Web lists-archives.com

Re: [Samba] Samba4 as an additional Domain Controller in existing Windows 2016 AD




Thank you Andrew and Norbert.

What you've said makes complete sense, and is as I had anticipated.

>But why do you need to mix Samba and windows? 
Their existing Windows Server 2008R2 DC crashed and was hastily replaced with a 2016 Server.
I am currently exploring options with their IT team to go with a pure Samba DC solution.

Thank you again for your time and assistance.

Kind regards,
David Wilson





----- Original Message -----
From: "Andrew Bartlett" <abartlet@xxxxxxxxx>
To: "David Wilson" <davew@xxxxxxxxxxxx>, "samba. org" <samba@xxxxxxxxxxxxxxx>
Sent: Wednesday, 10 October, 2018 08:08:11
Subject: Re: [Samba] Samba4 as an additional Domain Controller in existing Windows 2016 AD

On Mon, 2018-10-08 at 15:21 +0200, David Wilson via samba wrote:
> Sorry for the pressure guys. Any ideas on this please? 
> 
> 
> 
> Regards, 
> 
> David Wilson 
> 
> From: "samba. org" <samba@xxxxxxxxxxxxxxx> 
> To: "samba. org" <samba@xxxxxxxxxxxxxxx> 
> Sent: Wednesday, 3 October, 2018 16:45:42 
> Subject: [Samba] Samba4 as an additional Domain Controller in existing Windows 2016 AD 
> 
> Good day guys, 
> 
> I hope all is well on your side. 
> 
> We are looking at implementing the latest stable version of Samba4 to function as a (secondary) domain controller in an existing Active Directory environment that is currently managed by an existing single Windows Server 2016 server. 
> 
> Aside from fairly easily-addressed sysvol replication challenges - looking at the official Samba documentation, it seems that nothing higher than a Domain/Forest Function Level of 2008r2 is supported, if Samba4 is to function as Domain Controller in an existing (Windows Server controlled) Active Directory environment? 
> The information available seems to indicate that the reason for this is due to changes within the Windows Server Kerberos services, that are possibly not available within MIT or Heimdal Kerberos? 

The Kerberos issues come from the newer functional levels, they imply
that the KDC has to do more things.  As long as the functional level
remains at 2008R2 that won't be the blocker. 

But why do you need to mix Samba and windows? 

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba