[Samba] NT4 SP3 PDC with MS Exchange 5.5 to Samba 3.x ldapbacked PDC and MS Exchange 5.5 still
gaiseric.vandal at gmail.com
Fri Oct 28 09:04:36 MDT 2011
If you are getting rid of the exchange server it seems a lot of work to
do the trusts thing. Having outlook remember your password isn't a
major problem. Except of course then people are pretty likely to have
forgotten their e-mail password if they ever use another PC.
I have found Samba trusts to be fairly painful. I had a Samba 3.0.x PDC
(LDAP backend) which I tried having a trust with a Windows 2003
domain. In order for trusts to work, the Samba machine uses Idmap to
create a range of unix uid's and gid's for the trusted Windows users.
With Samba 3.0.x, these idmap entries were created but would stop
working after the cache period expired. I don't know why. When I
moved to Samba 3.4.x, the expiration issue went away but then idmap
entries were not automatically. We didn't have many people in the
Windows 2003 domain so I can manually create idmap entries as needed.
My gut feeling is that any changes you make to support Windows 7
machines will break compatibility with legacy machines (e.g. NT4) or
the domain trusts- altho installing the latest NT4 SP pack (6a?) may help.
Could you make migrate the PDC role from your NT server to a samba 3.4.x
or 3.5.x server? I don't think Exchange 5.5 has to be on the domain
At my work we have a Samba domain for most of the users and computers.
We also have a separate untrusted Win 2008 domain just to support our
Exchange 2007 server. It would be nice if we could consolidate to a
single domain (or at least a single Active Directory tree) but for the
moment people have to maintain separate e-mail accounts.
FYI- I had a look at the latest version of Zimbra- it looks like a
pretty nice product for a small business, if you decide not to go with
the hosting route. I do like Exchange 2007 but it can be a big
challenge to set up and maintain, and you really have to have a
background with Active Directory and Exchange. Not what I would use
for a really small site.
On 10/28/2011 10:34 AM, Derek Werthmuller wrote:
> Looking to make some changes to an old but working LAN, that has about 10
> samba servers serving printers and network shares and a NT 4 PDC server with
> Exchange 5.5 on it. The samba servers are members of the nt4 domain, XP
> systems are members of the nt 4 domain also. Samba servers are ldapbacked.
> We use the ldap component directly to login to the Linux servers.
> I'd like to be able to support windows 7 clients as domain members, right
> now the clients are all XP. The plan I'm considering is building a new
> domain with the latest version of samba 3.x stable series for my RHEL6
> servers, join my new windows clients to that domain and create a trust
> relationship to the NT 4 domain. The existing samba servers can be joined
> to the new domain so that only the email server will be in the old domain.
> The idea behind the trust
> relationship is so that entering email for my users can be just a click and
> won't have to login again. We'd want to keep the ldap backend capability
> Keeping the exchange is really a stop gap till we can move that function to
> the cloud.
> Have others done similar upgrades successfully? Does this sound reasonable?
> Is the trust relationship overkill and likely to cause problems? (tell users
> to cache the outlook login and be done)
> Derek Werthmuller
> Director of Technology Innovation and Services
> Center for Technology in Government
More information about the samba