[Samba] Samba4 DC, Auth on linux side

Ricky Nance ricky.nance at weaubleau.k12.mo.us
Sat Feb 23 11:47:17 MST 2013

I've not personally tried this, but have you seen how to setup this with a
windows AD. I think it is a bit different , but should be possible.
Remember that samba AD should work exactly as a windows AD as far as most
programs are concerned.

On Feb 23, 2013 11:56 AM, "Chris Fischer" <chris_f at gmx.net> wrote:

> Hi Thomas,
> thank you for your answer. I managed to add posix attributes and found the
> "Unix Attributes" tab. It is working but always gives me an "not allowed
> error".
> It seems to be a good idea to keep the existing Windows/*nix users and get
> S4 AD running stable und reliable. The second part would be to think about
> migration to winbind.
> So i have time to find a good solution for managing postfix and cyrus
> accounts via a directory in our company.
> Regards Chris
> Am 19.02.2013 12:56, schrieb Thomas Simmons:
>> Hello Chris,
>> It's pretty simple to add posix attributes via ADUC - there is a "UNIX
>> Attributes" tab. The hardest part for me is remembering to go into that
>> tab
>> and enable it when I create new users :) If you already have these
>> attributes with your S3 domain, classicupgrade will migrate them. With S3,
>> I used plain LDAP auth for all of my *nix systems, and for things like
>> Apache, OpenVPN (by way of a custom auth script), Request Tracker, etc...
>> We also have several in-house apps that were written to use LDAP. I
>> decided
>> to stay with LDAP authentication for the time being, since it only
>> required
>> a few config edits, though I will likely deploy new systems using winbind.
>> On Mon, Feb 18, 2013 at 4:57 PM, Chris Fischer <chris_f at gmx.net> wrote:
>>  Hi all,
>>> i'm searching the web up and down for a while now.
>>> I had set up an Samba4 AD from debian packages successfully. Now the goal
>>> is, like S3 with LDAP, to use this AD for linux purposes.
>>> At first for auth, later to bind postfix and other services to read the
>>> directory. (When tests are successfull, i will migrate an existing
>>> S3/OpenLDAP to S4s Active Directory.
>>> Now it is difficult for me to find best practises for my project.
>>> - Should I add posix attributes to my Domain Users and how to use this
>>> approach in an easy way with ADUC or other tools and read them with
>>> nslcd.
>>> or
>>> - Should I use nslcd without posix attributes and configure some mappings
>>> like creating uidNumber from the SID
>>> or
>>> - should I use WINBIND for auth. But I have found discussions about
>>> different winbind behavior depending on S4 is used as DC or member server
>>> in AD. In production mode, there will be the need to have linux auth on
>>> the
>>> DC and one member server (NAS). So it would nice to get the same behavior
>>> on both servers.
>>> Thanks for your advice.
>>> Chris Fischer
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/****mailman/options/samba<https://lists.samba.org/**mailman/options/samba>
>>> <https://**lists.samba.org/mailman/**options/samba<https://lists.samba.org/mailman/options/samba>
>>> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/**mailman/options/samba<https://lists.samba.org/mailman/options/samba>

More information about the samba mailing list