Re: [SOGo] Existing Microsoft Active Directory environment Samba4 Openchange
Hello Martin, Thank You for the answer. Im afraid, the openchange provision tool will mess up the AD structure. All our system relies on it. As suggested in the following openchange mailing, the openchange provisioning of active directory should be avoided, and the schema extension should be made by the exchange setup on the windows side: http://mailman.openchange.org/pipermail/devel/2013-February/005554.html https://technet.microsoft.com/en-us/library/bb125224%28v=exchg.150%29.aspx#Step1 whats your opinion on this? Thank again, Daniel 2015-03-17 16:25 GMT+01:00 Martin Simovic mar...@netson.sk: Hi, I don’t know about any existing howto related to this scenario, yet I think I can help since at our site we’re running exactly the same setup. To be able to extend AD schema on Linux DC it needs to be promoted to schema master. You can use standard AD management tools GUI or command line from Linux DC - samba-tool fsmo does the job. After you extended the AD schema you can cease the role back to Windows AD controller. Just a note, you better be running at least Samba 4.1 series on Linux DC, older versions (4.0.X) were having problems with fsmo transfers. Still, it’s always a good idea to backup your AD before applying any changes to it. Hope this helps, Best Regards Martin Simovic On 17 Mar 2015, at 11:50, Dániel L. linux.rendszerg...@gmail.com wrote: Dear Sogo Users, We have an existing Active Directory server, which we use for central authentication. Id like to implement Openchange Sogo with native Outlook support. So Ive installed Samba4 and joined it to the Active Directorfy as a DC. Unfortunately, the openchange_provision --standalone command wont work, because the samba4 DC is not master. Is it safe to promote samba4 to master DC and promote back to Active directory, or is there a solution to extend active directory's schema with exchange schema (without installing exchange itself)? Is there any working HowTo on this outhere? Any help is appreciated, Thank You in advance, Daniel -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Existing Microsoft Active Directory environment Samba4 Openchange
Hi Daniel, I understand the exchange schema provisioning can be done two ways: 1. Running openchange_provision on Linux DC 2. Running exchange setup on Windows DC Whichever one you choose, the result should be the same. You can use only one approach though, not both at the same time. I think you misread Julian’s post from openchange mailing list. The issue was, that the user was trying to run openchange_provision on read-only domain controller (RODC) which is not possible. Furthermore, it is explained that samba4 DC must be master to be able to extend the schema OR schema must be extended on another (master) domain controller. This in your case would be your Windows DC. I would like to add a third option: transfer the master role to Linux DC, extend the schema (openchange_provision) and then cease the role back to Windows DC. The result should be the same. I have used the third (myself invented) approach since it was easier for me to run schema extension from Linux DC, using linux command line tools rather then learning how this is done from Windows environment. Needless to say, I backed up my AD before and after every step taken. That should answer your (legitimate) worries, broken AD is the worst nightmare I admit! Best Regards Martin. On 17 Mar 2015, at 18:44, Dániel L. linux.rendszerg...@gmail.com wrote: Hello Martin, Thank You for the answer. Im afraid, the openchange provision tool will mess up the AD structure. All our system relies on it. As suggested in the following openchange mailing, the openchange provisioning of active directory should be avoided, and the schema extension should be made by the exchange setup on the windows side: http://mailman.openchange.org/pipermail/devel/2013-February/005554.html http://mailman.openchange.org/pipermail/devel/2013-February/005554.html https://technet.microsoft.com/en-us/library/bb125224%28v=exchg.150%29.aspx#Step1 https://technet.microsoft.com/en-us/library/bb125224%28v=exchg.150%29.aspx#Step1 whats your opinion on this? Thank again, Daniel 2015-03-17 16:25 GMT+01:00 Martin Simovic mar...@netson.sk mailto:mar...@netson.sk: Hi, I don’t know about any existing howto related to this scenario, yet I think I can help since at our site we’re running exactly the same setup. To be able to extend AD schema on Linux DC it needs to be promoted to schema master. You can use standard AD management tools GUI or command line from Linux DC - samba-tool fsmo does the job. After you extended the AD schema you can cease the role back to Windows AD controller. Just a note, you better be running at least Samba 4.1 series on Linux DC, older versions (4.0.X) were having problems with fsmo transfers. Still, it’s always a good idea to backup your AD before applying any changes to it. Hope this helps, Best Regards Martin Simovic On 17 Mar 2015, at 11:50, Dániel L. linux.rendszerg...@gmail.com mailto:linux.rendszerg...@gmail.com wrote: Dear Sogo Users, We have an existing Active Directory server, which we use for central authentication. Id like to implement Openchange Sogo with native Outlook support. So Ive installed Samba4 and joined it to the Active Directorfy as a DC. Unfortunately, the openchange_provision --standalone command wont work, because the samba4 DC is not master. Is it safe to promote samba4 to master DC and promote back to Active directory, or is there a solution to extend active directory's schema with exchange schema (without installing exchange itself)? Is there any working HowTo on this outhere? Any help is appreciated, Thank You in advance, Daniel smime.p7s Description: S/MIME cryptographic signature
Re: [SOGo] Can SOGo run with SHA512-CRYPT passwords?
Hello, i'm sure off that sogo does it's own password checks because it's not working with these type of password scheme. i can add some sha512-crpyt passwords in my mysql back-end and no login is possible using sha512 instead its possible. greetings dominik p.s. i create these passwords with doveadm so no error on my side Am Montag, 16. März 2015 18:29 CET, Mihamina Rakotomandimby mihamina.rakotomandi...@rktmb.org schrieb: On 03/09/2015 08:37 PM, Dominik Breu wrote: Hey list , just a simple question can sogo use sha512-crpyt passwords ? SOGo relies on a backend for authentication. It might be a LDAP or a xxxSQL one. That backend might have some password hash capabilities so you have to check depending on that. HTH. -- users@sogo.nu https://inverse.ca/sogo/lists -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Existing Microsoft Active Directory environment Samba4 Openchange
Hello Guys, Ich tried a lot of posibilities without luck. I have a running Samba4-AD 4.1.11. I joined a fresh samba 4.1.11 as second DC. Until this the Replication between both DC works fine. Finaly I Transfer the schema role to the second DC and I provision/extend the openchange Schema to it. The Openchange Provision runs without error. BUT After the openchange provision the Replication to DC one is not working anymore. This error appears Failed to convert object CN=ms-Exch-Container,CN=Schema,CN=Configuration,DC=mo,DC=test: WERR_GENERAL_FAILURE Same as here http://thr3ads.net/samba/2013/06/2649971-Replication-problems Every advice for a solution would be nice! Regards Masi Am 17. März 2015 19:34:50 schrieb Martin Simovic mar...@netson.sk: Hi Daniel, I understand the exchange schema provisioning can be done two ways: 1. Running openchange_provision on Linux DC 2. Running exchange setup on Windows DC Whichever one you choose, the result should be the same. You can use only one approach though, not both at the same time. I think you misread Julian’s post from openchange mailing list. The issue was, that the user was trying to run openchange_provision on read-only domain controller (RODC) which is not possible. Furthermore, it is explained that samba4 DC must be master to be able to extend the schema OR schema must be extended on another (master) domain controller. This in your case would be your Windows DC. I would like to add a third option: transfer the master role to Linux DC, extend the schema (openchange_provision) and then cease the role back to Windows DC. The result should be the same. I have used the third (myself invented) approach since it was easier for me to run schema extension from Linux DC, using linux command line tools rather then learning how this is done from Windows environment. Needless to say, I backed up my AD before and after every step taken. That should answer your (legitimate) worries, broken AD is the worst nightmare I admit! Best Regards Martin. On 17 Mar 2015, at 18:44, Dániel L. linux.rendszerg...