[Samba] what architecture is required for having a samba working ?

Valéry Roché valery.roche at univ-poitiers.fr
Thu Apr 7 07:10:49 MDT 2011


Hi list,

Some years ago, here at University of Poitiers, we used something called Netware. But it was 
expensive, so it was decided to abandonned it : some services migrated to samba and OpenLDAP, and 
others migrated to Windows Server.

So now, Win7 is coming, and unfortunately we can't use Samba2 anymore. So the solution should be to 
use Samba3, wich supports Win7.

But (yes there is always a but) : we won't have the possibility to use AD features like GPOs, wich 
are THE thing that our local administrators are asking for (and this explains why some of them 
migrated to WinServer).
By abandonning Netware, we lost the confort of managing a tree of our computers and users, this is a 
bad thing.

Our environment is very heterogeneous, an it seems hard to change some of our sensible services like 
DNS (local DNS is operated by a Windows Server 2003 machine) or LDAP (yes we use LDAP for all 
informations about our users).

So here is my question : is it possible to integrate a Samba4 server in this environement that could 
be used as AD server. I thought we could join some Samba3 to this AD in order to use our LDAP 
authentication service.

I'm making some tests with virtual machines, Samba4 works fine, it's possible to join computers to 
the domain, but GPOs are not working on Win7 (but working on WinXP) : why ? Is it because I don't 
run Bind9 on the samba4 and try to refer to our Win2003 DNS based service ?
When playing with the console (running under Win7), I sometimes have a message indicating some 
inconsistancies with the AD server.

It seems kerberos doesnt work too : "Cannot contact any KDC for requested realm: unable to reach any 
KDC in realm". Can't find any suitable configuration example.

I don't know where to search for informations, as I can't find any more useable informations about 
my problems. I'm afraid that if we can't make Samba4 working as a global AD we will soon switch to a 
global M$ infrastructure...

Below the configuration files I'm using :

*--- /usr/local/samba/etc/smb.conf ---*

# Global parameters
[global]
         server role = domain controller
         workgroup = MONONOKE
         realm = sci.univ-poitiers.fr
         netbios name = GHIBLI
         setup directory = setup/

[netlogon]
         path = /usr/local/samba/var/locks/sysvol/ghibli.sci.univ-poitiers.fr/scripts
         read only = No

[sysvol]
         path = /usr/local/samba/var/locks/sysvol
         read only = No




*--- /etc/krb5.conf --- *

[libdefaults]
         default_realm = sci.univ-poitiers.fr
         dns_lookup_realm = false
         dns_lookup_kdc = false
         default_etypes = des-cbc-crc des-cbc-md5
         default_etypes_des = des-cbc-crc des-cbc-mb5

         [appdefaults]
         proxiable = true
         ticket_lifetime = 24h
         debug = false
         ticket_lifetime = 36000
         renew_lifetime = 36000
         forwardable = true
         krb4_convert = false


         [realm]
         SCI.UNIV-POITIERS.FR = {
           kdc = ghibli.sci.univ-poitiers.fr
           admin_server = ghibli.sci.univ-poitiers.fr
           default_domain = ghibli.sci.univ-poitiers.fr
         }

         [domain_realm]
         ghibli.sci.univ-poitiers.fr = SCI.UNIV-POITIERS.FR

         sci.univ-poitiers.fr = SCI.UNIV-POITIERS.FR



More information about the samba mailing list