Samba3 domain controller howto?

Mister Olli mister.olli at googlemail.com
Mon Jun 8 12:27:32 UTC 2009


Hi,

I used the following procedure to install samba4 on a freebsd box:
http://wiki.samba.org/index.php/Samba4/HOWTO

in my current setup (which is about 4 months old) the following this do
not work:
- active directory groups did somehow not work as expected, but I didn't
had the time to look deeper into it
- updating DNS records within named, as the version freebsd comes with
does not support the GSSAPI. if someone finds a way to replace builtin
named with a newer version please drop me an email.
- stability (didn't had the time to examine the segfaults further.) I
already had contact about this issue with andrew bartlett from the
developer team and they are willing to fix this issues when they have
enough informations.

look here (http://wiki.samba.org/index.php/Franky) for informations
about the 'franky' release and how to compile it. seems to be simple if
you're a little bit familiar with samba.
I didn't had the time to look and test, and surely won't have any until
mid-august.

so it would be great to hear your experiences :-)

Regards,
---
Mr. Olli


On Mon, 2009-06-08 at 07:40 -0400, Dave wrote:
> Hi,
> Do you have a procedure for getting samba4 going? If it can do active
> directory i'd like to try it. And get it all going, with samba3 as well.
> Thanks.
> Dave.
>  
> 
> -----Original Message-----
> From: owner-freebsd-questions at freebsd.org
> [mailto:owner-freebsd-questions at freebsd.org] On Behalf Of Mister Olli
> Sent: Monday, June 08, 2009 7:18 AM
> To: Tim Judd
> Cc: Olivier Nicole; freebsd-questions at freebsd.org; redtick at sbcglobal.net
> Subject: Re: Samba3 domain controller howto?
> 
> hi,
> 
> > yes, you are mis-understanding
> > 
> > samba itself is a NT4-type domain.
> not quite right. It depends on the samba version your using.
> - samba3 only provides NT4-type domains
> - samba4 provides active directory domain types including GPO (I have such a
> setup running in 7.<SOMETHING> with around 10 users. It works quite good,
> beside the fact that samba segfaults from time to time (which I covered by
> running samba4 in foreground within an endless bash.-loop)).
> 
> there is even a new build-option that creates the 'samba franky' release
> which uses samba3 & samba4 at the same time to make nearly all samba3
> feature in combination with AD environments available, but it didn't have
> the time to look into that. But it sounds quite promising, since
> samba4 lacks some features samba3 already has.
> 
> 
> Regards,
> ---
> Mr. Olli
> 
> 
> > samba can use authentication backends that include passwd files, LDAP 
> > and kerberos.  Active directory is a requirement to use LDAP, whereas 
> > samba is offering it as a auth backend only.
> > 
> > fine line, I know.
> > 
> > IOW, whereas Active Directory - as a technology:
> >   Uses kerberos for authorization
> >   Uses LDAP for a storage backend for Kerberos
> >   Uses user at domain logins (thanks to Kerberos),
> >   Uses other techs not related to this thread
> > 
> > NT4-style domains - as a technology:
> >   Not using Kerberos
> >   Not using LDAP storage
> > 
> > Samba allows it's authorization backend to offer more possibilities 
> > than NT4's own methods.  Such as passwd files, LDAP, Kerberos, etc.
> > 
> > 
> > It's technology vs technology, not product vs product.
> > 
> > 
> > On 6/7/09, Olivier Nicole <on at cs.ait.ac.th> wrote:
> > > Hi,
> > >
> > >> Samba is still only a NT4-type
> > >> DC, no Active Directory type of function (Group Policies, 
> > >> user at domain logins, kerberos, ldap, etc)
> > >
> > > I am not sure if I understand you well, but my samba is 
> > > authenticating users agaiinst LDAP.
> > >
> > > Best regards,
> > >
> > > Olivier
> > >
> > _______________________________________________
> > freebsd-questions at freebsd.org mailing list 
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
> 
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
> 



More information about the freebsd-questions mailing list