samba - May 2014 - Need workaround or replacement of "security = server" in SAMBA 4

Hello SAMBA developers,

In our R&D environment we are using 500+ workstations and 30+ servers
running RedHat Linux.
We are using RHEL 3,4,5  with SAMBA 3.0.x , RHEL 6 with SAMBA 3.6.9 and now we
are testing migration to RHEL7.
On each of the 500+ workstations and 10+ servers we have SAMBA server running
with "security = server", "password server = <Name or IP of
DomainController> ", "encrypt passwords = Yes" and
"username map = /etc/samba/smbusers".  This worked perfectly on all of
our workstations and servers from RHEL3 through RHEL6 !!
But now with RHEL7 only SAMBA 4 is available and "security = server"
is no longer there.
Our Windows environment is completely managed by our IT and we are not able or
allowed to add domain members and we often need to re-install our workstations
so we cannot add the workstation to the domain.
Is there any possibility to allow our Linux users to access SAMBA shares
(inclusive [homes]) on each workstation and server from their Windows PCs (Win 7
mainly) with getting authenticated automatically by the existing Windows DC or
LDAP?

Thanks and kind regards
Roland Goetz

On Tue, May 27, 2014 at 08:28:22AM +0000, Goetz, Roland
wrote:
> Hello SAMBA developers,
> 
> In our R&D environment we are using 500+ workstations and 30+ servers
running RedHat Linux.
> We are using RHEL 3,4,5  with SAMBA 3.0.x , RHEL 6 with SAMBA 3.6.9 and now
we are testing migration to RHEL7.
> On each of the 500+ workstations and 10+ servers we have SAMBA server
running with "security = server", "password server = <Name or
IP of DomainController> ", "encrypt passwords = Yes" and
"username map = /etc/samba/smbusers".  This worked perfectly on all of
our workstations and servers from RHEL3 through RHEL6 !!
> But now with RHEL7 only SAMBA 4 is available and "security =
server" is no longer there.
> Our Windows environment is completely managed by our IT and we are not able
or allowed to add domain members and we often need to re-install our
workstations so we cannot add the workstation to the domain.
> Is there any possibility to allow our Linux users to access SAMBA shares
(inclusive [homes]) on each workstation and server from their Windows PCs (Win 7
mainly) with getting authenticated automatically by the existing Windows DC or
LDAP?
Set up a trust? This way you have control over your own
infrastructure and have to talk to your Windows IT
department just once.

With best regards,

Volker Lendecke

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 G?ttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG G?ttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de