[Samba] Re: Samba 3.0.2 & Exchange 2003 / Active Directory?
Dan
dwerder at rogers.com
Wed Feb 25 14:20:45 GMT 2004
Brandon
How did you deal with licensing then, don't you still have to pay
domain/AD client access licenses as well as Exchange client access licenses?
Brandon wrote:
> We have semi-successfully set up Samba 3.0.2 and Exchange 2003. Exchange
> 2003 requires Active Directory, however we wanted to still use Samba as a
> PDC in our domain. We set up Exchange in a Windows2000 separate domain and
> then established a one-way trust between the exchange domain and the samba
> domain (where the samba domain is the trusted domain). We established our
> users on Exchange and corresponding users on the Samba PDC.
>
> Getting Exchange to authenticate off the Samba PDC was tricky but not
> impossible. In Exchange you must set the msExchMasterAccountSid variable in
> Active Directory to the Samba domain SID of the mailbox's owner. Microsoft
> has documented this procedure in KB article 278888:
> http://support.microsoft.com/default.aspx?scid=kb;en-us;278888
> This procedure will make the Samba SID (account) the owner of the exchange
> mailbox; the corresponding account in the exchange domain becomes disabled.
> It is essential to set exchange up this way or else OWA, public folders,
> mailbox sharing, and other exchange features will not work correctly. It is
> not enough to just check the "Associated External Rights" box without
> following the steps to set the msExchMasterAccountSid variable. Failing to
> set this attribute will cause Exchange to randomly bounce emails and other
> features to work sporadically.
>
> To get Outlook Web Access to work properly with this setup you must disable
> Integrated Windows Authentication in IIs for the all virtual directories
> associated with exchange (exchange, public, exchweb). Instead use Basic
> Authentication where the domain name is the Samba domain. Be aware this
> sends the users password unencrypted so be sure you are using SSL when you
> authenticate a user. This solution will all Exchange to authenticate off
> the Samba PDC domain when using OWA.
>
> We ran into a little trouble when trying to set up the Samba-Windows2000
> trusts. When trying two-way trusts, everything would work fine for a few
> hours, but then Windows2000 would stop letting us view the Samba PDC users
> (which we needed because we had to associate these accounts with mailboxes).
> Two-way windows2000 trusts aren't working too well yet it seems, however
> Exchange only needs a one way trust. The one-way trust solution (with Samba
> as the trusted domain) has been working fine.
>
> Associating Samba accounts with Exchange mailboxes using this procedure may
> not work for more then 100 or so accounts. I am sure there is a way to do
> it programmatically, such as KB article 322890:
> http://support.microsoft.com/default.aspx?scid=kb;en-us;322890
>
> - Brandon
>
More information about the samba
mailing list