Mailinglist Archive: opensuse (1420 mails)

< Previous Next >
Re: [opensuse] AD replacement
On Tue, 2014-01-21 at 08:30 +0100, Hans Witvliet wrote:
Hi all,

The people from the (upstream) samba team, told that their 4.x branch
could do a full (and painless) swap from AD towards samba, and the other
way round.

Only (little) snag was that they included all main components (smb,
ldap, krb and dns). And the only component that might be replaced by
another part was substituting samba4-DNS by BIND.

However, in 13.1 and sp3 i see that samba4 is included, but on the
changes-file, it says that full AD-functionality is not possible,
because you can not replace the kerberos-component.

(afaicr, the samba-team is using Heimdal, instead of MIT-kerberos)

So, if you need to mimick/replace a complete AD, should one use:

Or are there any other suggestion....


With the current state of Samba in openSUSE I can't see us ever having
AD functionality. Few, if any here seem to have hands on experience with
AD (why should they?). Even Debian are experiencing packaging problems
and niggling little quirks despite Sernet throwing zillions of man hours
at it for them.

The repo you mention is simply the file and print server component. It
gives the same functionality as the 3.6 series. There is no AD provision

There is no problem with whatever Kerberos is used: Samba4 builds
perfectly well on 13.1 with the out of the box MIT packages. It also
provisions AD fine.

Judging by the nightmares with any packaged Samba4 AD which can be read
daily over on the samba list, I think we're a long way from any
stability for any package which claims to be able to provision an AD
domain controller from scratch.

For now, and given the complexity of the code, the installation from the
tarball is very easy. Get your DNS sorted (relearn it from scratch!) and
you have a rock solid DC.

The only small omission is currently sysvol replication for the gpo's.
However, it's a simple matter to rsync it across yourself and of course
if you're a one DC forest you don't need it anyway.

Here is the (exemplary) howto:

L x

To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >