----- V?stule no Rowland Penny <rowlandpenny at googlemail.com> --------- Datums: Fri, 20 Mar 2015 13:12:20 +0000 S?t?t?js: Rowland Penny <rowlandpenny at googlemail.com> Temats: Re: [Samba] Samba AD DC and browsing of shares Sa??m?js: samba at lists.samba.org>> the necessity for external heimdal even for Samba 4 in case of >> Slackware I found somehwere in solutions and it incidentally >> co-incided with getting samba AD DC working. >> Browsing the original Slackware package I can not locate a thing >> like kinit, for example, while krb5.conf is there >> >> OK, but his is not the problem. > > You started out asking if you could have network browsing with a > samba AD DC like there is with samba3, well the answer to this is 'no' > > I am not saying you shouldn't have kerberos installed, just the > opposite in fact, you just cannot run the server part of it. > > Try running this: > > netstat -tapn | grep ':88' | grep 'samba' > > If you do not get a response, you have a big problem.everything is working fine. How fast should it be expected for the domain info to spread over the network? It took a few minutes for the freshly joined samba server to get the auth info for the shares on it from the DC (I judge it by the ability to wbinfo -u on the file server to give domain users' info) Janis
From: J?nis <je at ktf.rtu.lv> Date: Thu, 19 Mar 2015 23:32:37 +0200> > You do not have to use samba 4 to create an AD DC, you can use samba 4 just > > like samba 3, as a standalone server, as a client in a windows domain, as > > an NT-4 style PDC, with or without Openldap etc, etc. > > So, that means i can re-compile samba(4) --without-ad-dc; configure it as > NT-4 style DC and have Win8.1 computers joining it?No, --with or --without-ad-dc, you can configure Samba4 as NT-4 style DC. From: J?nis <je at ktf.rtu.lv> Date: Fri, 20 Mar 2015 21:39:00 +0200> everything is working fine. > > How fast should it be expected for the domain info to spread over the > network? It took a few minutes for the freshly joined samba server to get > the auth info for the shares on it from the DC (I judge it by the ability > to wbinfo -u on the file server to give domain users' info)If "domain info" means browse list, it is usually updated every 12 - 15 minutes from each machines. --- TAKAHASHI Motonobu <monyo at monyo.com> / @damemonyo facebook.com/takahashi.motonobu
Hello, From: J?nis <je at ktf.rtu.lv> Date: Sat, 21 Mar 2015 12:36:09 +0200>> From: J?nis <je at ktf.rtu.lv> >> Date: Thu, 19 Mar 2015 23:32:37 +0200 >>> > You do not have to use samba 4 to create an AD DC, you can use samba 4 >>> > just >>> > like samba 3, as a standalone server, as a client in a windows domain, as >>> > an NT-4 style PDC, with or without Openldap etc, etc. >>> >>> So, that means i can re-compile samba(4) --without-ad-dc; configure it as >>> NT-4 style DC and have Win8.1 computers joining it? >> >> No, --with or --without-ad-dc, you can configure Samba4 as NT-4 style DC. > > yes, it was clear. The only thing that wasn't - possibility to join Win8 to > NT-styla domain. I learned, it is theoretically possible, but taking into > account the woodoo part of it, not the solution for particular case.Hmmm, as far as I examined , Windows 8 can join to NT-style domain, whose DC is Samba 4, compiled --with-ad-dc (default).>> From: J?nis <je at ktf.rtu.lv> >> Date: Fri, 20 Mar 2015 21:39:00 +0200 >> >>> How fast should it be expected for the domain info to spread over the >>> network? It took a few minutes for the freshly joined samba server to get >>> the auth info for the shares on it from the DC (I judge it by the ability >>> to wbinfo -u on the file server to give domain users' info) >> >> If "domain info" means browse list, it is usually updated every 12 - 15 >> minutes from each machines. > > so, the freshly joined PC will get the browse list in 10-15 min after > joining domain?It depends on your situation. A PC announces itself to the master browser on its subnet in shorter period immediately after startup. A master browser communicates to backup browser on the same subnet every 12-15 minutes. A domain master browser communicates to the other local master browser on the other subnet every 12-15 minutes. How long it takes to get a PC in the browse list depends on which browser you connect to.> Does it relate to the connections over VPN? Is it possible > to speed up the update (lets say - to cut time in half)?No, but if your domain exists on multi-subnets, it takes additional 12-15 minutes to sync browse list between subnets. See documents about browsing functions in the detail. --- TAKAHASHI Motonobu <monyo at monyo.com> / @damemonyo facebook.com/takahashi.motonobu
----- V?stule no TAKAHASHI Motonobu <monyo at monyo.com> --------- Datums: Sat, 21 Mar 2015 20:29:53 +0900 (JST) S?t?t?js: TAKAHASHI Motonobu <monyo at monyo.com> Temats: Re: [Samba] Samba AD DC and browsing of shares Sa??m?js: samba at lists.samba.org>>>> So, that means i can re-compile samba(4) --without-ad-dc; configure it as >>>> NT-4 style DC and have Win8.1 computers joining it? >>> >>> No, --with or --without-ad-dc, you can configure Samba4 as NT-4 style DC. >> >> yes, it was clear. The only thing that wasn't - possibility to join Win8 to >> NT-styla domain. I learned, it is theoretically possible, but taking into >> account the woodoo part of it, not the solution for particular case. > > Hmmm, as far as I examined , Windows 8 can join to NT-style domain, whose > DC is Samba 4, compiled --with-ad-dc (default).I did not test mysefl - I found an article saying that win8 needs 3 registry keys to be modified in order to be able to join NT-style domain. Janis