@gmail.com wrote: Hello Martin, Thank You for the answer. Im afraid, the openchange provision tool will mess up the AD structure. All our system relies on it. As suggested in the following openchange mailing, the openchange provisioning of active directory should be avoided, and the schema extension should be made by the exchange setup on the windows side: http://mailman.openchange.org/pipermail/devel/2013-February/005554.html http://mailman.openchange.org/pipermail/devel/2013-February/005554.html https://technet.microsoft.com/en-us/library/bb125224%28v=exchg.150%29.aspx#Step1 https://technet.microsoft.com/en-us/library/bb125224%28v=exchg.150%29.aspx#Step1 whats your opinion on this? Thank again, Daniel 2015-03-17 16:25 GMT+01:00 Martin Simovic mar...@netson.sk mailto:mar...@netson.sk: Hi, I don’t know about any existing howto related to this scenario, yet I think I can help since at our site we’re running exactly the same setup. To be able to extend AD schema on Linux DC it needs to be promoted to schema master. You can use standard AD management tools GUI or command line from Linux DC - samba-tool fsmo does the job. After you extended the AD schema you can cease the role back to Windows AD controller. Just a note, you better be running at least Samba 4.1 series on Linux DC, older versions (4.0.X) were having problems with fsmo transfers. Still, it’s always a good idea to backup your AD before applying any changes to it. Hope this helps, Best Regards Martin Simovic On 17 Mar 2015, at 11:50, Dániel L. linux.rendszerg...@gmail.com mailto:linux.rendszerg...@gmail.com wrote: Dear Sogo Users, We have an existing Active Directory server, which we use for central authentication. Id like to implement Openchange Sogo with native Outlook support. So Ive installed Samba4 and joined it to the Active Directorfy as a DC. Unfortunately, the openchange_provision --standalone command wont work, because the samba4 DC is not master. Is it safe to promote samba4 to master DC and promote back to Active directory, or is there a solution to extend active directory's schema with exchange schema (without installing exchange itself)? Is there any working HowTo on this outhere? Any help is appreciated, Thank You in advance, Daniel -- users@sogo.nu https://inverse.ca/sogo/lists
[SOGo] Existing Microsoft Active Directory environment Samba4 Openchange
Dear Sogo Users, We have an existing Active Directory server, which we use for central authentication. Id like to implement Openchange Sogo with native Outlook support. So Ive installed Samba4 and joined it to the Active Directorfy as a DC. Unfortunately, the openchange_provision --standalone command wont work, because the samba4 DC is not master. Is it safe to promote samba4 to master DC and promote back to Active directory, or is there a solution to extend active directory's schema with exchange schema (without installing exchange itself)? Is there any working HowTo on this outhere? Any help is appreciated, Thank You in advance, Daniel -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Existing Microsoft Active Directory environment Samba4 Openchange
Hi, I don’t know about any existing howto related to this scenario, yet I think I can help since at our site we’re running exactly the same setup. To be able to extend AD schema on Linux DC it needs to be promoted to schema master. You can use standard AD management tools GUI or command line from Linux DC - samba-tool fsmo does the job. After you extended the AD schema you can cease the role back to Windows AD controller. Just a note, you better be running at least Samba 4.1 series on Linux DC, older versions (4.0.X) were having problems with fsmo transfers. Still, it’s always a good idea to backup your AD before applying any changes to it. Hope this helps, Best Regards Martin Simovic On 17 Mar 2015, at 11:50, Dániel L. linux.rendszerg...@gmail.com wrote: Dear Sogo Users, We have an existing Active Directory server, which we use for central authentication. Id like to implement Openchange Sogo with native Outlook support. So Ive installed Samba4 and joined it to the Active Directorfy as a DC. Unfortunately, the openchange_provision --standalone command wont work, because the samba4 DC is not master. Is it safe to promote samba4 to master DC and promote back to Active directory, or is there a solution to extend active directory's schema with exchange schema (without installing exchange itself)? Is there any working HowTo on this outhere? Any help is appreciated, Thank You in advance, Daniel smime.p7s Description: S/MIME cryptographic signature
