Re: Connection to a SAMBA Active Directory
- From: "Al Mulnick" <amulnick_No_SPAM@xxxxxxxxxxx>
- Date: Thu, 15 Jun 2006 22:08:21 -0400
Hmm...
Name resolution and time sync are going to be big things you need to deal
with. For starters, why are you creating single records? Consider using stub
zones or using a secondary server and replicating the zone to the other
environment - both ways. No need for A RR's etc.
Once that's done, keep in mind that shortname is likely something you'll
need. You may need to create a shortname record for BANDMERCH in his zone.
Setup your suffix search to include ca.xxx.net. Why? Not because you have
to, (DNS resolution should be enough for a realm trust and is even
preferred) but because you should be able to resolve all of both domains
with shortname style. Best to get it out of the way.
Time sync. I can't stress enough how important it is that both are using
the same time source.
Let me know where you end up after that. Pretty much, you want to treat the
samba domain as if it's a NT4 domain. First things first however.
Al
"Paul Goldman" <paulgoldman1948@xxxxxxxxxxx> wrote in message
news:b4kkg.1758$MF6.1451@xxxxxxxxxxxxxxxxxxxxxxx
Here's how I've decided to proceed. Please let me know your thoughts:
1. I built a new Windows 2003 Server in a brand new domain (bm.local).
2. I installed Exchange 2003 SP2 on the new server.
3. I have added a new zone to the Windows DNS pointing to the old dns
domain ca.xxx.net and added an A record pointing to the domain controller
"linus"
4. I am able to define a 2 way Realm trust using the Active Directory
Domains and Trusts tool.
5. The linux guy is having a problem with the trust on the other side.
Since I don't know how to do DNS stuff on the Linux side, I can't help
him. He put an A record in his DNS pointing to exchange.bm.local, and he
can ping, but he can't create a trust since the domain bm.local is not
defined. What type of record corresponds to the "new zone" concept in the
Windows world? Is there such a thing?
6. There is a bit of confusing on the SAMBA side. The DNS domain is
ca.xxx.net, but the Windows domain name (NT domain name) is bandmerch.
Since there is no .com or .local qualified, I cannot set up a trust with
BANDMERCH, but rather need to use the domain name ca.xxx.net.
I am able to manually create users in the new bm.local domain, and then
connect the Outloook clients to it (by manually entering the
bm\userid/password combo.
Has anyone been able to make the necessary modifications to the linux dns
and created a trust so that I can proceed??
"Al Mulnick" <amulnick_No_SPAM@xxxxxxxxxxx> wrote in message
news:%23qG%23BjojGHA.1552@xxxxxxxxxxxxxxxxxxxxxxx
That's likely true, although SAMBA will make it look it's just another
Winnt4 domain controller machine and does have some interactions with
Active Directory and has some LDAP (which in theory can hold whatever
schema it wants to); can be pretty slick actually. Newer versions of
Samba look even more like AD. Good enough to let some deployments have
mixed mode multi-functional etc domains/forests, etc, that include some
Active Directory components but not enough to deploy Exchange. Exchange
requires (requires; as in it is not an option whether or not to include
Active Directory) Active Directory. It's recommended that it be native
mode/DFL 2003, whatever the latest marketing message is able to handle
universal groups.
If you were to have a deployment that had an Active Directory DC that
held all the roles etc, and off that a sub-domain or child domain of that
parent that was SAMBA, I'm not sure anybody would care. Sure it's not
supported, but... But if you tried to have AD be in the SAMBA domain, I'm
thinking you'll run into the issues as John points out and won't be able
to deploy and maintain SAMBA in that domain. SAMBA's a hack designed to
let you run NT 4 style domains. It was updated, but....
I don't think you're a moron (original poster) for what it's worth. It's
very confusing what will integrate and how. There's a ton of
documentation about all of this, but it's not typically very clear
especially coming from the direction and background you're coming from.
I suspect years from now somebody from Microsoft will come out with a
great set of bluebooks and say something along the lines of, "Yeah, the
documentation around this was horrible in the past. That's all fixed in
this 1.0 release of ...." Or something similar.
Here's an example of the confusion that gets caused, "
A more scalable domain control authentication backend option might use
Microsoft Active Directory or an LDAP-based backend. Samba-3 provides for
both options as a domain member server. As a PDC, Samba-3 is not able to
provide an exact alternative to the functionality that is available with
Active Directory. Samba-3 can provide a scalable LDAP-based PDC/BDC
solution. " Clear right? I got that from
http://us5.samba.org/samba/docs/man/Samba-HOWTO-Collection/FastStart.html#id2524167
In the end, you'll have deploy Active Directory. You would be best
served to use a fresh installation-and-migration approach vs. trying to
install in the same SAMBA domain. It's a little more work yes. However,
it allows for your clients to learn the product (they think they know now
I'm sure, but then, why bother with you? :) and it allows for a clean
start. Believe me, with Exchange and Active Directory, you'll want that
especially in an environment where they're likely to be hostile towards
Microsoft products at some level or at the very least, wary and wondering
why they are told to deploy it.
