My dilemma is this. My company is in the midst of doing some moves. Our network will be merged with another section of the company. They are completely MS servers, while all my servers are running linux / samba. Our new CTO told me that the company IS moving to Exchange 2003 (in ~ 6 months), and said that he is open to use linux for authentication, file servers, print servers, etc IF I can point him to other companys who have this setup. I am currently running samba 3.0.2 as a PDC authenticating a mix of win98, win2k, and XP clients (I've been told we're moving completely to XP for clients), but I have not dealt with any integration with Exchange. The googling I've done so far hasn't turned anything I can give the CTO. * I was wondering if anyone was using Samba 3 with Exchange 2003 using the Samba server to authenticate Exchange users? * If you have this kind of setup, what problems did you run into during setup/implementation. * If you know of anyone that has done this, and has written about it, please forward the article / URL to me. Thanks for your time, Any information would be extremely helpful -= Jesse =-
ww m-pubsyssamba
2004-Feb-12 13:51 UTC
[Samba] Samba 3.0.2 & Exchange 2003 / Active Directory?
Hi Jesse, the biggest issue you have is Exchange 2000 & 2003 are both dependant on Active Directory (absolutely no getting around this I'm afraid), so I would guess your only option is deploy AD and join your Samba servers to the AD domain. I guess you could keep your Samba PDC and setup a trust to the new AD domain but this adds complexity to the configuration and I can't see any benefits, thanks Andy. -----Original Message----- From: samba-bounces+pubsyssamba=bbc.co.uk@lists.samba.org [mailto:samba-bounces+pubsyssamba=bbc.co.uk@lists.samba.org]On Behalf Of Book, Jesse Posted At: 12 February 2004 12:10 Posted To: Samba Conversation: [Samba] Samba 3.0.2 & Exchange 2003 / Active Directory? Subject: [Samba] Samba 3.0.2 & Exchange 2003 / Active Directory? My dilemma is this. My company is in the midst of doing some moves. Our network will be merged with another section of the company. They are completely MS servers, while all my servers are running linux / samba. Our new CTO told me that the company IS moving to Exchange 2003 (in ~ 6 months), and said that he is open to use linux for authentication, file servers, print servers, etc IF I can point him to other companys who have this setup. I am currently running samba 3.0.2 as a PDC authenticating a mix of win98, win2k, and XP clients (I've been told we're moving completely to XP for clients), but I have not dealt with any integration with Exchange. The googling I've done so far hasn't turned anything I can give the CTO. * I was wondering if anyone was using Samba 3 with Exchange 2003 using the Samba server to authenticate Exchange users? * If you have this kind of setup, what problems did you run into during setup/implementation. * If you know of anyone that has done this, and has written about it, please forward the article / URL to me. Thanks for your time, Any information would be extremely helpful -= Jesse =- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
We have semi-successfully set up Samba 3.0.2 and Exchange 2003. Exchange 2003 requires Active Directory, however we wanted to still use Samba as a PDC in our domain. We set up Exchange in a Windows2000 separate domain and then established a one-way trust between the exchange domain and the samba domain (where the samba domain is the trusted domain). We established our users on Exchange and corresponding users on the Samba PDC. Getting Exchange to authenticate off the Samba PDC was tricky but not impossible. In Exchange you must set the msExchMasterAccountSid variable in Active Directory to the Samba domain SID of the mailbox's owner. Microsoft has documented this procedure in KB article 278888: http://support.microsoft.com/default.aspx?scid=kb;en-us;278888 This procedure will make the Samba SID (account) the owner of the exchange mailbox; the corresponding account in the exchange domain becomes disabled. It is essential to set exchange up this way or else OWA, public folders, mailbox sharing, and other exchange features will not work correctly. It is not enough to just check the "Associated External Rights" box without following the steps to set the msExchMasterAccountSid variable. Failing to set this attribute will cause Exchange to randomly bounce emails and other features to work sporadically. To get Outlook Web Access to work properly with this setup you must disable Integrated Windows Authentication in IIs for the all virtual directories associated with exchange (exchange, public, exchweb). Instead use Basic Authentication where the domain name is the Samba domain. Be aware this sends the users password unencrypted so be sure you are using SSL when you authenticate a user. This solution will all Exchange to authenticate off the Samba PDC domain when using OWA. We ran into a little trouble when trying to set up the Samba-Windows2000 trusts. When trying two-way trusts, everything would work fine for a few hours, but then Windows2000 would stop letting us view the Samba PDC users (which we needed because we had to associate these accounts with mailboxes). Two-way windows2000 trusts aren't working too well yet it seems, however Exchange only needs a one way trust. The one-way trust solution (with Samba as the trusted domain) has been working fine. Associating Samba accounts with Exchange mailboxes using this procedure may not work for more then 100 or so accounts. I am sure there is a way to do it programmatically, such as KB article 322890: http://support.microsoft.com/default.aspx?scid=kb;en-us;322890 - Brandon
Seemingly Similar Threads
- Joining Samba4 to Domain as DC with Small Business Server 2008 - error with Exchange ldap entries
- samba 4 domain join to win 2008r2 level DC w/ a schema with exchange 2010 extensions: replication after the join is broken
- Samba 3.0.2 and Windows 2003 ADS.
- 0pensource MAPI client for Exchange
- Winbind only enumerating 9% of domain groups