On Tue, August 9, 2016 22:14, Mark Foley wrote:> Can Samba4 be used for AD/DC with virtual machines? For example, I
> have a Ubuntu domain member
> and it currently does AD authentication for users. I would like to
> run this computer as a VM
> also hosting Windows 7, which I would also like the Windows 7 user(s)
> to AD authenticate.
>
> One problem I foresee is joining the computer to the domain. I imagine
> there is only one IP
> address. If I join the WIN7 VM, I expect I could not use the same
> computer name as the Ubuntu
> hostname.
>
> I see other issues with ports, etc.
>
> Is this doable? Has anyone done this?
>
As it happens I am in the process of moving our users from an ancient
Win2K Advanced Server based AD to exactly this kind of setup.
We have Samba43 running as an AD_DC under FreeBSD10.3 which itself is
running as a BHyve guest VM on a FreeBSD-10.3 host. There are no
issues with ports or NICs on the guest as these are all virtualised.
The Samba service is configured to use internal DNS and is assigned
its own private /24 network from 192.168.0.0/16.
We presently do not have DHCP in use on that netblock because the LAN
segment is not yet isolated from the rest of our services and the old
AD-DC is still providing addresses from its assigned netblock to host
still connecting to the old domain.
Switching over users is as simple as renaming a user's workstation to
belong to the new domain via Computer Properties and then having them
log on to the new domain with their new credentials. Previous to this
we manually ported over their application data, documents and desktops
from the old AD-DC.
Because of the age of the old server software there did not seem to be
any automated way of doing this. At least none that I could find.
But moving stuff was fairly simple. We just copied it into the proper
places on the new server USERS share directory and then set the
profile and home drive to the appropriate root using RSAT from Win7Pro
workstation. Windows set the permissions appropriately and everything
seems to work for the handful of users that have so far converted.
If you also virtualise a Windows client on the same host as the Samba
AD-DC then it should have its own virtualised network interface. This
virtual-if can be assigned its own IPv4/v6 address as you see fit.
Your virtualisation hyper-visor should take care of mapping the
virtual interfaces to the actual hardware. However, this I have not
done myself so my observations are inferences rather than experience.
As far as HOSTNAME goes, no you would not use the same hostname on a
virtualised host any more than you would give the same name to two
metal based systems on the same network. But, other than the 15
character restriction for NETBIOS compatible names and those for DNS
names in general you can call each virtualised guest whatever you
please.
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3