samba - Sep 2017 - [OT?] VM or Container for an AD DC?

I'm starting to deploy my new domain in my organization, setting up the
new domain and DCs.

I'm following the recommendation to create the DCs as ''DC
only'', eg
with only samba and a root access for ssh.


Having to choose between VMs and Containers (LXC), there's differences
between them that can involve samba features/performances? Filesystem
limitation?

Seems to me absolutely NO, but in doubt... i'm asking.


Thanks.


PS: Virtualization based on Proxmox, but i think that really doesn't
    care...

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''         
http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

On Tue, 2017-09-19 at 13:02 +0200, Marco Gaiarin via samba
wrote:
> I'm starting to deploy my new domain in my organization, setting up the
> new domain and DCs.
> 
> I'm following the recommendation to create the DCs as ''DC
only'', eg
> with only samba and a root access for ssh.
> 
> 
> Having to choose between VMs and Containers (LXC), there's differences
> between them that can involve samba features/performances? Filesystem
> limitation?
There is a limitation for containers regarding xattrs as I understand
it, so you may need to go to a full DC.

Andrew Bartlett
-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

Mandi! Andrew Bartlett via samba
  In chel di` si favelave...
> There is a limitation for containers regarding xattrs as I understand
> it, so you may need to go to a full DC.
...googling around seems to me that are ''old limitation'', now
gone.


I've also hitted:

	https://lists.linuxcontainers.org/pipermail/lxc-devel/2015-November/012789.html

so seems that 'samba-tool domain provision' check xattr compliance and
rever to to tdb ACL if not.
This check it is ''safe'' (full check)? Or i could end in some
''gray''
area?!
There's some more checks i can do?


Thanks.

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''         
http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)