samba - Jun 2014 - Missing features, RLY?!? & readme1st again

Missing features from memory from following this mailinglist:
- Win7 join to AD still requires two registry changes.
- SYSVOL is not replicated, use a cronjob with rsync.
- Domain-Trust works only in one direction (which one?).
- winbind does not work on DCs, use a separate file server.
- Joining an AD requires one of its DCs in the same subnet?
- Cluster filesystems destroy TDB files, use CTDB.
- CTDB does not work on an AD-DC, use a separate file server.
- DFS works only server-based, not domain-based?
- DFS works only for Administrators?
- DFSR is not implemented.

Is this list correct? Is it complete?

This list should be in a Samba4-ReadmeFirst on the Wiki startpage. I 
once started such a page, should I update the "limitations" section
and
finally put a link to it on the startpage? Will the Wiki allow me to 
edit the startpage? Where exactly should the link be?
https://wiki.samba.org/index.php/Samba_Readme_First

On 06/27/2014 01:53 PM, Klaus Hartnegg wrote:
> - Win7 join to AD still requires two registry changes.
I am under the impression that this is no longer needed.

MJ

I can answer some of your questions based on my test environment:
1. compiled Samba 4.1.7
2. classicupgrade from samba3+ldap backend
3. Samba 4 internal DNS+LDAP
4. external DNS servers forward AD DC domain queries to the two Samba 4 
AD DC servers
5. the two Samba 4 AD DC servers are on different subnets via a gateway

On 6/27/2014 7:53 AM, Klaus Hartnegg wrote:
> Missing features from memory from following this mailinglist:
> - Win7 join to AD still requires two registry changes.
No, you don't need to change anything on Win7.
>
> - SYSVOL is not replicated, use a cronjob with rsync.
I use rsync to replicate SYSVOL.
>
> - Domain-Trust works only in one direction (which one?).
not tested.
>
> - winbind does not work on DCs, use a separate file server.
My AD DCs are the dedicated DC server, no file sharing. so I run S4 with 
the default smb.conf(no changes).
I don't see any issues. If you do file sharing on DC, it's another
story.
>
> - Joining an AD requires one of its DCs in the same subnet?
No problems with multiple subnets for AD DCs and client machines.

I don't test the rest.
> - Cluster filesystems destroy TDB files, use CTDB.
> - CTDB does not work on an AD-DC, use a separate file server.
> - DFS works only server-based, not domain-based?
> - DFS works only for Administrators?
> - DFSR is not implemented.
>
> Is this list correct? Is it complete?
>
> This list should be in a Samba4-ReadmeFirst on the Wiki startpage. I 
> once started such a page, should I update the "limitations"
section
> and finally put a link to it on the startpage? Will the Wiki allow me 
> to edit the startpage? Where exactly should the link be?
> https://wiki.samba.org/index.php/Samba_Readme_First
My first choice on DNS setup is to change my existing DNS servers to 
forward AD DC domain query to AD DC servers, and have AD DC use its 
internal DNS.
So you can put all of your AD DCs' IP to your existing DNS servers.

Allen

2014-06-27 13:53 GMT+02:00 Klaus Hartnegg <hartnegg at
gmx.de>:
> Missing features from memory from following this mailinglist:
> - Win7 join to AD still requires two registry changes.
Not true.
> - SYSVOL is not replicated, use a cronjob with rsync.
> - Domain-Trust works only in one direction (which one?).
> - winbind does not work on DCs, use a separate file server.
> - Joining an AD requires one of its DCs in the same subnet?
> - Cluster filesystems destroy TDB files, use CTDB.
> - CTDB does not work on an AD-DC, use a separate file server.
> - DFS works only server-based, not domain-based?
Domainbased DFS works. I should also mention that in my single server
environment the AD DC also serves home- and other fileshares. DFS
cannot be managed from Windows with DFS management MMC.
> - DFS works only for Administrators?
No.
> - DFSR is not implemented.
>
> Is this list correct? Is it complete?
DNS with BIND9_DLZ and possibly internal DNS does not support renaming
AD Sites and move DC between Sites. BIND9_FLATFILE does. The cost is
that you cannot manage hte zone(s) with DNS management MMC,

Regards
Davor
>
> This list should be in a Samba4-ReadmeFirst on the Wiki startpage. I once
> started such a page, should I update the "limitations" section
and finally
> put a link to it on the startpage? Will the Wiki allow me to edit the
> startpage? Where exactly should the link be?
> https://wiki.samba.org/index.php/Samba_Readme_First
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

On 27/06/14 13:53, Klaus Hartnegg wrote:
> Missing features from memory from following this mailinglist:
> - Win7 join to AD still requires two registry changes.
No, it's not needed.
> - Joining an AD requires one of its DCs in the same subnet?
No, only requirement is your DNS stuff and visibility between your 
subnet and DCs (wherever they are).

-- 
I?igo Martinez Lasala
Vector Ignite
Parque Empresarial Cerro de Los Gamos
Camino del Cerro de los Gamos, 1, Edificio 6, Planta 1
28224 Pozuelo de Alarc?n - Madrid
www.vector-itcgroup.com