Re: [Samba] Our success story with samba4
Hi, besides nsd it is possible to make dynamic update work with bind on centos 5.5. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Lukasz Zalewski Gesendet: Freitag, 22. Oktober 2010 21:55 An: Michael Wood Cc: samba@lists.samba.org; samba-technical Betreff: Re: [Samba] Our success story with samba4 On 22/10/2010 19:52, Michael Wood wrote: Hi Michael, Hi Lukasz On 19 October 2010 11:12, Lukasz Zalewskilu...@eecs.qmul.ac.uk wrote: Hi all, This message is a testament to the great work samba team has done, but its also an encouragement to those of you that still not sure if samba4 will work in your environment. This semester we have moved from samba 3.0.X DC to samba4 DC for students, and things are working great The move was predominantly driven by switching from Windows XP to Windows 7 desktop platform (but also by a need for proper group policy). Our setup is quite simple and includes: One samba4 DC (running on centos 5.5 x64) with nsd dns backend [...] Do you have dynamic DNS updates working with nsd? Using Kerberos? From clients too or just with the samba_dnsupdate script? Nope, AFAIK nsd can't do ms style dynamic updates (its the one bundled with Centos 5.5). We decided to go for static dns (we have only one s4 DC), which is composed of the bind config file generated by s4 provision (nsd can use bind config files, but TXT records have to be quoted for some reason) and all other records generated from database. How was it to set up compared to bind? Besides not setting up dynamic updates, quite easy (I think easier than bind). As mentioned earlier, it supports bind config syntax (but TXT records have to be quoted). Regards Luk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Our success story with samba4
On 25 October 2010 08:45, Daniel Müller muel...@tropenklinik.de wrote: Hi, besides nsd it is possible to make dynamic update work with bind on centos 5.5. Yes, sure. It's just that bind configuration seems to be a significantly difficult part of getting Samba 4 working (many people seem to have trouble with it) so I was wondering if nsd was any better. I am using bind, but I don't really need dynamic DNS updates because I am only using Samba 4 for authentication of services on a couple of servers. i.e. no workstations. Static IPs. No machines joining/leaving etc. Since I have bind working, I am not looking to switch to nsd. I was just wondering why Lukasz chose it, but I suppose they were using it already, before implementing Samba 4. -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Lukasz Zalewski Gesendet: Freitag, 22. Oktober 2010 21:55 An: Michael Wood Cc: samba@lists.samba.org; samba-technical Betreff: Re: [Samba] Our success story with samba4 On 22/10/2010 19:52, Michael Wood wrote: Hi Michael, Hi Lukasz On 19 October 2010 11:12, Lukasz Zalewskilu...@eecs.qmul.ac.uk wrote: Hi all, This message is a testament to the great work samba team has done, but its also an encouragement to those of you that still not sure if samba4 will work in your environment. This semester we have moved from samba 3.0.X DC to samba4 DC for students, and things are working great The move was predominantly driven by switching from Windows XP to Windows 7 desktop platform (but also by a need for proper group policy). Our setup is quite simple and includes: One samba4 DC (running on centos 5.5 x64) with nsd dns backend [...] Do you have dynamic DNS updates working with nsd? Using Kerberos? From clients too or just with the samba_dnsupdate script? Nope, AFAIK nsd can't do ms style dynamic updates (its the one bundled with Centos 5.5). We decided to go for static dns (we have only one s4 DC), which is composed of the bind config file generated by s4 provision (nsd can use bind config files, but TXT records have to be quoted for some reason) and all other records generated from database. How was it to set up compared to bind? Besides not setting up dynamic updates, quite easy (I think easier than bind). As mentioned earlier, it supports bind config syntax (but TXT records have to be quoted). -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Our success story with samba4
On 10/25/2010 07:45 AM, Daniel Müller wrote: Hi Daniel, Hi, besides nsd it is possible to make dynamic update work with bind on centos 5.5. I think the version of bind shipped with CentOS 5.5 is too old. See http://wiki.samba.org/index.php/Samba4/HOWTO#Step_10_Configure_kerberos_DNS_dynamic_updates You can, as wiki suggests, build one from source Regards Luk --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Lukasz Zalewski Gesendet: Freitag, 22. Oktober 2010 21:55 An: Michael Wood Cc: samba@lists.samba.org; samba-technical Betreff: Re: [Samba] Our success story with samba4 On 22/10/2010 19:52, Michael Wood wrote: Hi Michael, Hi Lukasz On 19 October 2010 11:12, Lukasz Zalewskilu...