A domain trusted domain might work, but I'd strongly suggest they just
consider one for simplicity sake. And be sure to recommend that they
deploy at least two DC/GC's! The use of Centrify or Vintella software
might ease the integration somewhat as well.
Good luck.
Al
"John Fullbright [MVP]" <fjohn@donotspamnetappdotcom> wrote in message
news:ejn9YsRjGHA.4716@xxxxxxxxxxxxxxxxxxxxxxx
I suspect it's the ldap server that ships with Linux and other eunuchs.
You often see it in combination with sendmail.
Not a chance.
"Paul Goldman" <paulgoldman1948@xxxxxxxxxxx> wrote in message
news:VQDig.10186$Z67.790@xxxxxxxxxxxxxxxxxxxxxxx
Sorry to sound like such a moron, but I've never heard of this
environment. I'm strictly a Windows person.
Are you saying that you don't think I can add into that environment a
2nd domain controller on a real Windows box and have it replicate? And
then change the schema via ForestPre and DomainPrep?
Thanks.
"Al Mulnick" <amulnick_No_SPAM@xxxxxxxxxxx> wrote in message
news:egyx4eAjGHA.1276@xxxxxxxxxxxxxxxxxxxxxxx
Wow. Such a contradiction in terms it's really hard to know where to
begin. There is no such thing as a SAMBA active directory. SAMBA is
an emulator and as such will emulate to the best of its ability. It
will be deficient in some areas.
I would not suggest to the client that this is OK. Far from it
because if you get it to work (doubtful) you'll leave them in an
awkward state where they can't get support. Exchange is only supported
on Active Directory. That's it. Nothing else. Not ADAM, not LDAP, but
Active Directory.
That said, you *might* have some luck with option 4: create a new AD
forest, deploy Exchange into it and allow them to logon by presenting
credentials at logon to the mailbox data. RPC/HTTP is a likely
protocol to explore.
The reverse could also be done, and by that I mean migrate their
workstations, servers, mac's, and nix boxes to the AD and then install
Exchange in there.
Al
"Paul Goldman" <paulgoldman1948@xxxxxxxxxxx> wrote in message
news:oIiig.10090$Z67.5300@xxxxxxxxxxxxxxxxxxxxxxx
I have a new client who wants me to install an Exchange server in
their infrastructure. They currently have a simulated AD using Samba
to front end a Linux-based LDAP directory. They have about 50 XP Pro
workstations that log into the domain. There are also 2 Windows member
servers in the domain. In addition, they have about 5 Macs and 10
Linux desktop machines.
Does anyone have experience in this area. Will I be able to install
an Exchange server in the existing infrastructure? I figure I have 3
options.
1. Install Windows 2003 Server. Join the existing domain. Install AD
on the new Windows 2003 Server. See if it replicates. Try to install
Exchange 2003 Server. If the domainprep and forestprep work, then
everything should be OK (theoretically).
2. If the above fails, install Windows 2003 Server, create a new
domain. See if I can create a 2-way trust between the SAMBA domain
and the new domain. If that works, then proceed with Exchange
installation and migrate accounts over via ADMT.
3. If 2 fails, install Windows 2003 Server, create a new domain.
Create new accounts on new domain either manually or via LDIF export
from existing LDAP. Have users give new domain credentials when they
launch Outlook or Outlook Web Access.
Am I on the right track? Does anyone have any different or better
ideas?
Thanks.
.
- Follow-Ups:
- Re: Connection to a SAMBA Active Directory
- From: Paul Goldman
- Re: Connection to a SAMBA Active Directory
- References:
- Connection to a SAMBA Active Directory
- From: Paul Goldman
- Re: Connection to a SAMBA Active Directory
- From: Al Mulnick
- Re: Connection to a SAMBA Active Directory
- From: Paul Goldman
- Re: Connection to a SAMBA Active Directory
- From: John Fullbright [MVP]
- Re: Connection to a SAMBA Active Directory
- From: Al Mulnick
- Re: Connection to a SAMBA Active Directory
- From: Paul Goldman
- Connection to a SAMBA Active Directory
- Prev by Date: OMA+MSA Stopped working Post Enable FBA.
- Next by Date: Re: Exchange comunication problems
- Previous by thread: Re: Connection to a SAMBA Active Directory
- Next by thread: Re: Connection to a SAMBA Active Directory
- Index(es):
Relevant Pages
|
Loading
