[Samba] Share users across domains
gaiseric.vandal at gmail.com
Mon Apr 2 13:00:24 UTC 2018
I moved from Samba 3 to Samba 4, with samba domain controllers and
remaining in a classic domain several years ago with out too much
trouble. Obviously backup your /etc/samba and /var/lib/samba (or
similar) directories. Default settings will change between versions so
you do have to plan for some troubleshooting. The safer
approach may be to setup a new domain controller as a BDC and see how
that works out.
With classic domains, trusts are completely unreliable.
With Samba AD domains, I believe trusts are not completely implemented.
In short, don't plan for using trusts with samba domains. And a lot of
what you use trusts for can be done with OU's instead.
I have to say I am a little surprised any one can make Samba 3 work any
more (unless they are NOT patching all their windows systems.)
On 04/02/18 08:09, Rodrigo Abrantes Antunes via samba wrote:
> I need LDAP for other uses, how could I have samba4 and ldap without
> having 2 bases?
> Citando Harry Jede via samba <samba at lists.samba.org>:
>> Am Dienstag, 27. März 2018, 21:58:22 CEST schrieb Rowland Penny:
>>> On Tue, 27 Mar 2018 22:41:15 +0200
>>> Harry Jede via samba <samba at lists.samba.org> wrote:
>>> Am Dienstag, 27. März 2018, 14:25:47 CEST schrieb Rodrigo Abrantes
>>> Antunes via samba:
>>>> I forgot to mention, I'm using samba 3.
>>> OK. Quiet old thingy :-(
>>> you should read realy old docs:
>>> chapter : Interdomain Trust Facilities
>>> Have fun
>>> Please don't give the OP ideas,
>> Why not? Are you my master of any kind?
>>> Samba 3 is dead
>>> and shouldn't be used
>>> to set up anything new.
>> Hmmh, I thought the op uses two samba3 (NT) style domain with
>> thousands of users.
>>> I can understand maintaining an existing
>>> NT4-style domain, but not setting up a new one.
>>> It gets harder and harder to keep windows machines working with an
>>> NT4-style domain,
>> No and no,
>> M$ trys to set up new windows client installations to not work with NT-
>> Domains. And yes, that is ok if security is the thing what one prefers.
>> But sometimes sysadmins has other reasons to use old software and wish
>>> it doesn't make sense to set up a new one, not when
>>> it is easier to set up and maintain an AD domain.
>> @ Rodrigo Abrantes Antunes
>> An idea to get things to work:
>> Setup a testbed with current samba version.
>> Their are to many changes from old samba3 to current release. You should
>> not expect that old config statements will work with newer releases of
>> samba. So try to find out which server statements in smb.conf maps to
>> your old behaviour.
>> If this is OK for you, try the domain join. But do not expect, that
>> the join
>> command works as described in the old docs. You are using much newer
>> And yes, NT style domains are insecure from the first day I have seen
>> them. Are Ad domains secure???
>> Harry Jede
>> To unsubscribe from this list go to the following URL and read
>> theinstructions: https://lists.samba.org/mailman/options/samba
More information about the samba