Re: Connection to a SAMBA Active Directory
- From: "Paul Goldman" <paulgoldman1948@xxxxxxxxxxx>
- Date: Thu, 15 Jun 2006 21:13:43 GMT
Here's how I've decided to proceed. Please let me know your thoughts:
1. I built a new Windows 2003 Server in a brand new domain (bm.local).
2. I installed Exchange 2003 SP2 on the new server.
3. I have added a new zone to the Windows DNS pointing to the old dns domain
ca.xxx.net and added an A record pointing to the domain controller "linus"
4. I am able to define a 2 way Realm trust using the Active Directory
Domains and Trusts tool.
5. The linux guy is having a problem with the trust on the other side. Since
I don't know how to do DNS stuff on the Linux side, I can't help him. He put
an A record in his DNS pointing to exchange.bm.local, and he can ping, but
he can't create a trust since the domain bm.local is not defined. What type
of record corresponds to the "new zone" concept in the Windows world? Is
there such a thing?
6. There is a bit of confusing on the SAMBA side. The DNS domain is
ca.xxx.net, but the Windows domain name (NT domain name) is bandmerch. Since
there is no .com or .local qualified, I cannot set up a trust with
BANDMERCH, but rather need to use the domain name ca.xxx.net.
I am able to manually create users in the new bm.local domain, and then
connect the Outloook clients to it (by manually entering the
bm\userid/password combo.
Has anyone been able to make the necessary modifications to the linux dns
and created a trust so that I can proceed??
"Al Mulnick" <amulnick_No_SPAM@xxxxxxxxxxx> wrote in message
news:%23qG%23BjojGHA.1552@xxxxxxxxxxxxxxxxxxxxxxx
That's likely true, although SAMBA will make it look it's just another
Winnt4 domain controller machine and does have some interactions with
Active Directory and has some LDAP (which in theory can hold whatever
schema it wants to); can be pretty slick actually. Newer versions of
Samba look even more like AD. Good enough to let some deployments have
mixed mode multi-functional etc domains/forests, etc, that include some
Active Directory components but not enough to deploy Exchange. Exchange
requires (requires; as in it is not an option whether or not to include
Active Directory) Active Directory. It's recommended that it be native
mode/DFL 2003, whatever the latest marketing message is able to handle
universal groups.
If you were to have a deployment that had an Active Directory DC that held
all the roles etc, and off that a sub-domain or child domain of that
parent that was SAMBA, I'm not sure anybody would care. Sure it's not
supported, but... But if you tried to have AD be in the SAMBA domain, I'm
thinking you'll run into the issues as John points out and won't be able
to deploy and maintain SAMBA in that domain. SAMBA's a hack designed to
let you run NT 4 style domains. It was updated, but....
I don't think you're a moron (original poster) for what it's worth. It's
very confusing what will integrate and how. There's a ton of documentation
about all of this, but it's not typically very clear especially coming
from the direction and background you're coming from. I suspect years
from now somebody from Microsoft will come out with a great set of
bluebooks and say something along the lines of, "Yeah, the documentation
around this was horrible in the past. That's all fixed in this 1.0 release
of ...." Or something similar.
Here's an example of the confusion that gets caused, "
A more scalable domain control authentication backend option might use
Microsoft Active Directory or an LDAP-based backend. Samba-3 provides for
both options as a domain member server. As a PDC, Samba-3 is not able to
provide an exact alternative to the functionality that is available with
Active Directory. Samba-3 can provide a scalable LDAP-based PDC/BDC
solution. " Clear right? I got that from
http://us5.samba.org/samba/docs/man/Samba-HOWTO-Collection/FastStart.html#id2524167
In the end, you'll have deploy Active Directory. You would be best served
to use a fresh installation-and-migration approach vs. trying to install
in the same SAMBA domain. It's a little more work yes. However, it
allows for your clients to learn the product (they think they know now I'm
sure, but then, why bother with you? :) and it allows for a clean start.
Believe me, with Exchange and Active Directory, you'll want that
especially in an environment where they're likely to be hostile towards
Microsoft products at some level or at the very least, wary and wondering
why they are told to deploy it.
A domain trusted domain might work, but I'd strongly suggest they just
consider one for simplicity sake. And be sure to recommend that they
deploy at least two DC/GC's! The use of Centrify or Vintella software
might ease the integration somewhat as well.
Good luck.
Al
"John Fullbright [MVP]" <fjohn@donotspamnetappdotcom> wrote in message
news:ejn9YsRjGHA.4716@xxxxxxxxxxxxxxxxxxxxxxx
I suspect it's the ldap server that ships with Linux and other eunuchs.
You often see it in combination with sendmail.
Not a chance.
"Paul Goldman" <paulgoldman1948@xxxxxxxxxxx> wrote in message
news:VQDig.10186$Z67.790@xxxxxxxxxxxxxxxxxxxxxxx
Sorry to sound like such a moron, but I've never heard of this
environment. I'm strictly a Windows person.
Are you saying that you don't think I can add into that environment a
2nd domain controller on a real Windows box and have it replicate? And
then change the schema via ForestPre and DomainPrep?
Thanks.
"Al Mulnick" <amulnick_No_SPAM@xxxxxxxxxxx> wrote in message
news:egyx4eAjGHA.1276@xxxxxxxxxxxxxxxxxxxxxxx
Wow. Such a contradiction in terms it's really hard to know where to
begin. There is no such thing as a SAMBA active directory. SAMBA is an
emulator and as such will emulate to the best of its ability. It will
be deficient in some areas.
I would not suggest to the client that this is OK. Far from it because
if you get it to work (doubtful) you'll leave them in an awkward state
where they can't get support. Exchange is only supported on Active
Directory. That's it. Nothing else. Not ADAM, not LDAP, but Active
Directory.
That said, you *might* have some luck with option 4: create a new AD
forest, deploy Exchange into it and allow them to logon by presenting
credentials at logon to the mailbox data. RPC/HTTP is a likely protocol
to explore.
The reverse could also be done, and by that I mean migrate their
workstations, servers, mac's, and nix boxes to the AD and then install
Exchange in there.
Al
"Paul Goldman" <paulgoldman1948@xxxxxxxxxxx> wrote in message
news:oIiig.10090$Z67.5300@xxxxxxxxxxxxxxxxxxxxxxx
I have a new client who wants me to install an Exchange server in their
infrastructure. They currently have a simulated AD using Samba to front
end a Linux-based LDAP directory. They have about 50 XP Pro
workstations that log into the domain. There are also 2 Windows member
servers in the domain. In addition, they have about 5 Macs and 10 Linux
desktop machines.
Does anyone have experience in this area. Will I be able to install an
Exchange server in the existing infrastructure? I figure I have 3
options.
1. Install Windows 2003 Server. Join the existing domain. Install AD
on the new Windows 2003 Server. See if it replicates. Try to install
Exchange 2003 Server. If the domainprep and forestprep work, then
everything should be OK (theoretically).
2. If the above fails, install Windows 2003 Server, create a new
domain. See if I can create a 2-way trust between the SAMBA domain and
the new domain. If that works, then proceed with Exchange installation
and migrate accounts over via ADMT.
3. If 2 fails, install Windows 2003 Server, create a new domain.
Create new accounts on new domain either manually or via LDIF export
from existing LDAP. Have users give new domain credentials when they
launch Outlook or Outlook Web Access.
Am I on the right track? Does anyone have any different or better
ideas?
Thanks.
.
- Follow-Ups:
- Re: Connection to a SAMBA Active Directory
- From: Al Mulnick
- Re: Connection to a SAMBA Active Directory
- References:
- Connection to a SAMBA Active Directory
- From: Paul Goldman
- Re: Connection to a SAMBA Active Directory
- From: Al Mulnick
- Re: Connection to a SAMBA Active Directory
- From: Paul Goldman
- Re: Connection to a SAMBA Active Directory
- From: John Fullbright [MVP]
- Re: Connection to a SAMBA Active Directory
- From: Al Mulnick
- Connection to a SAMBA Active Directory
- Prev by Date: Re: making FRONT END server from EXCHANGE 2003 for RPC over HTTPS
- Next by Date: OMA+MSA Stopped working Post Enable FBA.
- Previous by thread: Re: Connection to a SAMBA Active Directory
- Next by thread: Re: Connection to a SAMBA Active Directory
- Index(es):
Relevant Pages
|
|
