Office Cleanup, LDAP, Samba 3.5, and Server 2008 R2
With a little help from Junk Busters Austin the office clean up is complete. It was a bittersweet day; getting rid of old CRTs, Pentium-2 servers, and boxes of old software.
The logical cleanup started as well. I’ve set up a new Domain Server using openSUSE 11.3 with LDAP. This was my first experience with openSUSE, and now that it is done I can recommend it.
Major thanks to Masim Suguanto and his tutorial which was a great help with the initial setup: http://vavai.net/2010/03/30/how-to-samba-pdcopenldap-on-opensusesles-part-1/.
Also, it was good to read up on the Samba group mapping http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/groupmapping.html before starting.
But, getting Windows Server 2008 and 2008 R2 on the Domain was a bit of work!
How to get Server 2008 R2 to operate with a Samba 3.5 Domain Server:
1) Update the registry on the Server 2008 System: http://wiki.samba.org/index.php/Windows7
2) Ensure that the Windows and Linux have the same date and time (run “net time \\Server /set” on the Windows Server).
3) Modify the Server 2008 local policy’s for Network Security: LAN Manager authentication level to “Send LN & NTLM – use NTLM2 session security if negotiated”.
4) Modify the Server 2008 local for Network Security: Network security: Allow Local System to use computer identity for NTLM (Disabled): http://wiki.ssystems.de/doku.php?id=samba_trust_w2008r2_harald_strack.
5) I also set the AllowNT4Crypto registry setting, though I’m not sure if that was needed: http://technet.microsoft.com/en-us/library/cc974327%28WS.10%29.aspx
Reading this, it sure seems easy now! Though, it took me the better part of two days to get the Samba Domain Controller, LDAP, and Server 2008 all working together. I like the new database style configuration used by openSUSE 11.3, as well as the GUI configuration tools.
Migrating the local profiles to domain profiles was not as bad as I expected. I ran the “User Profile Wizard 3.0” and it seemed to work nicely.
The Next Step:
With the new domain server in place, my next step will be to migrate all my utility and test VM’s from an ESXi (3.5) Server, VMware Server for Linux, and VMware Workstation to a new Dell Server. I’ve gotten very tired of having all the VMs scattered among several different systems, and want to consolidate them in one place.
Once it is running, the old ESXi server is going to become the new backup server (openfiler seems to be a good choice). Well, once I plug in a new eSATA card to allow me to hook up all the external drives I’ve been using, that is.
