[Samba] NT4 SP3 PDC with MS Exchange 5.5 to Samba 3.x ldapbacked PDC and MS Exchange 5.5 still

Gaiseric Vandal gaiseric.vandal at gmail.com
Fri Oct 28 09:04:36 MDT 2011

If you are getting rid of the exchange server it seems a lot of work to 
do the trusts thing.  Having outlook remember your password isn't a 
major problem.  Except of course then people are pretty likely to have 
forgotten  their e-mail password if they ever use another PC.

I have found Samba trusts to be fairly painful.  I had a Samba 3.0.x PDC 
(LDAP backend) which I tried having a trust with a Windows 2003 
domain.    In order for trusts to work, the Samba machine uses Idmap to 
create a range of unix uid's and gid's for the trusted Windows users.    
With Samba 3.0.x, these idmap entries were created but would stop 
working after the cache period expired.    I don't know why.  When I 
moved to Samba 3.4.x, the expiration issue went away but then idmap 
entries were not automatically.   We didn't have many people in the 
Windows 2003 domain so I can manually create idmap entries as needed.

My gut feeling is that any changes you make to support Windows 7 
machines will break compatibility with legacy machines  (e.g. NT4) or 
the domain trusts-  altho installing the latest NT4 SP pack (6a?) may help.

Could you make migrate the PDC role from your NT server to a samba 3.4.x 
or 3.5.x server?   I don't think Exchange 5.5 has to be on the domain 

At my work we have a Samba domain for most of the users and computers.  
We also have a separate untrusted  Win 2008 domain just to support our 
Exchange 2007 server.    It would be nice if we could consolidate to a 
single domain (or at least a single Active Directory tree) but for the 
moment people have to maintain separate e-mail accounts.

FYI-  I had a look at the latest version of Zimbra- it looks like a 
pretty nice product for a small business, if you decide not to go with 
the hosting route.    I do like Exchange 2007 but it can be a big 
challenge to set up and maintain, and you really have to have a 
background with Active Directory and Exchange.    Not what I would use 
for a really small site.

On 10/28/2011 10:34 AM, Derek Werthmuller wrote:
> Looking to make some changes to an old but working LAN, that has about 10
> samba servers serving printers and network shares and a NT 4 PDC server with
> Exchange 5.5 on it.  The samba servers are members of the nt4 domain, XP
> systems are members of the nt 4 domain also.  Samba servers are ldapbacked.
> We use the ldap component directly to login to the Linux servers.
> I'd like to be able to support windows 7 clients as domain members, right
> now the clients are all XP.  The plan I'm considering is building a new
> domain with the latest version of samba 3.x stable series for my RHEL6
> servers, join my new windows clients to that domain and create a trust
> relationship to the NT 4 domain.  The existing samba servers can be joined
> to the new domain so that only the email server will be in the old domain.
> The idea behind the trust
> relationship is so that entering email for my users can be just a click and
> won't have to login again.  We'd want to keep the ldap backend capability
> too.
> Keeping the exchange is really a stop gap till we can move that function to
> the cloud.
> Have others done similar upgrades successfully?  Does this sound reasonable?
> Is the trust relationship overkill and likely to cause problems? (tell users
> to cache the outlook login and be done)
> Thanks
> 	Derek
> Derek Werthmuller
> Director of Technology Innovation and Services
> Center for Technology in Government
> 518.442.3892
> www.ctg.albany.edu<www.ctg.albany.edu>

More information about the samba mailing list