[Samba] NT4 SP3 PDC with MS Exchange 5.5 to Samba 3.x ldapbac ked PDC and MS Exchange 5.5 still
Derek Werthmuller
dwerthmu at ctg.albany.edu
Fri Oct 28 11:56:35 MDT 2011
Thanks for the advice - Good to know not to go down the trust relationship
path. A seperate domain does sound like a good path. Leave the existing
nt/exchange setup as just an email platform. Users are likely to need to
login again once we move that email/calendar/contacts funtion to the cloud
anyway.
Gives a nice clean migration path - here is your new win7 pc and your new
login for it.
Though I've also considered not making the new win7 domain members anyway.
They are all going laptops and staff are somewhat mobile to highly mobile.
When the domain is not avilable because of poor network link quality or no
network at all laptop performance suffers. I know this to be the case with
XP, I have no indication that its
any different with Win7.
Thanks
Derek
-----Original Message-----
From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
On Behalf Of Gaiseric Vandal
Sent: Friday, October 28, 2011 11:05 AM
To: samba at lists.samba.org
Subject: Re: [Samba] NT4 SP3 PDC with MS Exchange 5.5 to Samba 3.x
ldapbacked PDC and MS Exchange 5.5 still
If you are getting rid of the exchange server it seems a lot of work to do
the trusts thing. Having outlook remember your password isn't a major
problem. Except of course then people are pretty likely to have forgotten
their e-mail password if they ever use another PC.
I have found Samba trusts to be fairly painful. I had a Samba 3.0.x PDC
(LDAP backend) which I tried having a trust with a Windows 2003
domain. In order for trusts to work, the Samba machine uses Idmap to
create a range of unix uid's and gid's for the trusted Windows users.
With Samba 3.0.x, these idmap entries were created but would stop
working after the cache period expired. I don't know why. When I
moved to Samba 3.4.x, the expiration issue went away but then idmap
entries were not automatically. We didn't have many people in the
Windows 2003 domain so I can manually create idmap entries as needed.
My gut feeling is that any changes you make to support Windows 7 machines
will break compatibility with legacy machines (e.g. NT4) or the domain
trusts- altho installing the latest NT4 SP pack (6a?) may help.
Could you make migrate the PDC role from your NT server to a samba 3.4.x
or 3.5.x server? I don't think Exchange 5.5 has to be on the domain
controller.
At my work we have a Samba domain for most of the users and computers.
We also have a separate untrusted Win 2008 domain just to support our
Exchange 2007 server. It would be nice if we could consolidate to a
single domain (or at least a single Active Directory tree) but for the
moment people have to maintain separate e-mail accounts.
FYI- I had a look at the latest version of Zimbra- it looks like a pretty
nice product for a small business, if you decide not to go with
the hosting route. I do like Exchange 2007 but it can be a big
challenge to set up and maintain, and you really have to have a
background with Active Directory and Exchange. Not what I would use
for a really small site.
On 10/28/2011 10:34 AM, Derek Werthmuller wrote:
> Looking to make some changes to an old but working LAN, that has about 10
> samba servers serving printers and network shares and a NT 4 PDC server
with
> Exchange 5.5 on it. The samba servers are members of the nt4 domain, XP
> systems are members of the nt 4 domain also. Samba servers are
ldapbacked.
> We use the ldap component directly to login to the Linux servers.
>
> I'd like to be able to support windows 7 clients as domain members, right
> now the clients are all XP. The plan I'm considering is building a new
> domain with the latest version of samba 3.x stable series for my RHEL6
> servers, join my new windows clients to that domain and create a trust
> relationship to the NT 4 domain. The existing samba servers can be joined
> to the new domain so that only the email server will be in the old domain.
> The idea behind the trust
> relationship is so that entering email for my users can be just a click
and
> won't have to login again. We'd want to keep the ldap backend capability
> too.
>
> Keeping the exchange is really a stop gap till we can move that function
to
> the cloud.
>
> Have others done similar upgrades successfully? Does this sound
reasonable?
>
> Is the trust relationship overkill and likely to cause problems? (tell
users
> to cache the outlook login and be done)
>
> Thanks
> Derek
>
> Derek Werthmuller
> Director of Technology Innovation and Services
> Center for Technology in Government
> 518.442.3892
> www.ctg.albany.edu<www.ctg.albany.edu>
>
>
>
>
>
>
>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list