----- Original Message ----- | | On Wed, January 29, 2014 01:44, James A. Peltier wrote: | > ----- Original Message ----- | > | Does anyone here use a Samba4 setup for single sign-on for MS_Win | > | workstations | > | and CentOS-6 boxes? Does anyone here use it for imap and/or | > | smtp | > | authentication? We are experimenting with replacing our | > | existing | > | Microsoft | > | domain controllers with Samba4 based controllers and are | > | contemplating moving | > | all authentication for all our systems, Microsoft and CentOS | > | based, | > | over to | > | Samba when, or if, this replacement successfully completes. | > | | . . . | > | > I would have to ask why you're doing such a thing in the first | > place? You | > have a perfectly good working Active Directory setup, that people | > are already | > familiar with, I suspect with existing MS clients which integrate | > fully (and | > "properly") and you want to replace it with a Samba based setup. | > Unless you | > have a relatively simple setup, I would say don't change. However, | > if you are | > looking to move to something else, then do that. Why fix to Samba? | > Why not | > go with a full on Kerberos/LDAP environment? | > | > FWIW, we use CentOS 6 with Active Directory Authorization. Things | > have worked | > fine for us for about 1 year. It took a VERY long time to get | > setup and | > working, but it is now. | | The main reason is the age of the equipment and software. The | current domain | controller host is from c.2004 and the software is Microsoft Advanced | Server | 2000. The Windows 7 workstations work with this AD but there are a | few | quirks. | | As the equipment is well past its best before date we need to replace | it. We | have virtualised just about everything else saving only the desktop | workstations and this is another candidate for virtualisation. | | As a company we are moving everything we can to FOSS and away from | proprietary | interests. Therefore the combination of moving from MS-AS2000 and a | dedicated | host to Samba4 running on a virtualised guest seems an attractive | option, | provided that it works. Thus my question. | | The research I have done seems quite promising. It is now possible | to promote | a Samba4 server to an AD domain controller and to transfer all the | Flexible | Single Master Operations (FSMO) roles to it. It should then be | possible to | promote a second virtualised Samba4 server running on a different | virtualised | guest running on a second hardware host as a domain controller. Once | done | then the original AD host can be demoted and shutdown. Providing | Samba4 works | as described of course, which is why I am asking if anyone else has | done it. | | There remains an issue with the SysVol replication, there is not any, | but this | can be worked around via rsync and cron. However, this means that | all | directory maintenance has to be performed on just one of the DCs, | which | effectively returns us to the days of Primary/Secondary DCs. Since | in our | case we are down to just one AD as it is this is not a hardship. | | Do you have a writeup of what you had to do to get CentOS to | authenticate | against AD? | | | -- | *** E-Mail is NOT a SECURE channel *** | James B. Byrne mailto:ByrneJB at Harte-Lyne.ca | Harte & Lyne Limited http://www.harte-lyne.ca | 9 Brockley Drive vox: +1 905 561 1241 | Hamilton, Ontario fax: +1 905 561 0757 | Canada L8E 3C3 | | _______________________________________________ | CentOS mailing list | CentOS at centos.org | http://lists.centos.org/mailman/listinfo/centos | I have to sanitize it. The project started 3 years ago with SSSD and there were a lot of workarounds/patches that made it into RHEL/CentOS. I'll clean it up and post it somewhere for you to have a look at. -- James A. Peltier Manager, IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpeltier at sfu.ca Website : http://www.sfu.ca/itservices "I want to inspire people. I want someone to say "because of you I didn't give up". - Chanda Kaushik