I know this is the wrong way round... but
Is it possible to use AD in front of Samba for our PC clients, so that the user accounts are in Samba/Open LDAP.
Managing our fleet of Windows PC's is becoming more and more difficult with just Samba v3 - until Samba v4 comes along, it would be great if we could leverage Active Directory, but have the accounts stored in Samba/Open LDAP.
Windows PC's are a minority in our organisation & Samaba/Open LDAP are used for just about every service (Zimbra/RADIUS/Intranet/SAN/Printing/...) so it will have to remain the definitive account source. Anyway, it probably can't be done, but I thought I would ask for ideas anyway.
I haven't got any experience actually doing this, but it sure seems technically feasible to set up an Active Directory forest to join the computers into while preserving the ability to logon with the existing Samba domain accounts. They key is creating an NT 4 style trust relationship between the Samba domain and the Active Directory domain (either two-way, or with the AD domain trusting the Samba domain in a one-way trust) to allow the existing Samba domain user accounts to logon to these computers.
It should be a transparent process for the users. You'll be able to add computers to the AD domain at your leisure.
The main issues I can think of that might crop up during the creation of the trust would be good NetBIOS name resolution. I'd run a WINS server, either on the Samba DCs or on the Windows DCs, and have both the client and server computers register themselves. That ought to save a lot of heartburn fighting name resolution issues.
Can you share any notes from your trial?
--------- Update1
@whatever-downvoted-my-answer, be it bot or human,
May I ask why my questions were downvoted? Uncommented / unexplained, i.e. unreasonable, downvotes disservice and discredit the community of serverfault.com