Craig, I don't doubt that people do it. I made several honest attempts to research, understand and implement a Samba file server in and existing Small Business Server 2003 network using LDAP and Kerberos. I was not able to make it work, so I changed my plan and I asked if someone was willing to mentor me through another try. Since I didn't need multiple opinions, I just need to discover what I did wrong/what works, I wanted to avoid a large forum, and I'm sorry if that seems to keep upsetting people. Here's What happened: The How tos were really vague for adding Samba to anything but the simplest windows network (NT4), Then most examples assumed I was building a standalone server with the same functionality, not adding one. Based on my research it looked like the process was straight forward and so I built a Ubuntu server (LAMPS) and I set out to join it to my domain. I knew I needed LDAP and Kerberos so I tried to set those up with Webmin, they attempted to alter my existing domain controller and things went horribly wrong. I recovered my DC from backup and tried it a second time using the CLI, but I was not able to find where settings were stored and again, I tried to use the example files from Samba.org as a model, not knowing what is needed or not, may have contributed to a second failure. Again I recovered my Server form backup and changed tactics. I then tried to join a linux workstation to the domain with "like wise" and it worked, sort of. Small Business Server isn't just Windows Server 2003 with a new name. It adds Exchange and SQL has other scripted functionality embedded into AD which is why you have to use it's wizards for everything. After joining I started to have problems as AD was not properly formatted when the workstation was joined. SBS uses the AD tables for more than just domain membership, we have exchange, etc that rely on it. So Yes it probably can be done, but it is not simple, nor is it intuitive, it is specific to the type of environment. My AD environment isn't broken, it required specific settings that couldn't be anticipated from the how to and guides I found on Samba.org. I asked in IRC #Samba, #ubuntu-server, #Ubuntu-us-az, and #plugaz several times for help to understand where I went wrong and nobody answered, or if they did, I was told "Oh that is really tricky and I never did it"..... Samba's documentation admits issues with non NT4 AD implementation and promises to fix it in V4, but I wanted to talk to someone who had done it and nobody answered. Sean Parsons -----Original Message----- From: plug-discuss-bounces@lists.plug.phoenix.az.us [mailto:plug-discuss-bounces@lists.plug.phoenix.az.us] On Behalf Of Craig White Sent: Saturday, January 30, 2010 9:27 AM To: Main PLUG discussion list Subject: Re: Looking for a mentor/adviser On Fri, 2010-01-29 at 09:31 -0600, sean@theparsonsfamily.com wrote: > Craig, > It has never been my intention to deprive anyone of anything, but this > forum is not appropriate for a project like this as I can't seem to build > the network on my own, as my failed attempts have shown. > > Your comment about AD is what I thought and have been proven wrong > numerous times with catastrophic results. Samba in it's current > configuration doesn't work with Kerberos and LDAP except for NT4 and I'm > running Server 2003, so it broke the Domain Controllers when Linux > attempted to join the domain. I have been through the Samba forums and > documentation and it's not as simple as it is made to look in an existing > network. ---- I will only address one aspect of this... joining a Linux system to AD. It is done day in and day out by large and small corporations everywhere and can not and does not 'break' domain controllers simply by joining an AD domain/forest. The process of joining a Linux system to AD is essentially the same as joining a Windows system to AD and if it broke, the AD was already broken and you just realized the evidence of the breakage. The process of joining a Linux system to AD involves 2 steps... getting a kerberos ticket (validation) and then joining. It's benign in concept and operation. I didn't say that it was entirely simple but it's not overly complicated either. Craig PS - I am a samba team member -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss