Samba4 ADS BDC howto/help/status, please?
Andrew Bartlett
abartlet at samba.org
Fri Jan 22 02:57:08 MST 2010
On Thu, 2010-01-21 at 14:28 -0400, Brian Dickson wrote:
> Hi,
>
> I'm interested in deploying Samba4 in a non-critical (but very useful!) role, as an AD backup DC, for authentication purposes only.
>
> Specifically, the environment in which this is to be deployed is:
>
> (A) An AD PDC (and two BDCs) all running Windows Server 2003 SP2 (not, unfortunately, R2 :-) ).
>
> (B) Lots of users and groups, for some smallish value of "lots" (a few dozen).
>
> (C) Add to this, the desire to have Linux host(s) which will authenticate users via PAM with one of pam_winbind, pam_ldap, and/or pam_krb5, by way of Samba4.
>
> The need to have a Linux host do the mappings between UID/GID, and RID/SID (or whatever *ID exists), is why I think Samba4 as BDC (possibly read-only) would be ideal. Samba3 only supports queries against AD PDC with the "support for unix" stuff that came in R2, or against a stand-alone Linux Samba3 PDC.
I don't think Samba4 is useful here. To add the UID/GID mappings you
need to extend the AD schema. once you do that (with extra schema
elements that just happen to match the ones in 2003 R2 - ie as if you
were preparing to upgrade to 2003 R2) then you can use the idmap_ad
against it.
Or, if you can't do that, then I understand you can share the UID/GID
mappings on a distinct OpenLDAP server.
> P.S. Sorry for posting to -technical, but I think this is probably the best case to get answers to the above...
samba-technical is the right place for Samba4 questions. I don't think
Samba4 is quite what you want here however. you could of course add a
Samba4 DC into the mix, but it would not add value in the area you
desire.
Andrew Bartlett
--
Andrew Bartlett <abartlet at samba.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100122/e87ffb7f/attachment.pgp>
More information about the samba-technical
mailing list