Samba and ADS
t.d.lee at durham.ac.uk
Wed Mar 27 06:55:07 GMT 2002
(This "how do I do X" question would normally almost certainly belong on
the "samba" list. But it is ultimately about Active Directory, and about
2.2.x->3.x transition, hence my putting on "samba-technical".)
Executive summary of questions:
1. What version of Samba do I need for ADS? Will trusty 2.2.3a suffice
for demonstration purposes? Or do I need SAMBA_2_2? Or HEAD?
2. What are the minimum necessary adjustments to migrate from 2.2.x to
For several years, we've been comfortably running Samba 2.0.x and 2.2.x on
Solaris servers. Authentication is done against UNIX: the relevant
"/etc/nsswitch.conf" line is:
passwd: files nis
That is, we run a UNIX service with UNIX users: Samba is simply "just UNIX
another service" (alongside telnet, pop, imap, etc.). Implicit in this is
plaintext (ugh!) set on the PCs. Delightfully simple and works fine.
In the next couple of weeks, we need to verify Samba against Active
Directory, with a view to wholesale migration later in the year (more
ugh!). So I'm setting up a small "close as reasonably possible" parallel
UNIX quasi-service. For instance "pam.conf" has its "pam_unix.so.1"
replaced with "pam_krb5.so.1", and I'm heading towards "ldap" for getting
other pw information (gecos, home, shell, ...).
1. Can Samba 2.2.3a be used for demonstration of this? Or do I have to go
to SAMBA_2_2 CVS or (more likely) HEAD?
2. I tried "HEAD" in our old system, using our old "./configure" (although
augmented with a "--with-pam") but that is not working at all.
[2002/03/26 17:00:05, 2] ../passdb/pdb_smbpasswd.c:startsmbfilepwent(201)
startsmbfilepwent_internal: unable to open file /etc/samba/private/smbpasswd. Error was No such file or directory
[2002/03/26 17:00:05, 0] ../passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1454)
unable to open passdb database.
(Our existing system doesn't have smbpasswd; simply use UNIX/NIS.)
I noticed that the "encrypt password" default changed from "no" to
"yes" (2.2.x -> HEAD), so have adjusted that.
How do we retain this existing UNIX/NIS functionality (even though our
ultimate aim is ADS) with HEAD/3.x ?
3. Is there a document for site admins describing required conversion
issues (e.g. "encrypt password" default) from 2.2.x to HEAD/3.x ?
Thanks in advance.
: David Lee I.T. Service :
: Systems Programmer Computer Centre :
: University of Durham :
: http://www.dur.ac.uk/t.d.lee/ South Road :
: Durham :
: Phone: +44 191 374 2882 U.K. :
More information about the samba-technical