Hi I am trying to install Samba 4 on a Ubuntu 10.04 Server machine. I have downloaded the sources, compiled it and installed. Now I have to do the provision step. I want to use an existing LDAP server (389 Directory Server) installed in other machine (well, really a lot of machines, yet configured for replication). Also, the servers only accept SSL connections. But all the examples I have seen in the Samba Wiki use ldapi. I have tried a lot of commands to configure the provisioning, but I don't understand what this step does: - Create any special user in the LDAP server? - Create any branches in the LDAP server? - Add any schema? What should be the command to make Samba work with my LDAP servers, with SSL? The LDAP servers also have yet user and group data (also Samba3 domain, but it is not being used). After the provisioning, I have seen that is needed to start the LDAP server using start-slapd of the Samba package. What? What is this for? And one last question, is it possible to create interdomain trust with the current version of Samba4? Regards and thanks in advance.
On Wed, 1 Sep 2010 09:42:45 +0200, Juan Asensio S?nchez <okelet at gmail.com> wrote:> Hi > > I am trying to install Samba 4 on a Ubuntu 10.04 Server machine. I have > downloaded the sources, compiled it and installed. Now I have to do the > provision step. I want to use an existing LDAP server (389 Directory > Server) > installed in other machine (well, really a lot of machines, yetconfigured> for replication). Also, the servers only accept SSL connections. But all > theWhy do not just use the samba 4 internal ldap-server?? And just net rpc vampire the users and groups from the sanba3/Ldap?? I think with samba 4 the old way samba3/ldap just makes no sense at all. What should be the advantage of the old way?? Greetings Daniel> examples I have seen in the Samba Wiki use ldapi. I have tried a lot of > commands to configure the provisioning, but I don't understand what this > step does: > > - Create any special user in the LDAP server? > - Create any branches in the LDAP server? > - Add any schema? > > What should be the command to make Samba work with my LDAP servers, with > SSL? The LDAP servers also have yet user and group data (also Samba3 > domain, > but it is not being used). > > After the provisioning, I have seen that is needed to start the LDAPserver> using start-slapd of the Samba package. What? What is this for? > > And one last question, is it possible to create interdomain trust withthe> current version of Samba4? > > Regards and thanks in advance.
El 1 de septiembre de 2010 09:54, Daniel M?ller <mueller at tropenklinik.de>escribi?:> On Wed, 1 Sep 2010 09:42:45 +0200, Juan Asensio S?nchez <okelet at gmail.com> > wrote: > > Hi > > > > I am trying to install Samba 4 on a Ubuntu 10.04 Server machine. I have > > downloaded the sources, compiled it and installed. Now I have to do the > > provision step. I want to use an existing LDAP server (389 Directory > > Server) > > installed in other machine (well, really a lot of machines, yet > configured > > for replication). Also, the servers only accept SSL connections. But all > > the > Why do not just use the samba 4 internal ldap-server?? And just net rpc > vampire the users and groups from > the sanba3/Ldap?? I think with samba 4 the old way samba3/ldap just makes > no sense at all. What should be the advantage of > the old way?? > Greetings Daniel > >We have more than 60 LDAP servers already workin, with custom schemas, and lot of users and groups, so I think the migration is not trivial. Also, our LDAP servers are not used only for Samba, and I think 389 DS is more appropiate for high load environments.
On Wed, 2010-09-01 at 09:42 +0200, Juan Asensio S?nchez wrote:> Hi > > I am trying to install Samba 4 on a Ubuntu 10.04 Server machine. I have > downloaded the sources, compiled it and installed. Now I have to do the > provision step. I want to use an existing LDAP server (389 Directory Server) > installed in other machine (well, really a lot of machines, yet configured > for replication). Also, the servers only accept SSL connections. But all the > examples I have seen in the Samba Wiki use ldapi. I have tried a lot of > commands to configure the provisioning, but I don't understand what this > step does: > > - Create any special user in the LDAP server? > - Create any branches in the LDAP server? > - Add any schema? > > What should be the command to make Samba work with my LDAP servers, with > SSL? The LDAP servers also have yet user and group data (also Samba3 domain, > but it is not being used).This simply isn't possible. Samba4 uses a different schema (the AD schema). There was an effort by Red Hat to create a system where Samba4 would talk to an LDAP server with a different schema (using schema mapping), but this seems to have been abandoned. http://osdir.com/ml/freeipa-users/2010-08/msg00022.html> After the provisioning, I have seen that is needed to start the LDAP server > using start-slapd of the Samba package. What? What is this for?This runs the Fedora DS/389 script, to start the instance we configure in the way that we expect.> And one last question, is it possible to create interdomain trust with the > current version of Samba4?Not yet. (We of course intend to support this, but we don't at this time). Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Cisco Inc. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 190 bytes Desc: This is a digitally signed message part URL: <http://lists.samba.org/pipermail/samba/attachments/20100903/8d51cc71/attachment-0001.pgp>
"Michael Wood" <esiotrot at gmail.com> wrote:>2010/9/1 Daniel M?ller <mueller at tropenklinik.de>: >> On Wed, 1 Sep 2010 12:00:29 +0200, Michael Wood <esiotrot at gmail.com> >> wrote: >>> Hi >>> >>> 2010/9/1 Juan Asensio S?nchez <okelet at gmail.com>: >>>> El 1 de septiembre de 2010 09:54, Daniel M?ller >>>> <mueller at tropenklinik.de>escribi?: >[...] >>>>> Why do not just use the samba 4 internal ldap-server?? And just net >> rpc >>>>> vampire the users and groups from >>> >>> I doubt "net rpc vampire" will do anything except give you an error >>> message :) I believe the "rpc" vs. "ads" etc. options are considered >>> to have been a mistake, so are not supported by Samba4's net command. >>> Also, there is no support currently for vampiring from Samba3 to >>> Samba4. Someone is working on a migration script, though. Check the > >> How about: 2 Samba4-DCs with OpenLDAP 2.4.8 in Multi-Master-Replication >> at: http://lists.samba.org/archive/samba-technical/2008-April/058567.html >First everybody who wants to help us to put openldap or ds in order so that it works is welcomed send us the patch! Then for the next future we didn't plan to have drs (ad replication protocol) working for technical reasons (lack of transaction in ldap for the moment), it means that you have to rely on ldap server internal replication. Now I'm not sure that forcing a second DC as oliver did 2 years ago is still a very good idea as we matured somehow our implementation. >I think perhaps Samba4 worked better with OpenLDAP in the past and it>should also be fixed to work with it again in future, but at the >moment it won't work: > >http://lists.samba.org/archive/samba-technical/2010-July/072445.html >"For various reasons, the OpenLDAP backend for Samba4 is not functional >at this time." > >Here's the message where Lukasz Zalewski says he's working on the >Samba 3 to Samba 4 migration script: >http://lists.samba.org/archive/samba-technical/2010-August/072683.htmlAnd this kind of effort is mostly assured to receive some support as it's quite logical to think that some people with a s3+ldap backend will want to move a full blown Samba4 DC when version 4.0.0 will be released. Matthieu.