[Samba] what architecture is required for having a samba working ?
Valéry Roché
valery.roche at univ-poitiers.fr
Thu Apr 7 07:10:49 MDT 2011
Hi list,
Some years ago, here at University of Poitiers, we used something called Netware. But it was
expensive, so it was decided to abandonned it : some services migrated to samba and OpenLDAP, and
others migrated to Windows Server.
So now, Win7 is coming, and unfortunately we can't use Samba2 anymore. So the solution should be to
use Samba3, wich supports Win7.
But (yes there is always a but) : we won't have the possibility to use AD features like GPOs, wich
are THE thing that our local administrators are asking for (and this explains why some of them
migrated to WinServer).
By abandonning Netware, we lost the confort of managing a tree of our computers and users, this is a
bad thing.
Our environment is very heterogeneous, an it seems hard to change some of our sensible services like
DNS (local DNS is operated by a Windows Server 2003 machine) or LDAP (yes we use LDAP for all
informations about our users).
So here is my question : is it possible to integrate a Samba4 server in this environement that could
be used as AD server. I thought we could join some Samba3 to this AD in order to use our LDAP
authentication service.
I'm making some tests with virtual machines, Samba4 works fine, it's possible to join computers to
the domain, but GPOs are not working on Win7 (but working on WinXP) : why ? Is it because I don't
run Bind9 on the samba4 and try to refer to our Win2003 DNS based service ?
When playing with the console (running under Win7), I sometimes have a message indicating some
inconsistancies with the AD server.
It seems kerberos doesnt work too : "Cannot contact any KDC for requested realm: unable to reach any
KDC in realm". Can't find any suitable configuration example.
I don't know where to search for informations, as I can't find any more useable informations about
my problems. I'm afraid that if we can't make Samba4 working as a global AD we will soon switch to a
global M$ infrastructure...
Below the configuration files I'm using :
*--- /usr/local/samba/etc/smb.conf ---*
# Global parameters
[global]
server role = domain controller
workgroup = MONONOKE
realm = sci.univ-poitiers.fr
netbios name = GHIBLI
setup directory = setup/
[netlogon]
path = /usr/local/samba/var/locks/sysvol/ghibli.sci.univ-poitiers.fr/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
*--- /etc/krb5.conf --- *
[libdefaults]
default_realm = sci.univ-poitiers.fr
dns_lookup_realm = false
dns_lookup_kdc = false
default_etypes = des-cbc-crc des-cbc-md5
default_etypes_des = des-cbc-crc des-cbc-mb5
[appdefaults]
proxiable = true
ticket_lifetime = 24h
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
[realm]
SCI.UNIV-POITIERS.FR = {
kdc = ghibli.sci.univ-poitiers.fr
admin_server = ghibli.sci.univ-poitiers.fr
default_domain = ghibli.sci.univ-poitiers.fr
}
[domain_realm]
ghibli.sci.univ-poitiers.fr = SCI.UNIV-POITIERS.FR
sci.univ-poitiers.fr = SCI.UNIV-POITIERS.FR
More information about the samba
mailing list