Yes > >> to set up anything new. > > Hmmh, I thought the op uses two samba3 (NT) style domain with > thousands of users. > >> I can understand maintaining an existing >> NT4-style domain, but not setting up a new one. >> >> It gets harder and harder to keep windows machines working with an >> NT4-style domain, > > No and no, > M$ trys to set up new windows client installations to not work with NT- > Domains. And yes, that is ok if security is the thing what one prefers. > > But sometimes sysadmins has other reasons to use old software and wish > support. > >> it doesn't make sense to set up a new one, not when >> it is easier to set up and maintain an AD domain. > > Yes > > @ Rodrigo Abrantes Antunes > An idea to get things to work: > > Setup a testbed with current samba version. > Their are to many changes from old samba3 to current release. You should > not expect that old config statements will work with newer releases of > samba. So try to find out which server statements in smb.conf maps to > your old behaviour. > > If this is OK for you, try the domain join. But do not expect, that the join > command works as described in the old docs. You are using much newer > software. > > PS > And yes, NT style domains are insecure from the first day I have seen > them. Are Ad domains secure??? > >> Rowland > > -- > > Gruss > Harry Jede > -- > To unsubscribe from this list go to the following URL and read > theinstructions: https://lists.samba.org/mailman/options/samba-- Rodrigo Abrantes Antunes Instituto Federal Sul-rio-grandense