I've not personally tried this, but have you seen how to setup this with a windows AD. I think it is a bit different , but should be possible. Remember that samba AD should work exactly as a windows AD as far as most programs are concerned.
Ricky On Feb 23, 2013 11:56 AM, "Chris Fischer" <chri...@gmx.net> wrote: > Hi Thomas, > > thank you for your answer. I managed to add posix attributes and found the > "Unix Attributes" tab. It is working but always gives me an "not allowed > error". > > It seems to be a good idea to keep the existing Windows/*nix users and get > S4 AD running stable und reliable. The second part would be to think about > migration to winbind. > > So i have time to find a good solution for managing postfix and cyrus > accounts via a directory in our company. > > Regards Chris > > > Am 19.02.2013 12:56, schrieb Thomas Simmons: > >> Hello Chris, >> >> It's pretty simple to add posix attributes via ADUC - there is a "UNIX >> Attributes" tab. The hardest part for me is remembering to go into that >> tab >> and enable it when I create new users :) If you already have these >> attributes with your S3 domain, classicupgrade will migrate them. With S3, >> I used plain LDAP auth for all of my *nix systems, and for things like >> Apache, OpenVPN (by way of a custom auth script), Request Tracker, etc... >> We also have several in-house apps that were written to use LDAP. I >> decided >> to stay with LDAP authentication for the time being, since it only >> required >> a few config edits, though I will likely deploy new systems using winbind. >> >> >> On Mon, Feb 18, 2013 at 4:57 PM, Chris Fischer <chri...@gmx.net> wrote: >> >> Hi all, >>> >>> i'm searching the web up and down for a while now. >>> >>> I had set up an Samba4 AD from debian packages successfully. Now the goal >>> is, like S3 with LDAP, to use this AD for linux purposes. >>> At first for auth, later to bind postfix and other services to read the >>> directory. (When tests are successfull, i will migrate an existing >>> S3/OpenLDAP to S4s Active Directory. >>> >>> Now it is difficult for me to find best practises for my project. >>> >>> - Should I add posix attributes to my Domain Users and how to use this >>> approach in an easy way with ADUC or other tools and read them with >>> nslcd. >>> or >>> - Should I use nslcd without posix attributes and configure some mappings >>> like creating uidNumber from the SID >>> or >>> - should I use WINBIND for auth. But I have found discussions about >>> different winbind behavior depending on S4 is used as DC or member server >>> in AD. In production mode, there will be the need to have linux auth on >>> the >>> DC and one member server (NAS). So it would nice to get the same behavior >>> on both servers. >>> >>> >>> Thanks for your advice. >>> >>> Chris Fischer >>> >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions: >>> https://lists.samba.org/****mailman/options/samba<https://lists.samba.org/**mailman/options/samba> >>> <https://**lists.samba.org/mailman/**options/samba<https://lists.samba.org/mailman/options/samba> >>> > >>> >>> > > -- > To unsubscribe from this list go to the following URL and read the > instructions: > https://lists.samba.org/**mailman/options/samba<https://lists.samba.org/mailman/options/samba> > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba