[Samba] Share users across domains

Rodrigo Abrantes Antunes rodrigoantunes at pelotas.ifsul.edu.br
Mon Apr 2 14:15:40 UTC 2018 

  I know these systems work with AD, the problem is the migration, I  
don't think is easy to migrate 5000 accounts from current systems to  
new systems. I will need to learn the sintaxes of all these new  
systems and this would take huge time because I know nothing of  
samba4, or AD, or dovecot, or kerberos and the boss whants the emails  
for students for next month. We don't plan to change cyrus/postfix and  
horde, whats the problem with them? I already tried kopano and the  
users hated it. And like I said there are a lot of internal  
administrative systems that were programmed (not by me) to work with  
ldap only, including some that are not opensource. A while ago I did  
research on how to migrate my current domain to samba4 and from what I  
understand it would be almost impossible or too difficult for my  
scenario

Citando Rowland Penny <rpenny at samba.org>:

> On Mon, 02 Apr 2018 13:06:16 +0000
> Rodrigo Abrantes Antunes via samba <samba at lists.samba.org> wrote:
>
>> A lot of administrative systems made by the institution, current
>> domain, fileservers, glpi, cyrus mail, horde, gosa, svn, freeradius,
>> dotproject, vcenter. Thats what I remebmber for now.
>
> OK, I just spent about 10 minutes searching the internet and found out
> this:
>
> current domain : can be replaced by Sanba AD
> fileservers    : As above
>
> glpi           : will work with AD, see here:
>                 http://wiki.glpi-project.org/doku.php?id=en:ldap
>
> cyrus mail     : This can probably be made to work with AD, but you
> would probably be better off moving to Postfix/Dovecot
>
> horde          : This will work with AD, but you will probably need to
>                 move to Dovecot
>
> gosa           : You would probably be better off using LAM, this is
>                 still being developed, unlike Gosa, which seems to
>                 have stalled.
>
> svn            : will work with AD
>
> freeradius     : This definitely works with AD, see here
> https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directory
>
> dotproject     : will work with AD
> vcenter        : will work with AD
>
> What I am trying to say is, you will probably find it easier to make
> your infrastructure work with AD, rather than trying to keep Samba 3
> working. You may find it easier to move some of your systems to other,
> newer packages, for instance, you could upgrade your email system to
> something like Kopano.
>
> You will certainly have something more secure than what you have at the
> moment, especially if you use kerberos.
> Rowland
-- 
Rodrigo Abrantes Antunes
Instituto Federal Sul-rio-grandense

More information about the samba mailing list