Hello, this is the first time I write to the samba list and I hope my question is not off topic. I want to set up a samba server to replace an Active Directory for my Windows workstations. So far, I have a LINUX network that works perfectly, all my users are stored in a LDAP server and their authentication is done against a MIT Kerberos server. Hence all users have a valid kerberos ticket when they log onto a machine in the Network. I want to include my Windows machines inside my linux network. From what I understood, Samba can fake an AD so Windows authentication at login is done against the Samba server. I think only Samba 4 allows this process, so here we go with the questions: - when is samba 4 stable version due (with a good howto)? I was extatic when I found http://samba.iasi.roedu.net/docs/man/Samba4-HOWTO/ but was disapointed when I found out it was yet to be written! - can Samba use my existing LDAP & Kerberos servers to authenticate users? From what I saw, Samba 4 has an imbedded LDAP server and I couldn't figure out how to point to my own server. But I'm ain't no genius! - I ran a few test with Samba 4 but I couldn't activate a user account so a smbclient command shows Connection to \\masterfiler\data failed - NT_STATUS_ACCOUNT_DISABLED Hope somebody knows the answers to those questions, and I hope I was clear enough. If such is not the case, don't hesitate to ask me for some more information. Thanks C?dric
C?dric CACHAT ?rta:> Hello, > > this is the first time I write to the samba list and I hope my > question is not off topic. > I want to set up a samba server to replace an Active Directory for my > Windows workstations. > So far, I have a LINUX network that works perfectly, all my users are > stored in a LDAP server and their authentication is done against a MIT > Kerberos server. Hence all users have a valid kerberos ticket when > they log onto a machine in the Network. > I want to include my Windows machines inside my linux network. From > what I understood, Samba can fake an AD so Windows authentication at > login is done agafile:/home/kingainst the Samba server. > I think only Samba 4 allows this process, so here we go with the > questions: > - when is samba 4 stable version due (with a good howto)? I was > extatic when I found > http://samba.iasi.roedu.net/docs/man/Samba4-HOWTO/ but was disapointed > when I found out it was yet to be written! > - can Samba use my existing LDAP & Kerberos servers to authenticate > users? From what I saw, Samba 4 has an imbedded LDAP server and I > couldn't figure out how to point to my own server. But I'm ain't no > genius! > - I ran a few test with Samba 4 but I couldn't activate a user account > so a smbclient command shows > Connection to \\masterfiler\data failed - NT_STATUS_ACCOUNT_DISABLED > > Hope somebody knows the answers to those questions, and I hope I was > clear enough. If such is not the case, don't hesitate to ask me for > some more information. > > Thanks > > C?dricUnfortunately Samba4 is still not ready for production use, it misses a few things yet to be written. However it seems, that at least the initial few releases will use its own modified version of Heimdal for kerberos pruposes, and its own Ldap server. So for now the best thing I could recomend to you would be to have a Samba3+OpenLDAP+Heimdal setup, because this way you will be able to use the same passwordhashes for authenticating your kerberos and samba users. However in this way your Windows clients will consider your Samba3 domain as an NT4 domain (not AD). If you are interested in this setup I would recomend: https://sec.miljovern.no/bin/view/Info/HeimdalKerberosSambaAndOpenLdap Regards Geza
G?mes G?za schrieb: (...)> > > Unfortunately Samba4 is still not ready for production use, it misses a > few things yet to be written. However it seems, that at least the > initial few releases will use its own modified version of Heimdal for > kerberos pruposes, and its own Ldap server.Does this mean that it will be impossible to use an existing LDAP server with Samba4? Will it be possible to use the LDAP server which comes (will come) with Samba4 for something else than Samba? -- Tomek
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 C?dric CACHAT wrote:> - when is samba 4 stable version due (with a good howto)?I would expect technology preview releases within the next month or so. But the final delivery date is really "when the code is ready". No specific ETA.> - can Samba use my existing LDAP & Kerberos servers to > authenticate users?Samba 4 does include its own LDAP Directory service and Heimdal based KDC. The reasons for this are to get a working implementation up and running. Later efforts will probably focus more on integration of other 3rd party pieces> - I ran a few test with Samba 4 but I couldn't activate a > user account so a smbclient command shows > Connection to \\masterfiler\data failed - NT_STATUS_ACCOUNT_DISABLEDIf you really want to test Samba 4, I would mail your questions to the samba-technical mailing list. Only one Samba 4 developer subscribes to this list (that I know of). The majority just hang out on the developer list. cheers, jerry ====================================================================Alleviating the pain of Windows(tm) ------- http://www.samba.org GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDDdsFIR7qMdg1EfYRArPLAJ9atTOIHfgvBh9kuc31S0qOHV4xowCg8c+6 85drD7oxma3e0i6UgzcltSI=qXuE -----END PGP SIGNATURE-----