Web lists-archives.com

Re: [Samba] Samba4 Kerberos Authentication Error

On 12/6/2018 9:33 AM, Rowland Penny via samba wrote:
On Thu, 6 Dec 2018 09:12:03 -0500
Marco Shmerykowsky PE via samba <samba@xxxxxxxxxxxxxxx> wrote:

I'm basically trying to set up one Linux appliance to handle
overall authentication and let two other machines simply
serve files.

I would do it slightly differently, two DC's and then whatever
fileservers are required. The Centos Samba packages are usable for a
domain member, they just cannot be used for a DC.


Why 2 DC's?  My understanding is that a file server should
not simultaneously serve as a DC in an Active Directory setup.

I never said use a DC as a fileserver, I was just picking up on what
you said 'one Linux appliance to handle overall authentication '. I
took it you meant use one Samba AD DC and two Samba AD DC's are always

I have a small office.  While I have no issue making one of
the file servers also function as a backup DC, I really don't
want to add yet another server to the mix to handle a single

I know Windows sysadmins refer to DC's via various different names, but
AD RWDC's are all the same apart from the FSMO roles and they can be on
any DC.

If resources are limited, you can use a DC as a fileserver, you just
have to be aware of the limitations.


I'm newbie lost with the terminology :)

Currently I have two servers:
1) Centos Server handling file server duties and functioning as
   a PDC in a NT4 style domain.
2) Centos Server functioning as a member server holding
   supplemental files.

New setup:
1) Ebox Appliance running Debian 9 w/ samba as an AD DC
   (got this up and running w/o an issue - Fedora was the problem)
2) Main File server as a member server (stay on Centos?) on
   the AD domain
3) Secondary server as a member server (stay on Centos?)on
   the AD domain

Both the centos servers need upgrading, but since I don't have
extra servers to move the files around to, that will take a
little bit of work.

When moving the file servers to samba4, do I set them up as
"member servers" or something else?  For that matter, do I
migrate samba or do I follow an uninstall/fresh install path?

This email has been checked for viruses by AVG.

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba