Re: [SOGo] Outlook Integration / Active Directory
On 10.10.2012 16:30, Wolfgang Sourdeau wrote: I do understand the part with the Exchange schema, and installing the demo is a nice trick. However mirror domain controller is not a term I'm familiar with, and it doesn't exist in the samba4 documentation either :) So, I'm sorry if that's a dumb question, but what exactly are you referring to? No, that term is my own invention. In previous versions of Windows (NT) servers, you had the concept of Primary and Backup domain controllers (PDC, BDC). With versions = 2003 (I think, it could even be 2000), since MS started to use an ldap implementation named active directory, the role of what used to be a BDC no longer exists. So you can only have one or many domain controllers. In fact, you will always have a master, since this is the one you will likely reference when using its ip, but basically, all domain controllers handling the same domain will be replicas, hence my naming of mirror. Because here, the goal is that the domain controller handled on the OpenChange machine should not be modified locally. Aha! So do I understand this correctly: Although the documentation that joining Samba 4 to your Active Directory domain as a member will currently not work, the actual process of joining the domain with samba4 as another DC actually DOES work, but will break if you use any of the samba tools to actually manager users, but I'll be fine as long as all changes in the directory happen exclusively through the replication with the existing domain? That would be okay ... in fact that's how I was planning to do it anyways :) I'd love to set up samba4 as read-only domain controller - something that samba claims to partially support, but the last documentation update seems to be from 2010, and I'm not quite sure how usable that feature has become by now. One document says it's in its very infancy, but another document lists all except one to do item as finished. Not quite sure what to make of that. Has anybody here ever tried it? best regards, Sven -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Outlook Integration / Active Directory
Aha! So do I understand this correctly: Although the documentation that joining Samba 4 to your Active Directory domain as a member will currently not work, the actual process of joining the domain with samba4 as another DC actually DOES work, but will break if you use any of the samba tools to actually manager users, but I'll be fine as long as all changes in the directory happen exclusively through the replication with the existing domain? That would be okay ... in fact that's how I was planning to do it anyways :) What is mentionned is that using samba as a member server does not work. A member server is actually a regular client with the privilege of forwarding authentication for certain applications. That's how OpenChange should actually be used and that's what we never managed to make work yet. I'd love to set up samba4 as read-only domain controller - something that samba claims to partially support, but the last documentation update seems to be from 2010, and I'm not quite sure how usable that feature has become by now. One document says it's in its very infancy, but another document lists all except one to do item as finished. Not quite sure what to make of that. Has anybody here ever tried it? Ah, yet another thing. read-only domain controller does not work yet. Wolfgang -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Outlook Integration / Active Directory
On 09.10.2012 23:30, Wolfgang Sourdeau wrote: On 2012-10-09 07:02, Sven Tegethoff wrote: Hi everyone, the current documentation for Outlook integration notes that joining Samba 4 to your Active Directory domain as a member will currently not work. An authentication bug is present in Samba 4 which then prevents all Outlook users to successfully authenticate through Samba 4. This issue has been reported to the Samba team and is being worked on. Is that still the case, or does anybody have a link (eg. to a samba4 bugzilla entry) where I can get up to date information? At the moment, this is pretty much a showstopper for me, unless someone has come up with a method of externally synching the samba4 directory with an existing domain controller... :( We are still working on that issue on our side. It seems the use of Samba as a mirror domain controller is working though. First you need to make sure the Exchange schema is installed on the master machine. You can do that by installing and uninstall Exchange demo. After that, the provisioning scripts from openchange should work fine. I do understand the part with the Exchange schema, and installing the demo is a nice trick. However mirror domain controller is not a term I'm familiar with, and it doesn't exist in the samba4 documentation either :) So, I'm sorry if that's a dumb question, but what exactly are you referring to? Best Regards, Sven -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Outlook Integration / Active Directory
I do understand the part with the Exchange schema, and installing the demo is a nice trick. However mirror domain controller is not a term I'm familiar with, and it doesn't exist in the samba4 documentation either :) So, I'm sorry if that's a dumb question, but what exactly are you referring to? No, that term is my own invention. In previous versions of Windows (NT) servers, you had the concept of Primary and Backup domain controllers (PDC, BDC). With versions = 2003 (I think, it could even be 2000), since MS started to use an ldap implementation named active directory, the role of what used to be a BDC no longer exists. So you can only have one or many domain controllers. In fact, you will always have a master, since this is the one you will likely reference when using its ip, but basically, all domain controllers handling the same domain will be replicas, hence my naming of mirror. Because here, the goal is that the domain controller handled on the OpenChange machine should not be modified locally. Wolfgang -- users@sogo.nu https://inverse.ca/sogo/lists
