samba - Sep 2016 - create new child windows domain in existing samba forest

Hello guys. Continuing Zhuchenko Valery question,I would like to know if someone
from the list has deployed a child domain in samba 4.
I have a samba 4 domain controller running on gentoo.My goal is to set up a
domain and authentication domain only. But I need a root domain forest and a
child domain.I am using verion 4.2.11I would like to know if someone has
accomplished this either using dcpromo or though samba native commands.
net-fs/samba-4.2.11::gentoo was built with the following:USE="acl addc
addns cups gnutls pam quota winbind -ads -aio -avahi -client -cluster -dmapi
-fam -iprint -ldap (-selinux) -syslog -system-mitkrb5 -systemd -test"
PYTHON_TARGETS="python2_7
Since Valery reported error using dcpromo, I would like to get some feedback
from the community before trying.
Thanks in advance

On Tue, 2016-09-13 at 18:59 +0000, Cobra Koral via samba
wrote:
> Hello guys. Continuing Zhuchenko Valery question,I would like to know
> if someone from the list has deployed a child domain in samba 4.
> I have a samba 4 domain controller running on gentoo.My goal is to
> set up a domain and authentication domain only. But I need a root
> domain forest and a child domain.
This is not currently supported in Samba's AD DC.

Andrew Bartlett
-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

Hello Andrew, thanks for answering.

What is the status of trusts ?

On the FAQ says that samba trusts but can't be trusted, but on the roadmap
it seems to have had some development lately.

Can I use trusts between subdomains to enforce child domain like feature ?

Not sure if it makes sense too.


I need to set up an environment of an organization that requires a root domain
or empty placeholder as some say, and child domains within because the
organization is multinational. I am evaluating samba if it fits the needs of the
organization and active directory from ms as well.

Really would prefer to use Samba, but I also need a level of control or a
feature like child domains in ms ad.


Andrew, if you could advise on that.


Thanks a lot.

________________________________
From: samba <samba-bounces at lists.samba.org> on behalf of Andrew
Bartlett via samba <samba at lists.samba.org>
Sent: Friday, September 16, 2016 4:49:43 PM
To: Cobra Koral; samba at lists.samba.org
Subject: Re: [Samba] create new child windows domain in existing samba forest

On Tue, 2016-09-13 at 18:59 +0000, Cobra Koral via samba
wrote:
> Hello guys. Continuing Zhuchenko Valery question,I would like to know
> if someone from the list has deployed a child domain in samba 4.
> I have a samba 4 domain controller running on gentoo.My goal is to
> set up a domain and authentication domain only. But I need a root
> domain forest and a child domain.
This is not currently supported in Samba's AD DC.

Andrew Bartlett
--
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba