On Wed, January 29, 2014 01:44, James A. Peltier wrote:
----- Original Message ----- | Does anyone here use a Samba4 setup for single sign-on for MS_Win | workstations | and CentOS-6 boxes? Does anyone here use it for imap and/or smtp | authentication? We are experimenting with replacing our existing | Microsoft | domain controllers with Samba4 based controllers and are | contemplating moving | all authentication for all our systems, Microsoft and CentOS based, | over to | Samba when, or if, this replacement successfully completes. |
. . .
I would have to ask why you're doing such a thing in the first place? You have a perfectly good working Active Directory setup, that people are already familiar with, I suspect with existing MS clients which integrate fully (and "properly") and you want to replace it with a Samba based setup. Unless you have a relatively simple setup, I would say don't change. However, if you are looking to move to something else, then do that. Why fix to Samba? Why not go with a full on Kerberos/LDAP environment?
FWIW, we use CentOS 6 with Active Directory Authorization. Things have worked fine for us for about 1 year. It took a VERY long time to get setup and working, but it is now.
The main reason is the age of the equipment and software. The current domain controller host is from c.2004 and the software is Microsoft Advanced Server 2000. The Windows 7 workstations work with this AD but there are a few quirks.
As the equipment is well past its best before date we need to replace it. We have virtualised just about everything else saving only the desktop workstations and this is another candidate for virtualisation.
As a company we are moving everything we can to FOSS and away from proprietary interests. Therefore the combination of moving from MS-AS2000 and a dedicated host to Samba4 running on a virtualised guest seems an attractive option, provided that it works. Thus my question.
The research I have done seems quite promising. It is now possible to promote a Samba4 server to an AD domain controller and to transfer all the Flexible Single Master Operations (FSMO) roles to it. It should then be possible to promote a second virtualised Samba4 server running on a different virtualised guest running on a second hardware host as a domain controller. Once done then the original AD host can be demoted and shutdown. Providing Samba4 works as described of course, which is why I am asking if anyone else has done it.
There remains an issue with the SysVol replication, there is not any, but this can be worked around via rsync and cron. However, this means that all directory maintenance has to be performed on just one of the DCs, which effectively returns us to the days of Primary/Secondary DCs. Since in our case we are down to just one AD as it is this is not a hardship.
Do you have a writeup of what you had to do to get CentOS to authenticate against AD?