We have semi-successfully set up Samba 3.0.2 and Exchange 2003. Exchange 2003 requires Active Directory, however we wanted to still use Samba as a PDC in our domain. We set up Exchange in a Windows2000 separate domain and then established a one-way trust between the exchange domain and the samba domain (where the samba domain is the trusted domain). We established our users on Exchange and corresponding users on the Samba PDC.
Getting Exchange to authenticate off the Samba PDC was tricky but not impossible. In Exchange you must set the msExchMasterAccountSid variable in Active Directory to the Samba domain SID of the mailbox's owner. Microsoft has documented this procedure in KB article 278888: http://support.microsoft.com/default.aspx?scid=kb;en-us;278888 This procedure will make the Samba SID (account) the owner of the exchange mailbox; the corresponding account in the exchange domain becomes disabled. It is essential to set exchange up this way or else OWA, public folders, mailbox sharing, and other exchange features will not work correctly. It is not enough to just check the "Associated External Rights" box without following the steps to set the msExchMasterAccountSid variable. Failing to set this attribute will cause Exchange to randomly bounce emails and other features to work sporadically. To get Outlook Web Access to work properly with this setup you must disable Integrated Windows Authentication in IIs for the all virtual directories associated with exchange (exchange, public, exchweb). Instead use Basic Authentication where the domain name is the Samba domain. Be aware this sends the users password unencrypted so be sure you are using SSL when you authenticate a user. This solution will all Exchange to authenticate off the Samba PDC domain when using OWA. We ran into a little trouble when trying to set up the Samba-Windows2000 trusts. When trying two-way trusts, everything would work fine for a few hours, but then Windows2000 would stop letting us view the Samba PDC users (which we needed because we had to associate these accounts with mailboxes). Two-way windows2000 trusts aren't working too well yet it seems, however Exchange only needs a one way trust. The one-way trust solution (with Samba as the trusted domain) has been working fine. Associating Samba accounts with Exchange mailboxes using this procedure may not work for more then 100 or so accounts. I am sure there is a way to do it programmatically, such as KB article 322890: http://support.microsoft.com/default.aspx?scid=kb;en-us;322890 - Brandon -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
