DNS and Active Directory

Thu Mar 18 17:11:50 UTC 2004

Tom,

Great information to have. Where do set the 'OS level' in samba. I don't
have my Samba book on hand. Do I just put it in the global settings in the
smb.conf?

I want the Samba server to be my master browser. One of my next todo's is
having the Samba server emulate a domain controller. I'm going to have to
get the new Samba 3.0 material too!

Thanks,

James

> Okay, please don't rip my head off here for asking a MS question, but I
> figured I would get a slightly less biased answer here. That being
> said....
> We are upgrading our Exchange 5.5 server to Exchange 2003. We are a
> mixed shop with Linux and Windows. (There are numerous other systems,
> mostly of the *nix variety) While I tried to edge them to use
> Communitgate Pro, Contact, or OpenExchange, they decided there would be
> less impact on users if we stayed with Exchange.
> Now comes my issues, I feel like Alice falling down the rabbit hole
> here. In reading the docs for Exchange 2003, it says it needs Active
> Directory. Great, so now I have to learn Active Directory and futz with
> that. Now I am setting up Active Directory, flying by the seat of my
> pants, and it says that it wants its own DNS server in order to work
> properly. All my DNS servers are Linux based.
> Can Active Directory work with Linux based DNS? I thought I recalled a
> few of you saying you had Exchange 2000/2003 running, just wanted to
> know how you did it.
> Any help would be appreciated.
>
> --
> Edward M. Croft
> Sr. Systems Engineer
> Open Ratings, Inc.
> 200 West Street
> Waltham, MA 02451-1121
>
> Hi Edward,
>
> Actually the answer is both yes and no. Yes, you can make Bind 9 work
> with Active Directory, but it will not resolve NetBIOS names, which
> Active Directory requires for file/print sharing. When you set up an
> Active Directory domain controller, it requires an Active Directory
> enabled DNS server, something Bind cannot do. Active Directory has
> hidden objects in the DNS records that don't appear in the zone files
> because they are embedded in the registry. Also, to find a domain
> controller to authenticate Windows clients, you must have SRV resource
> records in the zone, something Bind 9 supports but I've never tried it
> so I can't say how well it works.
>
> Another issue you will face is the matter of broadcast storms from
> browse master elections. Domain controllers win those elections when
> they exist, but every new client starting up forces a new browse master
> election. You can limit this by using Samba and set the "OS level" value
> to 65 or greater and the Samba server will win all the elections, and
> then you can use Samba's WINS server to handle your workstation browse
> requests.
>
> I would try to make the Exchange Server a domain controller and a DNS
> server. This would reduce the amount of traffic created by the Exchange
> server and its clients since they use DNS and not WINS. For file and
> Print sharing I would use Samba, and make the Samba server use the
> Active Directory server to authenticate the Windows clients. You didn't
> say whether you have Win9x or NT4 or < clients, but these require mixed
> mode for Active Directory to work with them as they don't support Active
> Directory in native mode.
>
> Microsoft's approach to open standards is called "embrace and extend,"
> which is another way to make an open standard a Microsoft proprietary
> architecture. This makes cross platform networking a series of stubborn
> obstacles and causes network engineers to loose their hair. I've been
> doing this stuff for 13 years, so if you have any other questions,
> please feel free to email me directly and we can continue this without
> filling the group with Microsoft protocol issues.
>
> Tom
>
> Thomas S. Fortner
> Burleson, Texas
> thomas.fortner at sbcglobal.net
> "but we preach Christ crucified..."  1 Corinthians 1:23
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>