Topic: Using sme server 7 as a member server in a windows domain

[fthomas]

Good day,

I did a bit of searching and I've not got an answer on how to properly add a sme server 7 to a windows 2000/2003 active directory domain. I did find some stuff from version 4 but it is now outdated. If anyone has a solution to this problem, I would be very greatful.

Thanks in advance!

Frank.

[pcdoc]

If you have figured out a way to get SME to become a member of an AD windows 2003 domain (primarily SBS), please let me know.

I have been bashing my head against a wall for about a week now.

[ngomes]

Along with other advanced LDAP features (see my previous post about Active Directory) what you are looking for is not currently supported by SME Server.

As far as I know SME Server only uses LDAP for contact sharing among registered users (for using it on email clients), not for authentication purposes.

With SME Server it is not possible to:

(1) Add it as a Member Server of an Active Directory Infrastructure, using AD user accounts to access its services. Scenario: you want to run your Email Server on top of SME Server, using Active Directory user accounts to login to SME email services.

(2) "Sharing" its user database among other SME Servers. Scenario: You want to split SME Server services among 2/3 SME machines, sharing the same user database for unified authentication.

(3) Authenticate users on Linux Desktop boxes. Scenario: you have both Windows and Linux desktop boxes on your network and you want to use SME Server to authenticate/validate every user regardeless on whatever system they log into.

Regards.

[pcdoc]

My situation is as follows

Have had SME Server 7 running at local site for authentication to windows clients, and handling email.

Have setup wireless 38 Mb link to remote site to include in one network. Remote site runs SBS 2003 and authenticates all users there. I cannot make SBS 2003 a member of the SME domain because it just wont. I am happy to let the SBS Server handle mail, authentication etc, and just let the SME server handle dhcp, firewall, gateway and some data services.

How do I make SME 7 a member of the SBS2003 server.

[ngomes]

First of all, do yourself a favour: do not handle email with MS Exchange. In a short time you will have serious troubles running and backing up it. Google it for more opinions.

Second, when you deploy a SBS2003 you cannot have on the same physical network another domain controller (SME Server, NT4, Windows 2000/2003) running other domain (NT4/Samba or AD like).

Third, in order to view SME Server on the same network (for browsing purposes) you only need to configure the workgroup name on SME = SBS domain name.

The problem is, you have to manually mantain 2 user databases, one for SBS (AD) and another for SME Server (Samba3) in order to split services among these 2 servers.

Hope it helps.

[pcdoc]

There are only 30 users on this network, so maintaining dual lists of users is not really an issue.

The clients want to use MS Exchange to sync contact lists, schedules etc, which I have been unable to do with open Xchange. if there is a way, that is an option I am willing to look at as well.

If I tell the SME server it is not the domain master, will that still cause a problem with the SBS2003 server??

I had thought that would not cause an issue. I still need to be able to use the SME server for proxy and port forwarding, nothing else.

When I go to join a local computer to the domain, and insert the full domain name of the SBS server, it returns an error, could this be because of the registry hack perfomed to get the local computers to join the SME server domain initially??, if so, I can reverse that.

[morpheusx]

Why not just make the SBS2003 server the domain master? Does SME actually need to hold authentication details to just do DHCP and networking tasks?

I agree that the combination of Exchange and Outlook is hard to beat, especially if people want shared calendars. For a 30 user network, an Exchange server needs very little maintenance. I ran Exchange 2000 on a smaller network for four years and practically never touched it.

[fthomas]

One must ALWAYS remember that small business server is the Frankenstein of the windows world. It was only meant to lull smaller companies into a full windows server environment in the future. It will not support other servers around it. So, from this point of view, YOU ONLY GET WHAT YOU PAY FOR. When you pay less then $1000 for a full software network package, you get just that. Microsoft WANTS you to upgrade to their proper server/exchange software packages which get very expensive, very quickly. Be prepared for it, it's inevitable if you stick with M$.

[ngomes]

There are only 30 users on this network, so maintaining dual lists of users is not really an issue.

Fine.

The clients want to use MS Exchange to sync contact lists, schedules etc, which I have been unable to do with open Xchange. if there is a way, that is an option I am willing to look at as well.

There are several ways to achive this through addon software (aka contribs). I have never tried this on a network, but you can use the search function to see what other 'non-core' developpers did.

If I tell the SME server it is not the domain master, will that still cause a problem with the SBS2003 server? I had thought that would not cause an issue.

Just go to server-manager -> Configuration -> Workgroup and do:

Windows Workgroup = the name of your SBS domain (to see your SME Server on the same workgroup/domain SBS is controlling)
Workgroup and Domain Controller = No (to not conflict with SBS licensing agreement).

I still need to be able to use the SME server for proxy and port forwarding, nothing else.

Perhaps it is better for you to look elesewhere. In this case what you need is a dedicated firewall/proxy. You can look into IPCop or m0n0wall for really good software.

When I go to join a local computer to the domain, and insert the full domain name of the SBS server, it returns an error, could this be because of the registry hack perfomed to get the local computers to join the SME server domain initially? if so, I can reverse that.

Perhaps. Search into your SBS domain controller policy for "Digitally sign comunications" parameters. But I have to remember you this forum is not for SBS2003 troubleshooting.

Regards,

[ngomes]

One must ALWAYS remember that small business server is the Frankenstein of the windows world. It was only meant to lull smaller companies into a full windows server environment in the future. It will not support other servers around it. So, from this point of view, YOU ONLY GET WHAT YOU PAY FOR. When you pay less then $1000 for a full software network package, you get just that. Microsoft WANTS you to upgrade to their proper server/exchange software packages which get very expensive, very quickly. Be prepared for it, it's inevitable if you stick with M$.

I couldn't agree more.

[ngomes]

With SME Server it is not possible to:

(1) ...
(2) ...
(3) Authenticate users on Linux Desktop boxes. Scenario: you have both Windows and Linux desktop boxes on your network and you want to use SME Server to authenticate/validate every user regardeless on whatever system they log into.

For problem #3, please look for a possible solution at:
http://forums.contribs.org/index.php?topic=33276.0