[Samba] Share users across domains

Mon Apr 2 13:00:24 UTC 2018

I moved from Samba 3 to Samba 4, with samba domain controllers and 
remaining in a classic domain several years ago with out too much 
trouble.     Obviously backup your /etc/samba and /var/lib/samba (or 
similar) directories. Default settings will change between versions so 
you do have to plan for some troubleshooting.             The safer 
approach may be to setup a new domain controller as a BDC and see how 
that works out.

With classic domains, trusts are completely unreliable.

With Samba AD domains, I believe trusts are not completely implemented.

In short, don't plan for using trusts with samba domains.   And a lot of 
what you use trusts for can be done with OU's instead.

I have to say I am a little surprised any one can make Samba 3 work any 
more (unless they are NOT patching all their windows systems.)

On 04/02/18 08:09, Rodrigo Abrantes Antunes via samba wrote:
>  I need LDAP for other uses, how could I have samba4 and ldap without 
> having 2 bases?
>
>
> Citando Harry Jede via samba <samba at lists.samba.org>:
>
>> Am Dienstag, 27. März 2018, 21:58:22 CEST schrieb Rowland Penny:
>>> On Tue, 27 Mar 2018 22:41:15 +0200
>>>
>>> Harry Jede via samba <samba at lists.samba.org> wrote:
>>> Am Dienstag, 27. März 2018, 14:25:47 CEST schrieb Rodrigo Abrantes
>>>
>>> Antunes via samba:
>>>>    I forgot to mention, I'm using samba 3.
>>>
>>> OK. Quiet old thingy :-(
>>>
>>> you should read realy old docs:
>>> https://www.samba.org/samba/docs/old/Samba3-HOWTO/
>>> InterdomainTrusts.html
>>>
>>> chapter : Interdomain Trust Facilities
>>>
>>> Have fun
>>>
>>> Please don't give the OP ideas,
>>
>> Why not? Are you my master of any kind?
>>
>>> Samba 3 is dead
>>
>> Yes
>>
>>> and shouldn't be used
>>
>> Yes
>>
>>> to set up anything new.
>>
>> Hmmh, I thought the op uses two samba3 (NT) style domain with
>> thousands of users.
>>
>>> I can understand maintaining an existing
>>> NT4-style domain, but not setting up a new one.
>>>
>>> It gets harder and harder to keep windows machines working with an
>>> NT4-style domain,
>>
>> No and no,
>> M$ trys to set up new windows client installations to not work with NT-
>> Domains. And yes, that is ok if security is the thing what one prefers.
>>
>> But sometimes sysadmins has other reasons to use old software and wish
>> support.
>>
>>> it doesn't make sense to set up a new one, not when
>>> it is easier to set up and maintain an AD domain.
>>
>> Yes
>>
>> @ Rodrigo Abrantes Antunes
>> An idea to get things to work:
>>
>> Setup a testbed with current samba version.
>> Their are to many changes from old samba3 to current release. You should
>> not expect that old config statements will work with newer releases of
>> samba. So try to find out which server statements in smb.conf maps to
>> your old behaviour.
>>
>> If this is OK for you, try the domain join. But do not expect, that 
>> the join
>> command works as described in the old docs. You are using much newer
>> software.
>>
>> PS
>> And yes, NT style domains are insecure from the first day I have seen
>> them. Are Ad domains secure???
>>
>>> Rowland
>>
>> -- 
>>
>> Gruss
>>         Harry Jede
>> -- 
>> To unsubscribe from this list go to the following URL and read 
>> theinstructions:  https://lists.samba.org/mailman/options/samba