From owner-freebsd-questions@FreeBSD.ORG Mon Jun 8 12:27:31 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A77221065674 for ; Mon, 8 Jun 2009 12:27:31 +0000 (UTC) (envelope-from mister.olli@googlemail.com) Received: from mail-fx0-f214.google.com (mail-fx0-f214.google.com [209.85.220.214]) by mx1.freebsd.org (Postfix) with ESMTP id 2B7F28FC16 for ; Mon, 8 Jun 2009 12:27:30 +0000 (UTC) (envelope-from mister.olli@googlemail.com) Received: by fxm10 with SMTP id 10so273111fxm.43 for ; Mon, 08 Jun 2009 05:27:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:subject:from:reply-to:to:cc :in-reply-to:references:content-type:date:message-id:mime-version :x-mailer:content-transfer-encoding; bh=C0k9ut8djfpndg3AWYF0cARIK/8lcCAsLmM3Zswfs9s=; b=aRGTM1UiL2bnAE7uymBI+HyQwEIwKmURHfL3nRXvoHjTsU47nx0kX77eO98CMsAeqz /nw6gTdrWO5HHW5DikZ18d/7T3VMxipxe/4RoIbWdPHg4Tz2+e9TBgqh1rrQ3J3puc0w mPGQyNhyCb6+tryVutQixXKPFGE94ttdsperE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=subject:from:reply-to:to:cc:in-reply-to:references:content-type :date:message-id:mime-version:x-mailer:content-transfer-encoding; b=T8aYHnuOKx+qX9txbV6/D5wkPSqtqIo9rM8n5E77Da0sx5NoSpO9+YFVbURRi4D0LY pZOPBmB8LZXtbOvccnvjlm8ULbzxfTTB9+wFWJdM4XZaK70zOO2DLfoc82/53riVunwT R5WSIfDkOK0XWfBWyy5B/+wurwdjFZS5WqO4E= Received: by 10.86.59.18 with SMTP id h18mr7125016fga.71.1244464050220; Mon, 08 Jun 2009 05:27:30 -0700 (PDT) Received: from ?192.168.220.101? (Yb1a7.y.pppool.de [89.60.177.167]) by mx.google.com with ESMTPS id e11sm81687fga.11.2009.06.08.05.27.29 (version=SSLv3 cipher=RC4-MD5); Mon, 08 Jun 2009 05:27:29 -0700 (PDT) From: Mister Olli To: dave.mehler@gmail.com In-Reply-To: <1765BE3D07864F69AB4F9D3874BCBC64@hades> References: <273384.34545.qm@web81206.mail.mud.yahoo.com> <200906080259.n582xtVg024068@banyan.cs.ait.ac.th> <1244459893.12252.17.camel@phoenix.blechhirn.net> <1765BE3D07864F69AB4F9D3874BCBC64@hades> Content-Type: text/plain Date: Mon, 08 Jun 2009 14:27:26 +0200 Message-Id: <1244464046.12252.28.camel@phoenix.blechhirn.net> Mime-Version: 1.0 X-Mailer: Evolution 2.24.5 Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: RE: Samba3 domain controller howto? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: mister.olli@googlemail.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jun 2009 12:27:32 -0000 Hi, I used the following procedure to install samba4 on a freebsd box: http://wiki.samba.org/index.php/Samba4/HOWTO in my current setup (which is about 4 months old) the following this do not work: - active directory groups did somehow not work as expected, but I didn't had the time to look deeper into it - updating DNS records within named, as the version freebsd comes with does not support the GSSAPI. if someone finds a way to replace builtin named with a newer version please drop me an email. - stability (didn't had the time to examine the segfaults further.) I already had contact about this issue with andrew bartlett from the developer team and they are willing to fix this issues when they have enough informations. look here (http://wiki.samba.org/index.php/Franky) for informations about the 'franky' release and how to compile it. seems to be simple if you're a little bit familiar with samba. I didn't had the time to look and test, and surely won't have any until mid-august. so it would be great to hear your experiences :-) Regards, --- Mr. Olli On Mon, 2009-06-08 at 07:40 -0400, Dave wrote: > Hi, > Do you have a procedure for getting samba4 going? If it can do active > directory i'd like to try it. And get it all going, with samba3 as well. > Thanks. > Dave. > > > -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of Mister Olli > Sent: Monday, June 08, 2009 7:18 AM > To: Tim Judd > Cc: Olivier Nicole; freebsd-questions@freebsd.org; redtick@sbcglobal.net > Subject: Re: Samba3 domain controller howto? > > hi, > > > yes, you are mis-understanding > > > > samba itself is a NT4-type domain. > not quite right. It depends on the samba version your using. > - samba3 only provides NT4-type domains > - samba4 provides active directory domain types including GPO (I have such a > setup running in 7. with around 10 users. It works quite good, > beside the fact that samba segfaults from time to time (which I covered by > running samba4 in foreground within an endless bash.-loop)). > > there is even a new build-option that creates the 'samba franky' release > which uses samba3 & samba4 at the same time to make nearly all samba3 > feature in combination with AD environments available, but it didn't have > the time to look into that. But it sounds quite promising, since > samba4 lacks some features samba3 already has. > > > Regards, > --- > Mr. Olli > > > > samba can use authentication backends that include passwd files, LDAP > > and kerberos. Active directory is a requirement to use LDAP, whereas > > samba is offering it as a auth backend only. > > > > fine line, I know. > > > > IOW, whereas Active Directory - as a technology: > > Uses kerberos for authorization > > Uses LDAP for a storage backend for Kerberos > > Uses user@domain logins (thanks to Kerberos), > > Uses other techs not related to this thread > > > > NT4-style domains - as a technology: > > Not using Kerberos > > Not using LDAP storage > > > > Samba allows it's authorization backend to offer more possibilities > > than NT4's own methods. Such as passwd files, LDAP, Kerberos, etc. > > > > > > It's technology vs technology, not product vs product. > > > > > > On 6/7/09, Olivier Nicole wrote: > > > Hi, > > > > > >> Samba is still only a NT4-type > > >> DC, no Active Directory type of function (Group Policies, > > >> user@domain logins, kerberos, ldap, etc) > > > > > > I am not sure if I understand you well, but my samba is > > > authenticating users agaiinst LDAP. > > > > > > Best regards, > > > > > > Olivier > > > > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >