Web lists-archives.com

Re: [Samba] Share users across domains




I moved from Samba 3 to Samba 4, with samba domain controllers and remaining in a classic domain several years ago with out too much trouble.     Obviously backup your /etc/samba and /var/lib/samba (or similar) directories. Default settings will change between versions so you do have to plan for some troubleshooting.             The safer approach may be to setup a new domain controller as a BDC and see how that works out.

With classic domains, trusts are completely unreliable.

With Samba AD domains, I believe trusts are not completely implemented.


In short, don't plan for using trusts with samba domains.   And a lot of what you use trusts for can be done with OU's instead.

I have to say I am a little surprised any one can make Samba 3 work any more (unless they are NOT patching all their windows systems.)



On 04/02/18 08:09, Rodrigo Abrantes Antunes via samba wrote:
 I need LDAP for other uses, how could I have samba4 and ldap without having 2 bases?


Citando Harry Jede via samba <samba@xxxxxxxxxxxxxxx>:

Am Dienstag, 27. März 2018, 21:58:22 CEST schrieb Rowland Penny:
On Tue, 27 Mar 2018 22:41:15 +0200

Harry Jede via samba <samba@xxxxxxxxxxxxxxx> wrote:
Am Dienstag, 27. März 2018, 14:25:47 CEST schrieb Rodrigo Abrantes

Antunes via samba:
   I forgot to mention, I'm using samba 3.

OK. Quiet old thingy :-(

you should read realy old docs:
https://www.samba.org/samba/docs/old/Samba3-HOWTO/
InterdomainTrusts.html

chapter : Interdomain Trust Facilities

Have fun

Please don't give the OP ideas,

Why not? Are you my master of any kind?

Samba 3 is dead

Yes

and shouldn't be used

Yes

to set up anything new.

Hmmh, I thought the op uses two samba3 (NT) style domain with
thousands of users.

I can understand maintaining an existing
NT4-style domain, but not setting up a new one.

It gets harder and harder to keep windows machines working with an
NT4-style domain,

No and no,
M$ trys to set up new windows client installations to not work with NT-
Domains. And yes, that is ok if security is the thing what one prefers.

But sometimes sysadmins has other reasons to use old software and wish
support.

it doesn't make sense to set up a new one, not when
it is easier to set up and maintain an AD domain.

Yes

@ Rodrigo Abrantes Antunes
An idea to get things to work:

Setup a testbed with current samba version.
Their are to many changes from old samba3 to current release. You should
not expect that old config statements will work with newer releases of
samba. So try to find out which server statements in smb.conf maps to
your old behaviour.

If this is OK for you, try the domain join. But do not expect, that the join
command works as described in the old docs. You are using much newer
software.

PS
And yes, NT style domains are insecure from the first day I have seen
them. Are Ad domains secure???

Rowland

--

Gruss
        Harry Jede
--
To unsubscribe from this list go to the following URL and read theinstructions:  https://lists.samba.org/mailman/options/samba



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba