samba - Jul 2013 - need soms tips for adding samba4 to windows 2008R2 domain

Hai, 
?
After lots of google-ing, reading the mailinglists, im lost. 
?
i want to do the following. 
?
1) keep my existing windows 2008 domain.? ( contains dhcp + dns + AD ) 
??? its a clean domain, no users yet. dhcp+dns is used already.?
?
2) add samba4 to the?windows domain dc as? secondairy DC. 
??? ( this server wil be my zarafa mail server ) 
?
3)?add samba3/4 servers tot this domain als domain members.? ( i know this for
samba3 )
??
?
4) for my remote location i also want to add samba4 servers, which wil get there
own share for profiles.
??? ( this i know ) 
?
my old environment is running samba3 +Ldap.?
I do not need the old info with clasic upgrade, because some pc's have same
sid's, and im setting this up for windows 7 pc's.
Question here is, do i need the registry fixes for windows 7, if my windows 2008
DC if domain controller.
?
I know my way with bind ntp etc. 
?
Can someone give me some good pointers howto setup this, would be great. 
?
Im going to use the sernet packages on ubuntu 12.04 LTS ( or debian wheezy ) 
?
Best regards, 
?
Louis
?
?

Hello Louis,

Am 15.07.2013 12:48, schrieb L.P.H. van Belle:
> 1) keep my existing windows 2008 domain.  ( contains dhcp + dns + AD )
>      its a clean domain, no users yet. dhcp+dns is used already.
>
> 2) add samba4 to the windows domain dc as  secondairy DC.
>      ( this server wil be my zarafa mail server )
Setup and joining a Samba machine as DC you can find here:
http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC



> 3) add samba3/4 servers tot this domain als domain members.  ( i know this
for samba3 )
http://wiki.samba.org/index.php/Samba4/Domain_Member



> 4) for my remote location i also want to add samba4 servers, which wil get
there own share for profiles.
>      ( this i know )
Same as 3. But for the users who should have their profiles on the 
remote server, you have to specify their profile path in ADUC pointing 
to this server.

Some information about roaming profiles:
http://wiki.samba.org/index.php/Samba_%26_Windows_Profiles



> my old environment is running samba3 +Ldap.
> I do not need the old info with clasic upgrade, because some pc's have
same sid's, and im setting this up for windows 7 pc's.
Here's the point, where I'm not sure, if I fully understand you. In 1 
you wrote, that you are having an AD, but with no users. Here you say 
you have a Samba NT4 style domain with users, etc.

Do you want to bring them together? I mean keep your Windows Domain and 
migrate the Samba3 accounts to the domain? You can export your LDAP, 
script something around for the changes and import them in your AD. But 
you have to re-join your workstations then.

Or do you want a trust. But this isn't possible in both directions yet:
http://wiki.samba.org/index.php/FAQ#Does_Samba_support_trust_relationship_with_AD.3F

Or do you skip the old domain and join the PCs to the new Windows 
domain? Then just follow the HowTos above.

If you meant something else, please give some more details :-)




 > Question here is, do i need the registry fixes for windows 7, if my
 > windows 2008 DC if domain controller.

No registry changes, if your Domain is provided by Windows or Samba AD. 
I have read that it's necessary for a Samba NT4 style domain only. But I 
haven't used a Samba PDC with Win7 yet myself (only Samba AD).




Regards,
Marc

Hai  Marc, 
Thanks for your reply. 
>-----Oorspronkelijk bericht-----
>Van: Marc Muehlfeld [mailto:samba at marc-muehlfeld.de] 
>Verzonden: maandag 15 juli 2013 19:39
>Aan: L.P.H. van Belle
>CC: samba at lists.samba.org
>Onderwerp: Re: [Samba] need soms tips for adding samba4 to 
>windows 2008R2 domain
>
>Hello Louis,
>
>Am 15.07.2013 12:48, schrieb L.P.H. van Belle:
>> 1) keep my existing windows 2008 domain.  ( contains dhcp + 
>dns + AD )
>>      its a clean domain, no users yet. dhcp+dns is used already.
>>
>> 2) add samba4 to the windows domain dc as  secondairy DC.
>>      ( this server wil be my zarafa mail server )
>
>Setup and joining a Samba machine as DC you can find here:
>http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC
>
This step, Im using bind, i already have windows setup to replicate the DNS to
some other linux servers.
can i just point samba to the windows server, or can i use the replicated dns,
or
do i need to setup the dns completely also for samba.

Thats not clear in the howto. 
because this howto points to :
http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC
( im using the enterprise samba packages on ubuntu 12.04 ) 
and http://wiki.samba.org/index.php/Dns-backend_bind 

Realy, im sorry to say, but for me the wiki is a maze of information.
to much referendes to other locations. 
the, im pointed to 
http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC
there i read.  

This HOWTO will assume you had configured and installed Samba in the default
location of /usr/local/samba.
It assumes you are joining Samba to an existing domain called
'samdom.example.com'.

??? really im lost. 
sorry, i think its me,.... :-(( 

>
>
>
>> 3) add samba3/4 servers tot this domain als domain members.  
>( i know this for samba3 )
>
>http://wiki.samba.org/index.php/Samba4/Domain_Member
>
>
>
>
>> 4) for my remote location i also want to add samba4 servers, 
>which wil get there own share for profiles.
>>      ( this i know )
>
>Same as 3. But for the users who should have their profiles on the 
>remote server, you have to specify their profile path in ADUC pointing 
>to this server.
>
>Some information about roaming profiles:
>http://wiki.samba.org/index.php/Samba_%26_Windows_Profiles
>
>
>
>
>> my old environment is running samba3 +Ldap.
>> I do not need the old info with clasic upgrade, because some 
>pc's have same sid's, and im setting this up for windows 7 pc's.
>
>Here's the point, where I'm not sure, if I fully understand you. In
1
>you wrote, that you are having an AD, but with no users. Here you say 
>you have a Samba NT4 style domain with users, etc.
Yes, this is correct, i now have 
1 samba domain, on which everyone is working. ( pdc+bdc ldap etc ) 
extra domain, 2 windows servers for my voip., no users on it, 
im going to use this AD, for my users, so this wil be the new domain when ready.
( with newly installed pc's ) 
>
>Do you want to bring them together? I mean keep your Windows 
>Domain and 
>migrate the Samba3 accounts to the domain? You can export your LDAP, 
>script something around for the changes and import them in 
>your AD. But 
>you have to re-join your workstations then.
This is not needed, because im replacing al of the pc's from XP to Win7. 
Clean pc's in new domain, i have a pxe setup for my pc installs so thats ok.
>
>Or do you want a trust. But this isn't possible in both directions yet:
>http://wiki.samba.org/index.php/FAQ#Does_Samba_support_trust_re
>lationship_with_AD.3F
>
>Or do you skip the old domain and join the PCs to the new Windows 
>domain? Then just follow the HowTos above.
Great, im going to setup from the howto's . 
I dont need trusts.  ( and if needed i just authenticatie with DOMAIN\user to a
server )
so the trust is not needed. 

>
>If you meant something else, please give some more details :-)
>
Here you are. 
>
>
>
> > Question here is, do i need the registry fixes for windows 7, if my
> > windows 2008 DC if domain controller.
>
>No registry changes, if your Domain is provided by Windows or 
>Samba AD. 
>I have read that it's necessary for a Samba NT4 style domain 
>only. But I 
>haven't used a Samba PDC with Win7 yet myself (only Samba AD).
I have some win7 on the NT4 style domain, but i didnt use any registry fixed.
and, it works, 
>
>
>
>
>Regards,
>Marc
>
>

Hai, 

Base on below, i want to use the sernet samba4 packages. 
Should i install : 

sernet-samba-ad  or sernet-samba-winbind 

The server is joining a windows 2008 R2 domain, and the zarafaschema wil be
applied.

>> 2) add samba4 to the windows domain dc as  secondairy DC.
>>      ( this server wil be my zarafa mail server )
>
>Setup and joining a Samba machine as DC you can find here:
>http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC
>
>