samba - Nov 2018 - Setup a Samba AD DC as an additional DC

> > >What is the running AD DC its os version/build, it was an
> MS server? 
> > 2 AD DCs Windows 2012, 1 is 2008, but the DC for the join is a 2012 
> > windows DC
> 
> >Yes, but win 2012 which one?  2012 or 2012R2 Can you open a
> dosbox (cmd) and type : ver The build nummer is? 
> 
> It is just 2012, not R2.  Here is the ver output: Microsoft Windows 
> [Version 6.2.9200]
> 
> The 2008 DC is also NOT R2: Microsoft Windows [Version 6.0.6002]
> 
> The Windows Certificate Server is running on the 2008 DC.
> 
> >and add it on you samba servers
> 
> I assume it will need to be added to the Intermediate & Trusted 
> Authorities.  I will have to search for doing this on Ubuntu/Linux.  I 
> assume it is simple.
>But before you start with the things todo. 
>You network is expanding as we are asking questions..  ;-) So you have a :
>win2012 as AD DC
>?Win2008 as ? Member or also AD DC? 
>?Any other windows servers? MSSQL Exchange things like that, because some of
these are blocking replication.
>?And before your waisting a lot more of time, lets make the info more
complete first.
> > 2 AD DCs Windows 2012, 1 is 2008, but the DC for the join is a 2012 
> > windows DC
Site 1
2012 ADDC + DNS
2008 ADDC + Certificate Service + DNS + DHCP
2012 Member - file server & running MS SQL Server
2012 Member - file server
2008 Member - MS Exchange 2010

Site 2
2012 ADDC + file server

All are NOT Windows 20xx R2, just Windows Standard Server 2008 or 2012.

On Thu, 29 Nov 2018 12:53:42 +0000
"Barry D. Adkins via samba" <samba at lists.samba.org> wrote:
> > > >What is the running AD DC its os version/build, it was an
> > MS server? 
> > > 2 AD DCs Windows 2012, 1 is 2008, but the DC for the join is a
> > > 2012 windows DC
> > 
> > >Yes, but win 2012 which one?  2012 or 2012R2 Can you open a
> > dosbox (cmd) and type : ver The build nummer is? 
> > 
> > It is just 2012, not R2.  Here is the ver output: Microsoft Windows 
> > [Version 6.2.9200]
> > 
> > The 2008 DC is also NOT R2: Microsoft Windows [Version 6.0.6002]
> > 
> > The Windows Certificate Server is running on the 2008 DC.
> > 
> > >and add it on you samba servers
> > 
> > I assume it will need to be added to the Intermediate & Trusted 
> > Authorities.  I will have to search for doing this on
> > Ubuntu/Linux.  I assume it is simple.
> 
> 
> >But before you start with the things todo. 
> >You network is expanding as we are asking questions..  ;-) So you
> >have a : win2012 as AD DC
> >?Win2008 as ? Member or also AD DC? 
> >?Any other windows servers? MSSQL Exchange things like that, because
> >some of these are blocking replication. ?And before your waisting a
> >lot more of time, lets make the info more complete first. 
> 
> > > 2 AD DCs Windows 2012, 1 is 2008, but the DC for the join is a
> > > 2012 windows DC
> 
> Site 1
> 2012 ADDC + DNS
> 2008 ADDC + Certificate Service + DNS + DHCP
> 2012 Member - file server & running MS SQL Server
> 2012 Member - file server
> 2008 Member - MS Exchange 2010
BOING!!!         ^^^^^^^^^^^

From my knowledge, you cannot use exchange with a Samba DC.

Rowland

> 2008 Member - MS Exchange 2010
>BOING!!!         ^^^^^^^^^^^
>From my knowledge, you cannot use exchange with a Samba DC.
My original plan was a stepped approach.  Recall I created a Samba Member
Server.  Created a Share, entered GID, UID for all users and groups, but we
could not get the member server to ever see those users/groups.

I can connect to that share from windows clients, but I have to connect as the
administrator (who is mapped to root). I set ACLs with Windows Tools, and
Windows still looks at them as there, but they do not function because we never
could.

The Thread is:
getenv does not return any AD DOMAIN users or groups - ?nsswitch is not setup
for Samba?

I am going to migrate away from Exchange.  In fact MailEnable has completed
implementation of mail delivery to public folders so I can go ahead and do that.
Louis however recommended Kopano.  I had considered and dismissed it as too
expensive.  I was trying to see if it was available as Open Source or if there
was a subscription that would Not be expensive.

For the moment if we could go back to the Member Server and get it working I had
started that to create a Replicated Storage Volume as we are having trouble with
Microsoft DFS Replicated folders.

-Barry Adkins

Hai Barry, 

We know about exchange might be a problem, the others i dont know..
Check the windows schema levels. 
https://wiki.samba.org/index.php/AD_Schema_Version_Support 

You could try a clean setup as shown by my howto. 

Before you install setup ip and hostname in the windows DNS for the linux
server.
Make sure you use a name thats never used before, just to be sure of no side
effects.

Then follow this to the letter. ( so use bind9_dlz ) 

https://github.com/thctlo/samba4/blob/master/full-howto-Ubuntu18.04-samba-AD_DC.txt
Line 31, use the windows DC's ip's 
Line 47, use the same time server as the windows DC's. 

Until line 259, the provisioning line, change that to join. 
And proceed with the steps. 

> -----Oorspronkelijk bericht-----
> Onderwerp: [Samba] Setup a Samba AD DC as an additional DC
> 
> > 2008 Member - MS Exchange 2010
> 
> >BOING!!!         ^^^^^^^^^^^
> 
> >From my knowledge, you cannot use exchange with a Samba DC.
> 
> My original plan was a stepped approach.  Recall I created a 
> Samba Member Server.  Created a Share, entered GID, UID for 
> all users and groups, but we could not get the member server 
> to ever see those users/groups.
Thats a mis-config in you setup. 

> 
> I can connect to that share from windows clients, but I have 
> to connect as the administrator (who is mapped to root). I 
> set ACLs with Windows Tools, and Windows still looks at them 
> as there, but they do not function because we never could.
> 
> The Thread is:
> getenv does not return any AD DOMAIN users or groups - 
> ?nsswitch is not setup for Samba?
> 
> I am going to migrate away from Exchange.  In fact MailEnable 
> has completed implementation of mail delivery to public 
> folders so I can go ahead and do that.  Louis however 
> recommended Kopano.  I had considered and dismissed it as too 
> expensive.  I was trying to see if it was available as Open 
> Source or if there was a subscription that would Not be expensive.
Kopano community version is free, so cant be cheaper. 
https://kopano.io/  
Downloads : https://download.kopano.io/community/ 

Debian buster wil get kopano. ( at least lets hope so ) 
https://packages.debian.org/search?keywords=kopano-core 

> 
> For the moment if we could go back to the Member Server and get it working
I had started
> that to create a Replicated Storage Volume as we are having trouble with
Microsoft DFS Replicated folders.
A linux member of windows member ? 
If i think i can make some extra time tomorrow and i'll make a member howto
also for Ubuntu and i'll update the current stretch version to 4.8/4.9


So far, 

Greetz, 

Louis