[openstack-dev] Time to Samba! :-)
Martinx - ジェームズ
thiagocmartinsc at gmail.com
Wed Oct 22 17:28:22 UTC 2014
Just for the record, they are watching us! :-O
https://aws.amazon.com/blogs/aws/new-aws-directory-service/
Best!
Thiago
On 16 August 2014 16:03, Martinx - ジェームズ <thiagocmartinsc at gmail.com> wrote:
> Hey Stackers,
>
> I'm wondering here... Samba4 is pretty solid (up coming 4.2 rocks), I'm
> using it on a daily basis as an AD DC controller, for both Windows and
> Linux Instances! With replication, file system ACLs - cifs, built-in LDAP,
> dynamic DNS with Bind9 as a backend (no netbios) and etc... Pretty cool!
>
> In OpenStack ecosystem, there are awesome solutions like Trove, Solum,
> Designate and etc... Amazing times BTW! So, why not try to integrate
> Samba4, working as an AD DC, within OpenStack itself?!
>
> If yes, then, what is the best way/approach to achieve this?!
>
> I mean, for SQL, we have Trove, for iSCSI, Cinder, Nova uses Libvirt...
> Don't you guys think that it is time to have an OpenStack project for LDAP
> too? And since Samba4 come with it, plus DNS, AD, Kerberos and etc, I think
> that it will be huge if we manage to integrate it with OpenStack.
>
> I think that it would be nice to have, for example: domains, users and
> groups management at Horizon, and each tenant with its own "Administrator"
> (not the Keystone "global" admin) (to mange its Samba4 domains), so, they
> will be able to fully manage its own account, while allowing Keystone to
> authenticate against these users...
>
> Also, maybe Designate can have support for it too! I don't know for
> sure...
>
> Today, I'm doing this "Samba integration" manually, I have an "external"
> Samba4, from OpenStack's point of view, then, each tenant/project, have its
> own DNS domains, when a instance boots up, I just need to do something like
> this (bootstrap):
>
> --
> echo "127.0.1.1 instance-1.tenant-1.domain-1.com instance-1" >> /etc/hosts
> net ads join -U administrator
> --
>
> To make this work, the instance just needs to use Samba4 AD DC as its
> Name Servers, configured at its /etc/resolv.conf, "delivered by DHCP
> Agent". The packages `samba-common-bin` and `krb5-user` are also required.
> Including a ready to use smb.conf file.
>
> Then, "ping instance-1.tenant-1.domain-1.com" worldwide! It works for
> both IPv4 and IPv6!!
>
> Also, Samba4 works okay with Disjoint Namespaces
> <http://technet.microsoft.com/en-us/library/cc731929(v=ws.10).aspx>, so,
> each tenant can have one or more domains and subdomains! Like "*.
> realm.domain.com, *.domain.com, *.cloud-net-1.domain.com,
> *.domain2.com... All dynamic managed by Samba4 and Bind9!
>
> What about that?!
>
> Cheers!
> Thiago
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20141022/c7ab31dc/attachment.html>
More information about the OpenStack-dev
mailing list