[Samba] Samba4 DC, Auth on linux side

Chris Fischer chris_f at gmx.net
Sat Feb 23 10:55:58 MST 2013

Hi Thomas,

thank you for your answer. I managed to add posix attributes and found 
the "Unix Attributes" tab. It is working but always gives me an "not 
allowed error".

It seems to be a good idea to keep the existing Windows/*nix users and 
get S4 AD running stable und reliable. The second part would be to think 
about migration to winbind.

So i have time to find a good solution for managing postfix and cyrus 
accounts via a directory in our company.

Regards Chris

Am 19.02.2013 12:56, schrieb Thomas Simmons:
> Hello Chris,
> It's pretty simple to add posix attributes via ADUC - there is a "UNIX
> Attributes" tab. The hardest part for me is remembering to go into that tab
> and enable it when I create new users :) If you already have these
> attributes with your S3 domain, classicupgrade will migrate them. With S3,
> I used plain LDAP auth for all of my *nix systems, and for things like
> Apache, OpenVPN (by way of a custom auth script), Request Tracker, etc...
> We also have several in-house apps that were written to use LDAP. I decided
> to stay with LDAP authentication for the time being, since it only required
> a few config edits, though I will likely deploy new systems using winbind.
> On Mon, Feb 18, 2013 at 4:57 PM, Chris Fischer <chris_f at gmx.net> wrote:
>> Hi all,
>> i'm searching the web up and down for a while now.
>> I had set up an Samba4 AD from debian packages successfully. Now the goal
>> is, like S3 with LDAP, to use this AD for linux purposes.
>> At first for auth, later to bind postfix and other services to read the
>> directory. (When tests are successfull, i will migrate an existing
>> S3/OpenLDAP to S4s Active Directory.
>> Now it is difficult for me to find best practises for my project.
>> - Should I add posix attributes to my Domain Users and how to use this
>> approach in an easy way with ADUC or other tools and read them with nslcd.
>> or
>> - Should I use nslcd without posix attributes and configure some mappings
>> like creating uidNumber from the SID
>> or
>> - should I use WINBIND for auth. But I have found discussions about
>> different winbind behavior depending on S4 is used as DC or member server
>> in AD. In production mode, there will be the need to have linux auth on the
>> DC and one member server (NAS). So it would nice to get the same behavior
>> on both servers.
>> Thanks for your advice.
>> Chris Fischer
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/**mailman/options/samba<https://lists.samba.org/mailman/options/samba>

More information about the samba mailing list