On Sun, 6 May 2018 18:48:40 +0200 Davy Defaud via samba <samba at lists.samba.org> wrote:> > Thanks very much for making AD trusts /really/ usable at last in > > 4.8. For my use case just allowing trusted groups to access file > > shares with correct permissions is good enough for now. Child > > domains would be nice too ;-) > > Dear Samba developers, > > I’m also more interested by child domains rather than sites. I know > that it is not supported yet, but I wonder if SUBDOMAIN join option of > samba-tool is supposed to be for creating a child domain. > > There’s no documentation entries to explain how it is supposed to > work, but I can see the option in the samba-tool usage: > > > Usage: samba-tool domain join <dnsdomain> [DC|RODC|MEMBER|SUBDOMAIN] > > [options] > and --parent-domain=PARENT_DOMAIN > > Any hint? >Yes, they don't work (yet). In fact, up until recently, the only thing that worked was 'DC' Rowland
Le 06/05/2018 à 19:27, Rowland Penny via samba a écrit :> On Sun, 6 May 2018 18:48:40 +0200 > Davy Defaud via samba <samba at lists.samba.org> wrote: > >>> Thanks very much for making AD trusts /really/ usable at last in >>> 4.8. For my use case just allowing trusted groups to access file >>> shares with correct permissions is good enough for now. Child >>> domains would be nice too ;-) >> Dear Samba developers, >> >> I’m also more interested by child domains rather than sites. I know >> that it is not supported yet, but I wonder if SUBDOMAIN join option of >> samba-tool is supposed to be for creating a child domain. >> >> There’s no documentation entries to explain how it is supposed to >> work, but I can see the option in the samba-tool usage: >> >>> Usage: samba-tool domain join <dnsdomain> [DC|RODC|MEMBER|SUBDOMAIN] >>> [options] >> and --parent-domain=PARENT_DOMAIN >> >> Any hint? >> > Yes, they don't work (yet). In fact, up until recently, the only thing > that worked was 'DC' > > Rowland > >I guess MEMBER was also working. So, what’s the current status now? I can see RODC and SUBDOMAIN on the roadmap. But, as there are not “FUNDED”, is there someone actually working on it? If so, are they targeted for a particular version or just “when it’s ready”? TIA, Davy -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20180506/489db01d/signature.sig>
On Sun, 2018-05-06 at 22:14 +0200, Davy Defaud via samba wrote:> > So, what’s the current status now? I can see RODC and SUBDOMAIN on the > roadmap. > But, as there are not “FUNDED”, is there someone actually working on it? > If so, are they targeted for a particular version or just “when it’s ready”?RODC support has been funded as is pretty good as of 4.8. There are still some limitations but they are greatly reduced. The roadmap needs a bit more love sadly. Subdomains need more work. I got a fair bit going a while back (hence the option) be never got it finished, and the general suggestion is to have one large domain if possible anyway. The work on inter-forest trusts helps the subdomain stuff a lot, as there are common foundations, but there is still a lot to do. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
On Sun, 6 May 2018 22:14:38 +0200 Davy Defaud via samba <samba at lists.samba.org> wrote:> Le 06/05/2018 à 19:27, Rowland Penny via samba a écrit : > > On Sun, 6 May 2018 18:48:40 +0200 > > Davy Defaud via samba <samba at lists.samba.org> wrote: > > > >>> Thanks very much for making AD trusts /really/ usable at last in > >>> 4.8. For my use case just allowing trusted groups to access file > >>> shares with correct permissions is good enough for now. Child > >>> domains would be nice too ;-) > >> Dear Samba developers, > >> > >> I’m also more interested by child domains rather than sites. I know > >> that it is not supported yet, but I wonder if SUBDOMAIN join > >> option of samba-tool is supposed to be for creating a child domain. > >> > >> There’s no documentation entries to explain how it is supposed to > >> work, but I can see the option in the samba-tool usage: > >> > >>> Usage: samba-tool domain join <dnsdomain> > >>> [DC|RODC|MEMBER|SUBDOMAIN] [options] > >> and --parent-domain=PARENT_DOMAIN > >> > >> Any hint? > >> > > Yes, they don't work (yet). In fact, up until recently, the only > > thing that worked was 'DC' > > > > Rowland > > > > > I guess MEMBER was also working.No, sorry it isn't, well not from 'samba-tool domain join'> > So, what’s the current status now? I can see RODC and SUBDOMAIN on the > roadmap.'RODC' is now fairly stable.> But, as there are not “FUNDED”, is there someone actually working on > it? If so, are they targeted for a particular version or just “when > it’s ready”?'FUNDED' means that somebody has need for that particular part of Samba and is willing to pay for development, so it will come sooner rather than later. Anything else will only be worked on if a developer finds a need or the time to work on it. If you need something sooner rather than later, you can always write your own patches ;-) Rowland> > TIA, > > Davy > >