Discussion:
[Samba] Best way to integrate Unix with AD.
(too old to reply)
A. James Lewis via samba
2017-03-13 20:40:02 UTC
Permalink
Hi all,

I know this is a little off topic (although it might not be because I'm sure there's a solution involving Samba!)... but I hope one of you fine people can advise me on the best approach to achieving an integrated directory supporting Unix/Linux as a first class citizen, storing autofs maps, as well as uid, gid and home folders for each user... and how would that be managed.

I see Microsoft is removing the Unix services extensions with Server 2016, so I'm really wondering what the best, and most long term sustainable way to integrate a directory so that both platforms operate as intended, and those users are manageable.

--
A. James Lewis (***@fsck.co.uk (mailto:***@fsck.co.uk))
"Engineering does not require science. Science helps a lot but people
built perfectly good brick walls long before they knew why cement works."
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Rowland Penny via samba
2017-03-13 20:50:03 UTC
Permalink
On Mon, 13 Mar 2017 20:04:30 +0000
Post by A. James Lewis via samba
Hi all,
I know this is a little off topic (although it might not be because
I'm sure there's a solution involving Samba!)... but I hope one of
you fine people can advise me on the best approach to achieving an
integrated directory supporting Unix/Linux as a first class citizen,
storing autofs maps, as well as uid, gid and home folders for each
user... and how would that be managed.
I see Microsoft is removing the Unix services extensions with Server
2016, so I'm really wondering what the best, and most long term
sustainable way to integrate a directory so that both platforms
operate as intended, and those users are manageable.
From my understanding, they only removed the idmu server etc, they
haven't removed the RFC2307 attributes. Even if they did, Samba would
still have them.

You can use samba-tool to manage the creation of RFC2307 users and
groups.

Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Christof Schmitt via samba
2017-03-13 21:50:03 UTC
Permalink
Post by Rowland Penny via samba
On Mon, 13 Mar 2017 20:04:30 +0000
Post by A. James Lewis via samba
Hi all,
I know this is a little off topic (although it might not be because
I'm sure there's a solution involving Samba!)... but I hope one of
you fine people can advise me on the best approach to achieving an
integrated directory supporting Unix/Linux as a first class citizen,
storing autofs maps, as well as uid, gid and home folders for each
user... and how would that be managed.
I see Microsoft is removing the Unix services extensions with Server
2016, so I'm really wondering what the best, and most long term
sustainable way to integrate a directory so that both platforms
operate as intended, and those users are manageable.
From my understanding, they only removed the idmu server etc, they
haven't removed the RFC2307 attributes. Even if they did, Samba would
still have them.
https://blogs.technet.microsoft.com/activedirectoryua/2016/02/09/identity-management-for-unix-idmu-is-deprecated-in-windows-server/
also offers some clarification around this.

Christof
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
A. James Lewis via samba
2017-03-14 13:50:02 UTC
Permalink
Is there a good guide for how to set up a Samba based AD domain
controller with RFC2307 attributes so I can experiment... I can't get
the Windows guys in my company to do anything Microsoft don't provide a
check box for, unless I can teach them how to do it... but I've not used
any of these Windows technologies for a very long time...

