joe.greer at gmail.com
2019-Sep-14 14:23 UTC
[Samba] SAMBA 4.10 SYSVOL Replication adn RODC
Hi All, 1) I read that the devs are working on supporting AD 2012 in 4.11, very cool. 2) I read SAMBA 4.11 can support 100,000 users and 120,000 computers, very cool. It appears that SAMBA is moving to be a viable file server, authentication and authorization server that can replace Microsoft Active Directory - Directory Services. Is this possible before 2030 for business with multiple sites and over 10,000 employees? I read there are issues with SYSVOL and that concerns me. I need to have SYSVOL functional on more than just one sever. I also need RODC's to work and be able to remove them and add more. If the devs can't make this work maybe they need to make a proxy caching server for SAMBA that can sit at sites across a WAN and cache all the authentication and DNS that is sent to a central SAMBA. Thanks, Joe ============================================= What is not cool, SYSVOL replication : https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#Sysvol_Replication GPO's have to be manually synced, AD without GPO's lis like a car running on all spare tires... Internal DNS is said to not be good for complex or large deployments, so use Bind_DLZ. Some of these issues have been around for over a decade( https://bugzilla.samba.org/show_bug.cgi?id=6714). Does anyone really care about Samba being used outside of home users, NASes and Small single server businesses? ----------------------------------------------- It seems that the developers or a developer should get the SYSVOL part done. By done I mean, done so that many to many replication works between SAMBA AD DS where you have no Microsoft AD DS. If you need it connected to a production Windows active directory sell that connector as a commercial module. Make the Trusts work as well between SAMBA ONLY Domains. Windows 10 is going to force many companies to either rip and replace lots of Windows servers with new ones or migrate to a Samba AD network and say goodby to Microsoft. Has microsoft contributed any code to SAMBA? Are the API's still public and the documentation matching the Microsoft product line?
On 14/09/2019 15:23, joe.greer--- via samba wrote:> Hi All, > > 1) I read that the devs are working on supporting AD 2012 in 4.11, very > cool. > 2) I read SAMBA 4.11 can support 100,000 users and 120,000 computers, very > cool. > > It appears that SAMBA is moving to be a viable file server, authentication > and authorization server that can replace Microsoft Active Directory - > Directory Services. Is this possible before 2030 for business with > multiple sites and over 10,000 employees?Should be, after all, from my understanding, Samba is already being used by users with multiple sites and over 10,000 employees.> > I read there are issues with SYSVOL and that concerns me.Yes, it would be nice to have sysvol replicated.> I need to have > SYSVOL functional on more than just one sever.You already can, but it is a 'workaround' at the moment.> I also need RODC's to workThey do.> and be able to remove them and add more.What is stopping you ?> If the devs can't make this work > maybe they need to make a proxy caching server for SAMBA that can sit at > sites across a WAN and cache all the authentication and DNS that is sent to > a central SAMBA.So far everything on your list (apart from sysvol) is fully working> > Thanks, > Joe > > =============================================> > What is not cool, SYSVOL replication : > https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#Sysvol_Replication > > GPO's have to be manually synced, AD without GPO's lis like a car running > on all spare tires...Well, just like you cannot tell when a car is running on its spare wheel, you cannot tell when Samba DCs are running with a correctly manually synced sysvol.> > Internal DNS is said to not be good for complex or large deployments, so > use Bind_DLZ.What is wrong with that, Even Microsoft lets you use Bind9 on a Windows DC.> > Some of these issues have been around for over a decade( > https://bugzilla.samba.org/show_bug.cgi?id=6714). Does anyone really care > about Samba being used outside of home users, NASes and Small single server > businesses?Yes, quite a lot of people do, but there are only so many people working on the Samba code and sysvol isn't at the top of anyone's priorities, but if it irks you so much, feel free to propose patches to get sysvol working like it does on Windows ;-)> ----------------------------------------------- > It seems that the developers or a developer should get the SYSVOL part > done. By done I mean, done so that many to many replication works between > SAMBA AD DS where you have no Microsoft AD DS. If you need it connected to > a production Windows active directory sell that connector as a commercial > module.Don't know whether you noticed it, but Samba is opensource.> > Make the Trusts work as well between SAMBA ONLY Domains.I thought they did work> > Windows 10 is going to force many companies to either rip and replace lots > of Windows servers with new ones or migrate to a Samba AD network and say > goodby to Microsoft.Why ?> Has microsoft contributed any code to SAMBA?I don't think they have provided any actual code, but they have provided help and documentation.> Are the > API's still public and the documentation matching the Microsoft product > line?As far as I am aware, yes & yes. Rowland