Hi List,
I am trialling a small Samba4 AD server supporting 10 users (running
fine). I also have exim smtp and dovecot imap running on the same
Debian Wheezy box. Simplistically, what I would like to achieve is for
an AD user account to also authenticate to imap and smtp using the same
credentials. I previously used Samba3 'unix password sync' to ensure
that any domain users were automatically created a unix account. This
doesn't seem supported any more?
I believe I now need winbind to support this? If so, then
"https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server"
doesn't work on my Debian Wheezy box - I don't see libnss_winbind.so on
my system. And 'apt-get install winbind' says I'm already on the
latest version...
Anyone any pointers on the best approach?
smb.conf:
# Global parameters
[global]
workgroup = ACASTA
realm = ACASTA.INTRA
netbios name = KEPLER
server role = active directory domain controller
dns forwarder = 192.168.100.1
idmap_ldb:use rfc2307 = yes
[netlogon]
path = /var/lib/samba/sysvol/acasta.intra/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
--
Rob Mason
The original of this email was scanned by the Acasta SMTP mail relay for known
viruses at 16:48 on 14/11/2014 and was found to be virus free - ClamAV
0.98.4/19624/Thu Nov 13 17:39:52 2014.
Acasta Ltd. Registered in England 6619191. 42 Pitt Street, Barnsley, S70 1BB.
VAT Registered 934 6797 75.
On 14/11/14 16:49, Rob Mason wrote:> Hi List, > > I am trialling a small Samba4 AD server supporting 10 users (running > fine). I also have exim smtp and dovecot imap running on the same > Debian Wheezy box. Simplistically, what I would like to achieve is for > an AD user account to also authenticate to imap and smtp using the same > credentials. I previously used Samba3 'unix password sync' to ensure > that any domain users were automatically created a unix account. This > doesn't seem supported any more?In the 'Good old days' you had Unix users & windows users and if a windows user connected to a Unix box, they also had to be Unix users, this is where 'unix password sync' came in. Now, with a Samba4 AD DC, you just have domain users, you need to find out how to get exim & dovecot to auth to AD, a quick google turned this up: https://inutility.net/exim-dovecot-mailserver-with-active-directory/ If you are going to use S4 AD, I would suggest that you follow the advised route and just use the AD server for auth and install a separate member server. Rowland> > I believe I now need winbind to support this? If so, then > "https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server" > doesn't work on my Debian Wheezy box - I don't see libnss_winbind.so on > my system. And 'apt-get install winbind' says I'm already on the > latest version... > > Anyone any pointers on the best approach? > > smb.conf: > > # Global parameters > [global] > workgroup = ACASTA > realm = ACASTA.INTRA > netbios name = KEPLER > server role = active directory domain controller > dns forwarder = 192.168.100.1 > idmap_ldb:use rfc2307 = yes > > [netlogon] > path = /var/lib/samba/sysvol/acasta.intra/scripts > read only = No > > [sysvol] > path = /var/lib/samba/sysvol > read only = No >
Hello Rob, Am 14.11.2014 um 17:49 schrieb Rob Mason:> I am trialling a small Samba4 AD server supporting 10 users (running > fine). I also have exim smtp and dovecot imap running on the same > Debian Wheezy box. Simplistically, what I would like to achieve is for > an AD user account to also authenticate to imap and smtp using the same > credentials. I previously used Samba3 'unix password sync' to ensure > that any domain users were automatically created a unix account. This > doesn't seem supported any more?AD is a kind of LDAP. You simply have to setup your services to authenticate against LDAP and retrive the accounts from there, too. Regards, Marc