Samba and ADS

David Lee t.d.lee at durham.ac.uk
Wed Mar 27 06:55:07 GMT 2002 

(This "how do I do X" question would normally almost certainly belong on
the "samba" list.  But it is ultimately about Active Directory, and about
2.2.x->3.x transition, hence my putting on "samba-technical".) 

Executive summary of questions:

1. What version of Samba do I need for ADS?  Will trusty 2.2.3a suffice
   for demonstration purposes?  Or do I need SAMBA_2_2?  Or HEAD?

2. What are the minimum necessary adjustments to migrate from 2.2.x to
   HEAD/3.x ?


Detail:

For several years, we've been comfortably running Samba 2.0.x and 2.2.x on
Solaris servers.  Authentication is done against UNIX: the relevant
"/etc/nsswitch.conf" line is:
   passwd:     files nis

That is, we run a UNIX service with UNIX users: Samba is simply "just UNIX
another service" (alongside telnet, pop, imap, etc.).  Implicit in this is
plaintext (ugh!) set on the PCs.  Delightfully simple and works fine. 

In the next couple of weeks, we need to verify Samba against Active
Directory, with a view to wholesale migration later in the year (more
ugh!).  So I'm setting up a small "close as reasonably possible" parallel
UNIX quasi-service.  For instance "pam.conf" has its "pam_unix.so.1" 
replaced with "pam_krb5.so.1", and I'm heading towards "ldap" for getting
other pw information (gecos, home, shell, ...).

1. Can Samba 2.2.3a be used for demonstration of this?  Or do I have to go
   to SAMBA_2_2 CVS or (more likely) HEAD?

2. I tried "HEAD" in our old system, using our old "./configure" (although
   augmented with a "--with-pam") but that is not working at all.

      [2002/03/26 17:00:05, 2] ../passdb/pdb_smbpasswd.c:startsmbfilepwent(201)
        startsmbfilepwent_internal: unable to open file /etc/samba/private/smbpasswd. Error was No such file or directory
      [2002/03/26 17:00:05, 0] ../passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1454)
        unable to open passdb database.

   (Our existing system doesn't have smbpasswd; simply use UNIX/NIS.)
   I noticed that the "encrypt password" default changed from "no" to
   "yes" (2.2.x -> HEAD), so have adjusted that.

   How do we retain this existing UNIX/NIS functionality (even though our
   ultimate aim is ADS) with HEAD/3.x ?

3. Is there a document for site admins describing required conversion
   issues (e.g. "encrypt password" default) from 2.2.x to HEAD/3.x ?

Thanks in advance.

-- 

:  David Lee                                I.T. Service          :
:  Systems Programmer                       Computer Centre       :
:                                           University of Durham  :
:  http://www.dur.ac.uk/t.d.lee/            South Road            :
:                                           Durham                :
:  Phone: +44 191 374 2882                  U.K.                  :

More information about the samba-technical mailing list