FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 05-03-2012, 11:29 AM
Alberto Suárez
 
Default 389 and Samba integration on Centos 6

Hello:

I think I have succeded in setting up 389ds on Centos 6.2. Now I would
like to integrate samba with 389. Is there any documentation available
that explains how to do it?


Thank you!

Alberto Suárez.
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 05-03-2012, 04:48 PM
Paul Robert Marino
 
Default 389 and Samba integration on Centos 6

For clarity are you planing to use samba 3 or 4?
There is a huge difference between the two mainly samba 4 has its own
kerberos 5 server (its a embedded fork of Heimdal).
This muddies the water a bit when talking about samba 4 because while
on pure technical merits I think Heimdal Kerberos 5 is superior
implementation when compared to MIT Kerberos 5, RedHat and Most other
Distributions have standardized on MIT Kerberos 5. Note you can get
MIT Kerberos to work with Samba 4 but it breaks some of the
compatibility with samba and the windows Kerberos Client.

As a result the answer is very different depending on which one you
plan to use and if you plan to use FreeIPA or not.


2012/5/3 Alberto Suárez <asuapaz@gobiernodecanarias.org>:
> Hello:
>
> I think I have succeded in setting up 389ds on Centos 6.2. Now I would like
> to integrate samba with 389. Is there any documentation available that
> explains how to do it?
>
> Thank you!
>
> Alberto Suárez.
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 05-04-2012, 08:47 AM
Alberto Suárez
 
Default 389 and Samba integration on Centos 6

Hello Paul,

Thank you for your answer. My intention is to use Samba 3 as, as far as
I am aware, use of Samba 4 in productioon environments is discouraged at
this point. Regarding FreeIpa, yes, I am inclined to add it to my setup,
but further on, not in the short term. My objective now is to have a
server with 389 and Samba 3 up and running the soonest. My problems come
from the use of Centos 6, instead of Centos 5, as there are some
differences that affect the set up procedure which are not well
documented and I see there is not much experience yet on the Web. And,
of course, my lack of previous experience with 389...


Kind regards,

Alberto Suarez.

Paul Robert Marino wrote:

For clarity are you planing to use samba 3 or 4?
There is a huge difference between the two mainly samba 4 has its own
kerberos 5 server (its a embedded fork of Heimdal).
This muddies the water a bit when talking about samba 4 because while
on pure technical merits I think Heimdal Kerberos 5 is superior
implementation when compared to MIT Kerberos 5, RedHat and Most other
Distributions have standardized on MIT Kerberos 5. Note you can get
MIT Kerberos to work with Samba 4 but it breaks some of the
compatibility with samba and the windows Kerberos Client.

As a result the answer is very different depending on which one you
plan to use and if you plan to use FreeIPA or not.


2012/5/3 Alberto Suárez<asuapaz@gobiernodecanarias.org>:

Hello:

I think I have succeded in setting up 389ds on Centos 6.2. Now I would like
to integrate samba with 389. Is there any documentation available that
explains how to do it?

Thank you!

Alberto Suárez.
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 05-04-2012, 09:58 PM
Gordon Messmer
 
Default 389 and Samba integration on Centos 6

On 05/04/2012 01:47 AM, Alberto Suárez wrote:
Regarding FreeIpa, yes, I am inclined to add it to my setup, but
further on, not in the short term.


The last time I saw its documentation, it wasn't possible to add FreeIPA
to an existing directory server. You had to start with FreeIPA on a
clean system.


My problems come from the use of Centos 6, instead of Centos 5, as
there are some differences that affect the set up procedure which are
not well documented and I see there is not much experience yet on the Web.


Can you be more specific? I don't recall any significant differences
between deployments on CentOS 5 and 6. I set up both with bcfg2 with
minimal differences in the setup scripts. Primarily, I use ldapmodify
from $PATH on release 6 rather than /usr/lib64/mozldap/ldapmodify under
release 5.



--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 05-04-2012, 11:19 PM
Paul Robert Marino
 
Default 389 and Samba integration on Centos 6

Well first things first if you intend to use FreeIPA use it from the start. FreeIPA is designed to set every thing up for you from scratch and it doesn't play nice with preexisting installs.

So what you really need is the documentation for getting FreeIPA working on Centos first.

I know on RHEL 6 I configured dogtag ( one of the components FeeIPA leverages) I had to download and rebuild a few source RPMs from koji to get it working properly.

On the samba front there is more documentation then you think they just don't call it 389 directory server. Keep in mind 389 is a fork of the old netscape directory server which RedHat bought the rigts to from AOL. What that means is any documentation that mentions netscape directory server, iplanet directory server, or Sun One directory server apply to 389 server usually the only thing that's different is file paths. To be perfectly honest the first time I setup 389 server the java gui gave me a flashback of a long suppressed memory of being forced to administrate SCO boxes in the late 90s with NDS installed which was the only thing installed on those boxes that worked well.



On samba 4

Samba 4 should be fine in production now if you intend to use Heimdal kerberos any way.

If you intend to use MIT kerberos 5 its not quite there yet but its getting closer. The FreeIPA project intends to get all the required patches submitted to MIT kerberos, by the end of this year. there is also a doc on how to disable ther internal kerberos server in samba on the freeipa site. For the most part it sould work with recent releases of MIT kerberos but there are few lingering compatibility issues with mit kerberos and microsoft ad clients. Frigtening its not really microsofts fault they followd the RFCs to the letter MIT kerberos hasn't alwayswhich is where some of the issues come in


On May 4, 2012 4:48 AM, "Alberto Suárez" <asuapaz@gobiernodecanarias.org> wrote:
Hello Paul,



Thank you for your answer. My intention is to use Samba 3 as, as far as I am aware, use of Samba 4 in productioon environments is discouraged at this point. Regarding FreeIpa, yes, I am inclined to add it to my setup, but further on, not in the short term. My objective now is to have a server with 389 and Samba 3 up and running the soonest. My problems come from the use of Centos 6, instead of Centos 5, as there are some differences that affect the set up procedure which are not well documented and I see there is not much experience yet on the Web. And, of course, my lack of previous experience with 389...




Kind regards,



Alberto Suarez.



Paul Robert Marino wrote:


For clarity are you planing to use samba 3 or 4?

There is a huge difference between the two mainly samba 4 has its own

kerberos 5 server (its a embedded fork of Heimdal).

This muddies the water a bit when talking about samba 4 because while

on pure technical merits I think Heimdal Kerberos 5 is superior

implementation when compared to MIT Kerberos 5, RedHat and Most other

Distributions have standardized on MIT Kerberos 5. Note you can get

MIT Kerberos to work with Samba 4 but it breaks some of the

compatibility with samba and the windows Kerberos Client.



As a result the answer is very different depending on which one you

plan to use and if you plan to use FreeIPA or not.





2012/5/3 Alberto Suárez<asuapaz@gobiernodecanarias.org>:


Hello:



I think I have succeded in setting up 389ds on Centos 6.2. Now I would like

to integrate samba with 389. Is there any documentation available that

explains how to do it?



Thank you!



Alberto Suárez.

--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users


--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users


--

389 users mailing list

389-users@lists.fedoraproject.org

https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 09:22 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org