@eecs.qmul.ac.uk wrote: Hi all, This message is a testament to the great work samba team has done, but its also an encouragement to those of you that still not sure if samba4 will work in your environment. This semester we have moved from samba 3.0.X DC to samba4 DC for students, and things are working great The move was predominantly driven by switching from Windows XP to Windows 7 desktop platform (but also by a need for proper group policy). Our setup is quite simple and includes: One samba4 DC (running on centos 5.5 x64) with nsd dns backend [...] Do you have dynamic DNS updates working with nsd? Using Kerberos? From clients too or just with the samba_dnsupdate script? Nope, AFAIK nsd can't do ms style dynamic updates (its the one bundled with Centos 5.5). We decided to go for static dns (we have only one s4 DC), which is composed of the bind config file generated by s4 provision (nsd can use bind config files, but TXT records have to be quoted for some reason) and all other records generated from database. How was it to set up compared to bind? Besides not setting up dynamic updates, quite easy (I think easier than bind). As mentioned earlier, it supports bind config syntax (but TXT records have to be quoted). Regards Luk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Our success story with samba4
On 10/25/2010 08:31 AM, Michael Wood wrote: Hi Michael, On 25 October 2010 08:45, Daniel Müllermuel...@tropenklinik.de wrote: Hi, besides nsd it is possible to make dynamic update work with bind on centos 5.5. Yes, sure. It's just that bind configuration seems to be a significantly difficult part of getting Samba 4 working (many people seem to have trouble with it) so I was wondering if nsd was any better. I am using bind, but I don't really need dynamic DNS updates because I am only using Samba 4 for authentication of services on a couple of servers. i.e. no workstations. Static IPs. No machines joining/leaving etc. This was our reasoning for switching to nsd (as we run nsd for other services). We do have machines joining/leaving, but the ip's and names are static so the records can be generated beforehand. Since I have bind working, I am not looking to switch to nsd. I was just wondering why Lukasz chose it, but I suppose they were using it already, before implementing Samba 4. We started with bind and it was all working (RHEL 6 beta), but when we switched to CentOS 5 the bind was not new enough. We wanted to avoid needles manual builds of bind (in general any packages) and keep everything packaged. (In saying that i had to build ldap module for python 2.6 to get the import from ldap script working) Regards Luk -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Lukasz Zalewski Gesendet: Freitag, 22. Oktober 2010 21:55 An: Michael Wood Cc: samba@lists.samba.org; samba-technical Betreff: Re: [Samba] Our success story with samba4 On 22/10/2010 19:52, Michael Wood wrote: Hi Michael, Hi Lukasz On 19 October 2010 11:12, Lukasz Zalewskilu...@eecs.qmul.ac.ukwrote: Hi all, This message is a testament to the great work samba team has done, but its also an encouragement to those of you that still not sure if samba4 will work in your environment. This semester we have moved from samba 3.0.X DC to samba4 DC for students, and things are working great The move was predominantly driven by switching from Windows XP to Windows 7 desktop platform (but also by a need for proper group policy). Our setup is quite simple and includes: One samba4 DC (running on centos 5.5 x64) with nsd dns backend [...] Do you have dynamic DNS updates working with nsd? Using Kerberos? From clients too or just with the samba_dnsupdate script? Nope, AFAIK nsd can't do ms style dynamic updates (its the one bundled with Centos 5.5). We decided to go for static dns (we have only one s4 DC), which is composed of the bind config file generated by s4 provision (nsd can use bind config files, but TXT records have to be quoted for some reason) and all other records generated from database. How was it to set up compared to bind? Besides not setting up dynamic updates, quite easy (I think easier than bind). As mentioned earlier, it supports bind config syntax (but TXT records have to be quoted). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Our success story with samba4
Hi Lukasz On 19 October 2010 11:12, Lukasz Zalewski lu...@eecs.qmul.ac.uk wrote: Hi all, This message is a testament to the great work samba team has done, but its also an encouragement to those of you that still not sure if samba4 will work in your environment. This semester we have moved from samba 3.0.X DC to samba4 DC for students, and things are working great The move was predominantly driven by switching from Windows XP to Windows 7 desktop platform (but also by a need for proper group policy). Our setup is quite simple and includes: One samba4 DC (running on centos 5.5 x64) with nsd dns backend [...] Do you have dynamic DNS updates working with nsd? Using Kerberos? From clients too or just with the samba_dnsupdate script? How was it to set up compared to bind? -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Our success story with samba4
On 22/10/2010 19:52, Michael Wood wrote: Hi Michael, Hi Lukasz On 19 October 2010 11:12, Lukasz Zalewskilu...@eecs.qmul.ac.uk wrote: Hi all, This message is a testament to the great work samba team has done, but its also an encouragement to those of you that still not sure if samba4 will work in your environment. This semester we have moved from samba 3.0.X DC to samba4 DC for students, and things are working great The move was predominantly driven by switching from Windows XP to Windows 7 desktop platform (but also by a need for proper group policy). Our setup is quite simple and includes: One samba4 DC (running on centos 5.5 x64) with nsd dns backend [...] Do you have dynamic DNS updates working with nsd? Using Kerberos? From clients too or just with the samba_dnsupdate script? Nope, AFAIK nsd can't do ms style dynamic updates (its the one bundled with Centos 5.5). We decided to go for static dns (we have only one s4 DC), which is composed of the bind config file generated by s4 provision (nsd can use bind config files, but TXT records have to be quoted for some reason) and all other records generated from database. How was it to set up compared to bind? Besides not setting up dynamic updates, quite easy (I think easier than bind). As mentioned earlier, it supports bind config syntax (but TXT records have to be quoted). Regards Luk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Our success story with samba4
On Tue, Oct 19, 2010 at 5:12 AM, Lukasz Zalewski lu...@eecs.qmul.ac.uk wrote: One samba4 DC (running on centos 5.5 x64) with nsd dns backend Two samba 3.3.8 domain members (running on centos 5.5 x64) providing file services and printing Can Samba4 provide file and print services yet? If not can Samba4 and Samba3 co-exist on the same server? If not, what's the status of Franky? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Our success story with samba4
Hi all, This message is a testament to the great work samba team has done, but its also an encouragement to those of you that still not sure if samba4 will work in your environment. This semester we have moved from samba 3.0.X DC to samba4 DC for students, and things are working great The move was predominantly driven by switching from Windows XP to Windows 7 desktop platform (but also by a need for proper group policy). Our setup is quite simple and includes: One samba4 DC (running on centos 5.5 x64) with nsd dns backend Two samba 3.3.8 domain members (running on centos 5.5 x64) providing file services and printing We also have Windows Server 2003 domain member ~340 Windows 7 x64 Workstations ~1900 users, that were imported from our previous samba3 domain with ldap back-end. Note that we did not move entire domain, but decided to start afresh, and existing users (and computers) were ported to the new domain. We use group policy to deploy various settings, user profiles, software and printers. So, please grab samba4, start using it, report the bugs, make it even better than it is :) Regards Luk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Our success story with samba4
Hi, Tue, Oct 19, 2010 at 10:12:16AM +0100, Lukasz Zalewski napsal(a): This message is a testament to the great work samba team has done, but its also an encouragement to those of you that still not sure if samba4 will work in your environment. it's nice to know it. How you cooperate with other systems required LDAP accounts and some additional data? As I know there is no complete support for external LDAP server which is stopper for us. Do you mirror user's account to external LDAP or you don't need it at all? Best regards, Luf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Our success story with samba4
On 10/19/2010 03:53 PM, Ludek Finstrle wrote: Hi Ludek, Hi, Tue, Oct 19, 2010 at 10:12:16AM +0100, Lukasz Zalewski napsal(a): This message is a testament to the great work samba team has done, but its also an encouragement to those of you that still not sure if samba4 will work in your environment. it's nice to know it. How you cooperate with other systems required LDAP accounts and some additional data? As I know there is no complete support for external LDAP server which is stopper for us. Do you mirror user's account to external LDAP or you don't need it at all? Yeah we still maintain openldap backend (which provides core functionality for the school) - the way i see it is that samba account information has moved from openldap to s4. AFAICT (but would like to be proven wrong) s4 allows the storage of posix account attributes, but i do not think you can add custom schemas to it. I suspect this behaviour is probably no different to real AD Regards Luk Best regards, Luf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
