[Samba] What is Samba_dsdb???
Rowland Penny
rowlandpenny at googlemail.com
Sat Oct 25 16:44:46 MDT 2014
On 25/10/14 23:32, Greg Zartman wrote:
> On Sat, Oct 25, 2014 at 3:26 PM, Rowland Penny
> <rowlandpenny at googlemail.com <mailto:rowlandpenny at googlemail.com>> wrote:
>
> Hi Greg, it has been some time since I tried out SME, but if I
> remember correctly it is based on Centos, if this is correct, then
> things got a bit easier for you. Forget using Samba as an AD DC,
> you cannot at this time setup a DC on Centos, just migrate your
> samba 3.6 setup to whatever version of samba comes with whatever
> version of Centos you are basing SME on, this will allow you to
> use openldap as before.
>
>
> Yep, your memory is correct. The CORE distro is Centos. Right now
> Samba 3.6 is working fine for legacy type domains (NT4), simple
> shares, domain membership; and we have a good implementation of an
> OpenLDAP auth backend.
>
> What I'm doing is looking forward to True Samba 4 AD and working to
> build a deployment for an alpha type release of SME Server. I've
> rebuild the Sernet Samba 4 packages for SME Server (Centos) and they
> work just fine for providing the Samba AD tools.
>
> I'm just having a hard time wrapping my brain around around the AD
> auth in Samba 4 versus our older OpenLDAP auth. Is it true that many
> of the LDAP parameters in the smb.conf man pages really don't apply to
> Samba 4 AD DC config?
>
> Thanks!
>
> Greg
Yes, you can probably forget most if not all of the LDAP parameters,
samba4 in AD Mode just doesn't work like samba3.6 + openldap.
You probably have something like this in smb.conf:
# Global parameters
[global]
workgroup = EXAMPLE
realm = example.com
netbios name = DC1
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
drepl, winbind, ntp_signd, kcc, dnsupdate
idmap_ldb:use rfc2307 = yes
[netlogon]
path = /var/lib/samba/sysvol/example.com/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
As you can see, there are no ldap lines!
What you have to understand is that you need to connect to samba4 AD
just like you would connect to windows AD and will need to use different
commands i.e samba-tool and/or ldb-tools for instance.
You can extend the schema fairly easily, autofs, sudo etc are being used
fairly extensively.
Rowland
More information about the samba
mailing list