samba - Apr 2018 - Share users across domains

A lot of administrative systems made by the institution, current  
domain, fileservers, glpi, cyrus mail, horde, gosa, svn, freeradius,  
dotproject, vcenter. Thats what I remebmber for now.

Citando Rowland Penny via samba <samba at lists.samba.org>:
> On Mon, 02 Apr 2018 12:09:39 +0000
> Rodrigo Abrantes Antunes via samba <samba at lists.samba.org> wrote:
>
>> I need LDAP for other uses, how could I have samba4 and ldap
>> without having 2 bases?
>
> Samba 4 when running as a DC has a version of LDAP built-in and this
> can usually be used very much in the same way as an openldap server.
>
> What do you need LDAP for ? just what programs do you need to connect
> to ldap ?
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read  
> theinstructions:  https://lists.samba.org/mailman/options/samba
-- 
Rodrigo Abrantes Antunes
Instituto Federal Sul-rio-grandense

On Mon, 02 Apr 2018 13:06:16 +0000
Rodrigo Abrantes Antunes via samba <samba at lists.samba.org> wrote:
>   A lot of administrative systems made by the institution, current  
> domain, fileservers, glpi, cyrus mail, horde, gosa, svn, freeradius,  
> dotproject, vcenter. Thats what I remebmber for now.
> 
OK, I just spent about 10 minutes searching the internet and found out
this:

current domain : can be replaced by Sanba AD
fileservers    : As above

glpi           : will work with AD, see here:
                 http://wiki.glpi-project.org/doku.php?id=en:ldap

cyrus mail     : This can probably be made to work with AD, but you
would probably be better off moving to Postfix/Dovecot

horde          : This will work with AD, but you will probably need to 
                 move to Dovecot

gosa           : You would probably be better off using LAM, this is
                 still being developed, unlike Gosa, which seems to
                 have stalled.

svn            : will work with AD

freeradius     : This definitely works with AD, see here
https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directory

dotproject     : will work with AD
vcenter        : will work with AD

What I am trying to say is, you will probably find it easier to make
your infrastructure work with AD, rather than trying to keep Samba 3
working. You may find it easier to move some of your systems to other,
newer packages, for instance, you could upgrade your email system to
something like Kopano.

You will certainly have something more secure than what you have at the
moment, especially if you use kerberos.

Rowland

I know these systems work with AD, the problem is the migration, I  
don't think is easy to migrate 5000 accounts from current systems to  
new systems. I will need to learn the sintaxes of all these new  
systems and this would take huge time because I know nothing of  
samba4, or AD, or dovecot, or kerberos and the boss whants the emails  
for students for next month. We don't plan to change cyrus/postfix and  
horde, whats the problem with them? I already tried kopano and the  
users hated it. And like I said there are a lot of internal  
administrative systems that were programmed (not by me) to work with  
ldap only, including some that are not opensource. A while ago I did  
research on how to migrate my current domain to samba4 and from what I  
understand it would be almost impossible or too difficult for my  
scenario

Citando Rowland Penny <rpenny at samba.org>:
> On Mon, 02 Apr 2018 13:06:16 +0000
> Rodrigo Abrantes Antunes via samba <samba at lists.samba.org> wrote:
>
>> A lot of administrative systems made by the institution, current
>> domain, fileservers, glpi, cyrus mail, horde, gosa, svn, freeradius,
>> dotproject, vcenter. Thats what I remebmber for now.
>
> OK, I just spent about 10 minutes searching the internet and found out
> this:
>
> current domain : can be replaced by Sanba AD
> fileservers    : As above
>
> glpi           : will work with AD, see here:
>                 http://wiki.glpi-project.org/doku.php?id=en:ldap
>
> cyrus mail     : This can probably be made to work with AD, but you
> would probably be better off moving to Postfix/Dovecot
>
> horde          : This will work with AD, but you will probably need to
>                 move to Dovecot
>
> gosa           : You would probably be better off using LAM, this is
>                 still being developed, unlike Gosa, which seems to
>                 have stalled.
>
> svn            : will work with AD
>
> freeradius     : This definitely works with AD, see here
>
https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directory
>
> dotproject     : will work with AD
> vcenter        : will work with AD
>
> What I am trying to say is, you will probably find it easier to make
> your infrastructure work with AD, rather than trying to keep Samba 3
> working. You may find it easier to move some of your systems to other,
> newer packages, for instance, you could upgrade your email system to
> something like Kopano.
>
> You will certainly have something more secure than what you have at the
> moment, especially if you use kerberos.
> Rowland
-- 
Rodrigo Abrantes Antunes
Instituto Federal Sul-rio-grandense