At least if I can show a working system then someone from the Windows
team might consider looking at it.... and if I tell them to do
something that ultimately doesn't work, we'll be back to square one but
they will be doubly reluctant, so I need to learn more about AD than
them... sigh.
Post by Rowland Penny via samba
On Mon, 13 Mar 2017 20:04:30 +0000
Post by A. James Lewis via samba
Hi all,
I know this is a little off topic (although it might not be because
I'm sure there's a solution involving Samba!)... but I hope one of
you fine people can advise me on the best approach to achieving an
integrated directory supporting Unix/Linux as a first class citizen,
storing autofs maps, as well as uid, gid and home folders for each
user... and how would that be managed.
I see Microsoft is removing the Unix services extensions with Server
2016, so I'm really wondering what the best, and most long term
sustainable way to integrate a directory so that both platforms
operate as intended, and those users are manageable.
From my understanding, they only removed the idmu server etc, they
haven't removed the RFC2307 attributes. Even if they did, Samba would
still have them.
You can use samba-tool to manage the creation of RFC2307 users and
groups.
Rowland
--
A. James Lewis (***@fsck.co.uk)
"Engineering does not require science. Science helps a lot but people
built perfectly good brick walls long before they knew why cement works."
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Rowland Penny via samba
2017-03-14 14:10:03 UTC
Permalink
On Tue, 14 Mar 2017 13:38:43 +0000
Post by A. James Lewis via samba
Is there a good guide for how to set up a Samba based AD domain
controller with RFC2307 attributes so I can experiment... I can't get
the Windows guys in my company to do anything Microsoft don't provide
a check box for, unless I can teach them how to do it... but I've not
used any of these Windows technologies for a very long time...
At least if I can show a working system then someone from the Windows
team might consider looking at it.... and if I tell them to do
something that ultimately doesn't work, we'll be back to square one
but they will be doubly reluctant, so I need to learn more about AD
than them... sigh.
Try reading the Samba wiki:

https://wiki.samba.org/index.php/Main_Page

Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Rowland Penny via samba
2017-03-14 14:50:03 UTC
Permalink
On Tue, 14 Mar 2017 14:20:57 +0000
OK, I stand corrected... I was sure the last time I looked there it
assumed you have a Windows machine to administer the environment....
which I don't, but it seems that this assumption is no longer the
case.
Is this the most sensible approach?... I've heard talk of directory
tools that maintain a meta level directory and present it as either
AD or whatever you need for another environment...
One thing I'm not sure about, is if the RFC2307 schema in AD includes
automounter information, for autofs?...
Not as standard, but the wiki has a page for it:

https://wiki.samba.org/index.php/Samba_AD_schema_extensions

Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Gaiseric Vandal via samba
2017-03-20 18:30:02 UTC
Permalink
Post by Rowland Penny via samba
On Tue, 14 Mar 2017 14:20:57 +0000
OK, I stand corrected... I was sure the last time I looked there it
assumed you have a Windows machine to administer the environment....
which I don't, but it seems that this assumption is no longer the
case.
Is this the most sensible approach?... I've heard talk of directory
tools that maintain a meta level directory and present it as either
AD or whatever you need for another environment...
One thing I'm not sure about, is if the RFC2307 schema in AD includes
automounter information, for autofs?...
https://wiki.samba.org/index.php/Samba_AD_schema_extensions
Rowland
I am trying to setup Windows 2012R2 as the directory server . this is to
migrate from a classic domain with Oracle ldap server backend for samba
data, unix accounts, autofs etc. Samba 4 as an AD domain does not
fully support trusts, and I don't feel comfortable using Samba as a
directory server in a domain or forest that will have exchange
servers. And if I am going thru migration pain I might as well just
switch to Windows domain servers. I haven't worked with Windows 2016
yet.


If I can get RFC2307bis schema added to the AD schema then that should
take care of the major hurdle to implementing autofs support. With
linux, autofs configuration is flexible to support the "old" RFC2307
autofs syntax. However, solaris expects the newer RFC2307bis syntax.
If you don't have solaris then you can probably manage with the older
syntax.


I also have been looking at Centrify's web site- I don't think they
provide a meta-directory, but instead they provide linux AD client
software. This might make some of the administration and deployment
simpler. I don't think it is essential.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Brian De Wolf via samba
2017-03-20 19:10:02 UTC
Permalink
On Mon, 13 Mar 2017 20:04:30 +0000
Post by A. James Lewis via samba
Hi all,
I know this is a little off topic (although it might not be because
I'm sure there's a solution involving Samba!)... but I hope one of
you fine people can advise me on the best approach to achieving an
integrated directory supporting Unix/Linux as a first class citizen,
storing autofs maps, as well as uid, gid and home folders for each
user... and how would that be managed.
I saw a talk about this sort of integration at a conference earlier
this month, descriptions/slides:

https://www.socallinuxexpo.org/scale/15x/presentations/integrating-linux-systems-active-directory-using-open-source-tools

They streamed it to youtube but unfortunately the audio quality is poor:


--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Loading...