Akshay Guleria wrote:
My readings of the docs is that while Samba can't be a DC in an AD
domain, there is nothing to stop it from being a DC in an LDAP/Kerberos
domain.
You can setup Samba3 to honour an MIT kerberos realm (getting the
clients to function is a different matter, but possible). You can also
have Heimdal backed onto Samba3's LDAP database, which you can populate
with the vampire tools. And yes,, the goal of Samba4 is to host an
AD-like domain, using the AD protocols.
so, as i understand this, one can setup samba+MIT kerberos to achieve
authentication and file & print services just like AD does. Right!?
so, whats the challenge here? -
1. migrating the data from AD to LDAP. munging the passwords and then
importing it in LDAP.
2. do i need to re-join the clients to the samba domain. !?
3. for the time being, i think incporporating DNS, DHCP like AD does
is out of the scope of our discussion.
Haven;t found any thing on web that can help me setting this kind of a
thing. Can you please point me to such a documentation.
Thanks,
Akshay
Sorry, those who have been able to do it aren't telling. :(
I tried earlier without success. I'd suggest trying first to get LDAP
working with Samba before tackling Kerberos. The previous responder
suggested that you can use net vampire to populate LDAP. I don't see any
reason why it shouldn't work.
The difficulty with getting this to work is the different parts weren't
designed specifically to work together. You have to configure them to do
so. This makes LDAP a big step up from tdb as a samba database. Try the
Samba Howto Collection and the Samba By Example documents on
www.samba.org. They do cover the topics but maybe not in enough detail
for any particular distribution. Expect to do some playing around to get
it to work.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
