LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 10-07-2004, 02:56 AM   #1
psychobyte
Member
 
Registered: Sep 2003
Location: Central Coast, California
Posts: 179

Rep: Reputation: 30
Samba 3 in MS Active Directory domain


Hi,

I have an MS AD domain with mostly windows clients but, I'm looking to port my web server(and other services) to linux.

At the moment i have a windows server running Apache. This makes it extremely easy for my users to 'copy and paste' files into their web directories. I'd like to keep this same ease-of-use but, run on a linux box. It seems Samba 3 now has Active Directory support. Can anyone tell me the capabilities Samba has in a Native AD environment?

Can I create shares on the Samba server and have users drag-n-drop their files into permission protected directories?

Does Samba3 recognize AD domain users and groups?

Can Samba act like a domain controller?

Also, is it possible to have email services like IMAP/POP(S), SMTP authentication use Samba to authenticate users?

What about synching OpenLDAP users/passwords with those of AD?

Any tips on how to get this working would be appreciated.

Thanks,

Last edited by psychobyte; 10-07-2004 at 03:01 AM.
 
Old 10-07-2004, 01:33 PM   #2
mcleodnine
Senior Member
 
Registered: May 2001
Location: Left Coast - Canada
Distribution: s l a c k w a r e
Posts: 2,731

Rep: Reputation: 45
For starters, you'll need to make sure that your samba setup was built with kerberos and LDAP support. (I'm cheating here, redaing from John H. Terpstra's "Samba-3 By Example", a great tutorial and reference on the subject)

check for Kerberos support
Code:
 /usr/sbin/smbd -b | grep KRB
... and do a grep for LDAP in the same manner.

Next you need to determine which version of kerberos you're using. You will need at least MIT Kerberos 1.3.1

Check these items first, and then drop in and we'll see what the next step is.
 
Old 10-12-2004, 12:23 AM   #3
psychobyte
Member
 
Registered: Sep 2003
Location: Central Coast, California
Posts: 179

Original Poster
Rep: Reputation: 30
Well I'm not ready to try to install this yet. I just want to know before I spend some
considerable amount of time trying to get it to work the way I want it to that it indeed
works.

Namely, to have email services like IMAP/POP(S), SMTP authentication use AD passwords AND be updatable via Windows.
Also would the Samba server recognize domain groups and users on local file permissions?

Thanks,
 
Old 10-16-2004, 04:14 PM   #4
kberrien
LQ Newbie
 
Registered: Oct 2004
Location: MA, US
Posts: 1

Rep: Reputation: 0
Question Samba in AD Domain

I'm in a simular situation, so let me jump in! My query is simular, I'm a bit further however than the origional poster... But perhaps it may help. As I research all this, I keep comming across good posts here...

Like the orig. poster, I'm putting together a test Suse 9 server for a intranet server I will be creating. We are mostly a Windows based network, with an Win 2k3 AD domain.

While I've used Linux (prev. Red Hat) and Samba for a long time, I've never jumped into Samba 2 or 3's newer features (I've been living in the v1 feature set). I'm sick of multiple user sets, one set on each box, and matching passwords. My test box now is configured this way, Samba ver 1 features only.

I followed the excellent how-to here (why don't the distrib make it this clear!):

http://www.linuxquestions.org/questi...with+Microsoft

I had success up until the PAM portions. Winbind sees my Windows accounts (my test environment here at home is a Win 2k server), but I can't log into them. In Yast I don't see them (maybe I never will).

I'm not sure of the origional posters final needs, but I would assume he'll have to do simular.

My interests are the following. And before I go towards actually implimenting it, I'm a bit unclear how it will work, or if it can be done.

1. I'm not interested necessarily in having my Linux box "log into" the Windows domain. I'm happy with local accounts. To get what I need to work, this may be part of how it is however.

2. I do however want Windows users (groups) to be able to access shares I create on the Linux box. In terms of administrating, I want to be able to assign rights to the shares, and permissions as Windows groups so I'm not playing the multiple matched account games anymore. This is Windbind's purpose as I understand it.

3. I have no need to AD/LDAP data unless its necessary for the requirements above. The intranet server will not be using AD data, such as printer lists, etc.

My questions at this point are:

Are my requirements feasible at the present state of Samba/AD integration?

Are there any weak points, say password changes being a problem, etc?

Once I have my "links" between Win + Samba working, how do you create shares and apply permissions to Windows groups? (I've found no details on how this works).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
connecting samba to a windows 2003 active directory domain Jcrofton Linux - Networking 8 09-17-2006 06:07 PM
Linux in a Active Directory Domain kemplej Linux - Software 5 09-06-2005 10:12 AM
Joining a Linux workstation to a Active Directory Domain Terrence Hinds Linux - Networking 3 10-21-2004 05:45 AM
Samba 3 domain member or W2k Active Directory Navtive Mode treedstang Linux - Networking 2 07-30-2004 10:04 PM
So can Samba3 emulate an Active Directory domain? trey85stang Linux - Networking 9 04-22-2004 01:08 AM


All times are GMT -5. The time now is 10:18 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration