If you are getting rid of the exchange server it seems a lot of work to
do the trusts thing. Having outlook remember your password isn't a
major problem. Except of course then people are pretty likely to have
forgotten their e-mail password if they ever use another PC.
I have found Samba trusts to be fairly painful. I had a Samba 3.0.x PDC
(LDAP backend) which I tried having a trust with a Windows 2003
domain. In order for trusts to work, the Samba machine uses Idmap to
create a range of unix uid's and gid's for the trusted Windows users.
With Samba 3.0.x, these idmap entries were created but would stop
working after the cache period expired. I don't know why. When I
moved to Samba 3.4.x, the expiration issue went away but then idmap
entries were not automatically. We didn't have many people in the
Windows 2003 domain so I can manually create idmap entries as needed.
My gut feeling is that any changes you make to support Windows 7
machines will break compatibility with legacy machines (e.g. NT4) or
the domain trusts- altho installing the latest NT4 SP pack (6a?) may help.
Could you make migrate the PDC role from your NT server to a samba 3.4.x
or 3.5.x server? I don't think Exchange 5.5 has to be on the domain
controller.
At my work we have a Samba domain for most of the users and computers.
We also have a separate untrusted Win 2008 domain just to support our
Exchange 2007 server. It would be nice if we could consolidate to a
single domain (or at least a single Active Directory tree) but for the
moment people have to maintain separate e-mail accounts.
FYI- I had a look at the latest version of Zimbra- it looks like a
pretty nice product for a small business, if you decide not to go with
the hosting route. I do like Exchange 2007 but it can be a big
challenge to set up and maintain, and you really have to have a
background with Active Directory and Exchange. Not what I would use
for a really small site.
On 10/28/2011 10:34 AM, Derek Werthmuller wrote:
Looking to make some changes to an old but working LAN, that has about 10
samba servers serving printers and network shares and a NT 4 PDC server with
Exchange 5.5 on it. The samba servers are members of the nt4 domain, XP
systems are members of the nt 4 domain also. Samba servers are ldapbacked.
We use the ldap component directly to login to the Linux servers.
I'd like to be able to support windows 7 clients as domain members, right
now the clients are all XP. The plan I'm considering is building a new
domain with the latest version of samba 3.x stable series for my RHEL6
servers, join my new windows clients to that domain and create a trust
relationship to the NT 4 domain. The existing samba servers can be joined
to the new domain so that only the email server will be in the old domain.
The idea behind the trust
relationship is so that entering email for my users can be just a click and
won't have to login again. We'd want to keep the ldap backend capability
too.
Keeping the exchange is really a stop gap till we can move that function to
the cloud.
Have others done similar upgrades successfully? Does this sound reasonable?
Is the trust relationship overkill and likely to cause problems? (tell users
to cache the outlook login and be done)
Thanks
Derek
Derek Werthmuller
Director of Technology Innovation and Services
Center for Technology in Government
518.442.3892
www.ctg.albany.edu<www.ctg.albany.edu>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
