On 25/08/13 16:52, dahopk...@comcast.net wrote:
> Hi, Where does Windows 2008R2 fit into this setup, is it in the same
domain? is it the primary AD server?
It is a member server in the same domain on which we ran ADUC. It was
a member of the prior samba3/LDAP authentication system. I can now log
back onto this server and launch ADUC. All three of the samba4 DC are
listed in Domain Controllers. However, since adding nslcd/nscd to
ncssamba2, the only DC I can connect to is ncssamba1. When I try to
select a different domain controller, I get "The list of Domain
Controllers for domain ncs.k12.de.us is unavailable because: Access is
Denied
> I would suggest that you read Steve's site a bit more but this time
about sssd.
> I would also suggest that you just use the Samba 4 DCs just for
authentication and use the Samba fileservers to store the profiles
etc. You would then not need anything but the basic Samba4 setup on
the AD DCs.
That is the goal except profiles/home directories were not be accessed
correctly on the samba4 domain member servers which I am trying to
resolve.
I am still not clear if I should be installing nslcd on the AD DCs.
And if I do, what is the correct setting setting for the following in
nslcd.conf
# The location at which the LDAP server(s) should be reachable.
uri ldap://ncssamba1.ncs.k12.de.us/
Should this point to the local machine, e.g. ncssamba1 for nslcd
running on ncssamba1, ncssamba2 for nslcd running on ncssamba2 or
should it point to the same ldap server on all AD DCs? I am willing
to migrate from nslcd to sssd but need to understand what needs to be
uninstalled/installed where before attempting it.
Sincerely,
Dave Hopkins
If you just use the Samba 4 ADs for authentication, you do not need
anything else on them, you just need to add the relevant attributes
(uidNumber, gidNumber, homeDirectory,profilePath etc) to each user.
You just need to set up samba on the fileservers to pull and use this
information.
If you use sssd to do this, you will use kerberos, so very little extra
needs to be added other than sssd, sssd-tools and krb5.
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba