[389-users] 389 and Samba integration on Centos 6

Paul Robert Marino prmarino1 at gmail.com
Fri May 4 23:19:53 UTC 2012 

Well first things first if you intend to use FreeIPA use it from the start.
FreeIPA is designed to set every thing up for you from scratch and it
doesn't play nice with preexisting installs.
So what you really need is the documentation for getting FreeIPA working on
Centos first.
I know on RHEL 6 I configured dogtag ( one of the components FeeIPA
leverages) I had to download and rebuild a few source RPMs from koji to get
it working properly.
On the samba front there is more documentation then you think they just
don't call it 389 directory server. Keep in mind 389 is a fork of the old
netscape directory server which RedHat bought the rigts to from AOL. What
that means is any documentation that mentions netscape directory server,
iplanet directory server, or Sun One directory server apply to 389 server
usually the only thing that's different is file paths. To be perfectly
honest the first time I setup 389 server the java gui gave me a flashback
of a long suppressed memory of being forced to administrate SCO boxes in
the late 90s with NDS installed which was the only thing installed on those
boxes that worked well.

On samba 4
Samba 4 should be fine in production now if you intend to use Heimdal
kerberos any way.
If you intend to use MIT kerberos 5 its not quite there yet but its getting
closer. The FreeIPA project intends to get all the required patches
submitted to MIT kerberos, by the end of this year. there is also a doc on
how to disable ther internal kerberos server in samba on the freeipa site.
For the most part it sould work with recent releases of MIT kerberos but
there are few lingering compatibility issues with mit kerberos and
microsoft ad clients. Frigtening its not really microsofts fault they
followd the RFCs to the letter MIT kerberos hasn't alwayswhich is where
some of the issues come in
On May 4, 2012 4:48 AM, "Alberto Suárez" <asuapaz at gobiernodecanarias.org>
wrote:

> Hello Paul,
>
> Thank you for your answer. My intention is to use Samba 3 as, as far as I
> am aware, use of Samba 4 in productioon environments is discouraged at this
> point. Regarding FreeIpa, yes, I am inclined to add it to my setup, but
> further on, not in the short term. My objective now is to have a server
> with 389 and Samba 3 up and running the soonest. My problems come from the
> use of Centos 6, instead of Centos 5, as there are some differences that
> affect the set up procedure which are not well documented and I see there
> is not much experience yet on the Web. And, of course, my lack of previous
> experience with 389...
>
> Kind regards,
>
> Alberto Suarez.
>
> Paul Robert Marino wrote:
>
>> For clarity are you planing to use samba 3 or 4?
>> There is a huge difference between the two mainly samba 4 has its own
>> kerberos 5 server (its a embedded fork of Heimdal).
>> This muddies the water a bit when talking about samba 4 because while
>> on pure technical merits I think Heimdal Kerberos 5 is superior
>> implementation when compared to MIT Kerberos 5, RedHat and Most other
>> Distributions have standardized on MIT Kerberos 5. Note you can get
>> MIT Kerberos to work with Samba 4 but it breaks some of the
>> compatibility with samba and the windows Kerberos Client.
>>
>> As a result the answer is very different depending on which one you
>> plan to use and if you plan to use FreeIPA or not.
>>
>>
>> 2012/5/3 Alberto Suárez<asuapaz@**gobiernodecanarias.org<asuapaz at gobiernodecanarias.org>
>> >:
>>
>>> Hello:
>>>
>>> I think I have succeded in setting up 389ds on Centos 6.2. Now I would
>>> like
>>> to integrate samba with 389. Is there any documentation available that
>>> explains how to do it?
>>>
>>> Thank you!
>>>
>>> Alberto Suárez.
>>> --
>>> 389 users mailing list
>>> 389-users at lists.fedoraproject.**org <389-users at lists.fedoraproject.org>
>>> https://admin.fedoraproject.**org/mailman/listinfo/389-users<https://admin.fedoraproject.org/mailman/listinfo/389-users>
>>>
>> --
>> 389 users mailing list
>> 389-users at lists.fedoraproject.**org <389-users at lists.fedoraproject.org>
>> https://admin.fedoraproject.**org/mailman/listinfo/389-users<https://admin.fedoraproject.org/mailman/listinfo/389-users>
>>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.**org <389-users at lists.fedoraproject.org>
> https://admin.fedoraproject.**org/mailman/listinfo/389-users<https://admin.fedoraproject.org/mailman/listinfo/389-users>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20120504/a8720d02/attachment.html>

More information about the 389-users mailing list