Hi Thomas,
thank you for your answer. I managed to add posix attributes and found
the "Unix Attributes" tab. It is working but always gives me an "not
allowed error".
It seems to be a good idea to keep the existing Windows/*nix users and
get S4 AD running stable und reliable. The second part would be to think
about migration to winbind.
So i have time to find a good solution for managing postfix and cyrus
accounts via a directory in our company.
Regards Chris
Am 19.02.2013 12:56, schrieb Thomas Simmons:
Hello Chris,
It's pretty simple to add posix attributes via ADUC - there is a "UNIX
Attributes" tab. The hardest part for me is remembering to go into that tab
and enable it when I create new users :) If you already have these
attributes with your S3 domain, classicupgrade will migrate them. With S3,
I used plain LDAP auth for all of my *nix systems, and for things like
Apache, OpenVPN (by way of a custom auth script), Request Tracker, etc...
We also have several in-house apps that were written to use LDAP. I decided
to stay with LDAP authentication for the time being, since it only required
a few config edits, though I will likely deploy new systems using winbind.
On Mon, Feb 18, 2013 at 4:57 PM, Chris Fischer <[email protected]> wrote:
Hi all,
i'm searching the web up and down for a while now.
I had set up an Samba4 AD from debian packages successfully. Now the goal
is, like S3 with LDAP, to use this AD for linux purposes.
At first for auth, later to bind postfix and other services to read the
directory. (When tests are successfull, i will migrate an existing
S3/OpenLDAP to S4s Active Directory.
Now it is difficult for me to find best practises for my project.
- Should I add posix attributes to my Domain Users and how to use this
approach in an easy way with ADUC or other tools and read them with nslcd.
or
- Should I use nslcd without posix attributes and configure some mappings
like creating uidNumber from the SID
or
- should I use WINBIND for auth. But I have found discussions about
different winbind behavior depending on S4 is used as DC or member server
in AD. In production mode, there will be the need to have linux auth on the
DC and one member server (NAS). So it would nice to get the same behavior
on both servers.
Thanks for your advice.
Chris Fischer
--
To unsubscribe from this list go to the following URL and read the
instructions:
https://lists.samba.org/**mailman/options/samba<https://lists.samba.org/mailman/options/samba>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
