Is there a good guide for how to set up a Samba based AD domain controller with RFC2307 attributes so I can experiment... I can't get the Windows guys in my company to do anything Microsoft don't provide a check box for, unless I can teach them how to do it... but I've not used any of these Windows technologies for a very long time... At least if I can show a working system then someone from the Windows team might consider looking at it.... and if I tell them to do something that ultimately doesn't work, we'll be back to square one but they will be doubly reluctant, so I need to learn more about AD than them... sigh. On 13/03/17 20:44, Rowland Penny via samba wrote:> On Mon, 13 Mar 2017 20:04:30 +0000 > "A. James Lewis via samba" <samba at lists.samba.org> wrote: > >> Hi all, >> >> I know this is a little off topic (although it might not be because >> I'm sure there's a solution involving Samba!)... but I hope one of >> you fine people can advise me on the best approach to achieving an >> integrated directory supporting Unix/Linux as a first class citizen, >> storing autofs maps, as well as uid, gid and home folders for each >> user... and how would that be managed. >> >> I see Microsoft is removing the Unix services extensions with Server >> 2016, so I'm really wondering what the best, and most long term >> sustainable way to integrate a directory so that both platforms >> operate as intended, and those users are manageable. > From my understanding, they only removed the idmu server etc, they > haven't removed the RFC2307 attributes. Even if they did, Samba would > still have them. > > You can use samba-tool to manage the creation of RFC2307 users and > groups. > > Rowland > >-- A. James Lewis (james at fsck.co.uk) "Engineering does not require science. Science helps a lot but people built perfectly good brick walls long before they knew why cement works."
On Tue, 14 Mar 2017 13:38:43 +0000 "A. James Lewis via samba" <samba at lists.samba.org> wrote:> > Is there a good guide for how to set up a Samba based AD domain > controller with RFC2307 attributes so I can experiment... I can't get > the Windows guys in my company to do anything Microsoft don't provide > a check box for, unless I can teach them how to do it... but I've not > used any of these Windows technologies for a very long time... > > At least if I can show a working system then someone from the Windows > team might consider looking at it.... and if I tell them to do > something that ultimately doesn't work, we'll be back to square one > but they will be doubly reluctant, so I need to learn more about AD > than them... sigh. > >Try reading the Samba wiki: https://wiki.samba.org/index.php/Main_Page Rowland
On Tue, 14 Mar 2017 14:20:57 +0000 "A. James Lewis" <james at fsck.co.uk> wrote:> > OK, I stand corrected... I was sure the last time I looked there it > assumed you have a Windows machine to administer the environment.... > which I don't, but it seems that this assumption is no longer the > case. > > Is this the most sensible approach?... I've heard talk of directory > tools that maintain a meta level directory and present it as either > AD or whatever you need for another environment... > > One thing I'm not sure about, is if the RFC2307 schema in AD includes > automounter information, for autofs?... >Not as standard, but the wiki has a page for it: https://wiki.samba.org/index.php/Samba_AD_schema_extensions Rowland
On 03/14/17 10:43, Rowland Penny via samba wrote:> On Tue, 14 Mar 2017 14:20:57 +0000 > "A. James Lewis" <james at fsck.co.uk> wrote: > >> OK, I stand corrected... I was sure the last time I looked there it >> assumed you have a Windows machine to administer the environment.... >> which I don't, but it seems that this assumption is no longer the >> case. >> >> Is this the most sensible approach?... I've heard talk of directory >> tools that maintain a meta level directory and present it as either >> AD or whatever you need for another environment... >> >> One thing I'm not sure about, is if the RFC2307 schema in AD includes >> automounter information, for autofs?... >> > Not as standard, but the wiki has a page for it: > > https://wiki.samba.org/index.php/Samba_AD_schema_extensions > > Rowland >I am trying to setup Windows 2012R2 as the directory server . this is to migrate from a classic domain with Oracle ldap server backend for samba data, unix accounts, autofs etc. Samba 4 as an AD domain does not fully support trusts, and I don't feel comfortable using Samba as a directory server in a domain or forest that will have exchange servers. And if I am going thru migration pain I might as well just switch to Windows domain servers. I haven't worked with Windows 2016 yet. If I can get RFC2307bis schema added to the AD schema then that should take care of the major hurdle to implementing autofs support. With linux, autofs configuration is flexible to support the "old" RFC2307 autofs syntax. However, solaris expects the newer RFC2307bis syntax. If you don't have solaris then you can probably manage with the older syntax. I also have been looking at Centrify's web site- I don't think they provide a meta-directory, but instead they provide linux AD client software. This might make some of the administration and deployment simpler. I don't think it is essential.