From owner-freebsd-questions@FreeBSD.ORG Sun Jul 31 09:57:25 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1736A16A41F for ; Sun, 31 Jul 2005 09:57:25 +0000 (GMT) (envelope-from bsd@bathnetworks.com) Received: from lmail.bathnetworks.co.uk (mail.bathnetworks.com [84.92.24.252]) by mx1.FreeBSD.org (Postfix) with ESMTP id 267A343D49 for ; Sun, 31 Jul 2005 09:57:23 +0000 (GMT) (envelope-from bsd@bathnetworks.com) Received: (qmail 17959 invoked by uid 510); 31 Jul 2005 09:57:37 +0000 Received: from 84.92.24.252 by lmail.bathnetworks.co.uk (envelope-from , uid 508) with qmail-scanner-1.24-st-qms (clamdscan: 0.86.1/957. spamassassin: 3.0.2. perlscan: 1.24-st-qms. Clear:RC:0(84.92.24.252):SA:0(-3.7/5.0):. Processed in 2.871182 secs); 31 Jul 2005 09:57:37 -0000 X-Spam-Status: No, hits=-3.7 required=5.0 X-Antivirus-MYDOMAIN-Mail-From: bsd@bathnetworks.com via lmail.bathnetworks.co.uk X-Antivirus-MYDOMAIN: 1.24-st-qms (Clear:RC:0(84.92.24.252):SA:0(-3.7/5.0):. Processed in 2.871182 secs Process 17952) Received: from mail.bathnetworks.com (HELO ?84.92.24.252?) (bsd@bathnetworks.com@84.92.24.252) by lmail.bathnetworks.co.uk with SMTP; 31 Jul 2005 09:57:34 +0000 From: Robert Slade To: freebsd-questions@freebsd.org In-Reply-To: <42EC8F3E.20202@meijome.net> References: <4377.192.168.0.200.1122725036.squirrel@192.168.0.5> <42EC8F3E.20202@meijome.net> Content-Type: text/plain Message-Id: <1122803853.16431.45.camel@lmail.bathnetworks.co.uk> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6 (1.4.6-2) Date: Sun, 31 Jul 2005 09:57:34 +0000 Content-Transfer-Encoding: 7bit Subject: Re: FreeBSD Active Directory Server X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Jul 2005 09:57:25 -0000 On Sun, 2005-07-31 at 08:43, Norberto Meijome wrote: > martin@orbweavers.co.uk wrote: > > Has anyone any experience trying to make FreeBSD an Active Directory > > Server? From my research and experiementation, I am under the impression > > that it is possible, but I have yet to come up with any articles where it > > has actual been done fully. > > it may be not relevant, or simply wrong, but IIRC, e-smith , a linux > distrib that was started by mitel, ( http://www.e-smith.com/ ), has > Samba *and* winXP sees it as a domain. I can't recall if it's an AD (I > *think* it is, as the esmith server runs LDAP, iirc). > > The trick to let the client see the linux/samba server as an AD server > was to disable some kind of encryption / cert related option in the > client's registry. > > I'll see if i get hold of the colleague that worked on this and ask him > the details. > > hope this is of some help. > > Beto I've been following this tread with some interest as I am looking to replace a small network running W2k server with a BSD centred one. The Samba site - http://us2.samba.org/samba/ has some very useful information including Howtos and examples. There is however, a warning: " At this time any appearance that Samba-3 is capable of acting as a domain controller in native ADS mode is limited and experimental in nature. This functionality should not be used until the Samba Team offers formal support for it. At such a time, the documentation will be revised to duly reflect all configuration and management requirements. Samba can act as a NT4-style domain controller in a Windows 2000/XP environment. However, there are certain compromises: * No machine policy files. * No Group Policy Objects. * No synchronously executed Active Directory logon scripts. * Can't use Active Directory management tools to manage users and machines. * Registry changes tattoo the main registry, while with Active Directory they do not leave permanent changes in effect. * Without Active Directory you cannot perform the function of exporting specific applications to specific users or groups. " I am currently working on setting up the network, and one of the things that is quite clear is that full ADS functionality is not necessary. My view is that for a small network, roaming profiles, printer and file sharing is all that is really necessary. It looks like Samba has no problem with that. I think that the real problem with answering the original post is that the question is too general. There are a number of different examples dependant on the network requirements on the Samba site which could be taken as a start point. Rob