I couldn't readily find this answer to this question but can samba act as a member dc along side windows running the domain? This would be a samba as a 'secondary' domain controller. Why would I want to do this? I am thinking of putting samba on the outside of the firewall acting as a RO DC and providing ldap authentication to web applications. -- David Bear mobile: (602) 903-6476
On Tue, 14 Jun 2016, David Bear wrote:> I couldn't readily find this answer to this question but can samba act as a > member dc along side windows running the domain? This would be a samba as a > 'secondary' domain controller.You can, as long as your windows DCs are not newer than 2008 R2. I think the only real caveat is with sysvol replication. DRS replication is not supported, so you'll have to use rsync or similar. See the Sysvol section here: https://wiki.samba.org/index.php/Join_an_additional_Samba_DC_to_an_existing_Active_Directory> Why would I want to do this? I am thinking of putting samba on the outside > of the firewall acting as a RO DC and providing ldap authentication to web > applications.You may need a fairly recent version of Samba for this. I believe RODC support is somewhat of a work in progress, but it looks like it's mostly complete now. I'm not sure as of what version this was the case... https://wiki.samba.org/index.php/Join_a_domain_as_a_RODC
Am 15.06.2016 um 14:57 schrieb Sketch:> You can, as long as your windows DCs are not newer than 2008 R2. I > think the only real caveat is with sysvol replication. DRS replication > is not supported, so you'll have to use rsync or similar. See the > Sysvol section here: > > https://wiki.samba.org/index.php/Join_an_additional_Samba_DC_to_an_existing_Active_DirectoryDavid, in case you looked at the referred section earlier this day: I have now linked the "Robocopy based SysVol replication workaround" [1] there, too. This approach preserves the ACLs. Regards, Marc [1] https://wiki.samba.org/index.php/Robocopy_based_SysVol_replication_workaround