El jue., 12 jul. 2018 a las 11:57, Rowland Penny via samba (< samba at lists.samba.org>) escribió:> On Thu, 12 Jul 2018 11:44:47 -0300 > Sergio Belkin <sebelk at gmail.com> wrote: > > > El jue., 12 jul. 2018 a las 9:44, Rowland Penny via samba (< > > samba at lists.samba.org>) escribió: > > > > > On Thu, 12 Jul 2018 09:34:59 -0300 > > > Sergio Belkin via samba <samba at lists.samba.org> wrote: > > > > > > > Hi community, > > > > > > > > I'd like to deploy a SAMBA4 as a Active Directory Domain > > > > Controller. It's for around 30 domain users and 60 hosts. > > > > > > > > AFAIK CentOS package does not support AD DC role, > > > > > > > > > > > > I thought in Debian, but the release available in their repo's is > > > > 4.5.x. So would you recommend: > > > > > > > > - Compiling from sources? > > > > - To use backports > > > > - Choose some other distro? > > > > > > > > So, in short, what distro and release do you recommend me? > > > > > > Debian Stretch > > > But use Louis Van Belle's repo: > > > > > > http://apt.van-belle.nl/ > > > > > > The Packages also work with Devuan. > > > > > > Rowland > > > > > > > > Are they ready for production? > > Well, Louis uses them in production. He creates them for his own use in > his establishment/company and very graciously makes them available for > others to use. I don't know how many people use them, but I believe > they are quite popular. I am sure Louis would be more than willing to > enlighten you more on his packages, but he is on holiday (oops sorry, > vacation) at the moment. > > Rowland > > >Nice, and what about Fedora AD, anyone has implemented? -- -- Sergio Belkin LPIC-2 Certified - http://www.lpi.org
On Thu, 12 Jul 2018 15:08:57 -0300 Sergio Belkin <sebelk at gmail.com> wrote:> El jue., 12 jul. 2018 a las 11:57, Rowland Penny via samba (< > samba at lists.samba.org>) escribió: > > > On Thu, 12 Jul 2018 11:44:47 -0300 > > Sergio Belkin <sebelk at gmail.com> wrote: > > > > > El jue., 12 jul. 2018 a las 9:44, Rowland Penny via samba (< > > > samba at lists.samba.org>) escribió: > > > > > > > On Thu, 12 Jul 2018 09:34:59 -0300 > > > > Sergio Belkin via samba <samba at lists.samba.org> wrote: > > > > > > > > > Hi community, > > > > > > > > > > I'd like to deploy a SAMBA4 as a Active Directory Domain > > > > > Controller. It's for around 30 domain users and 60 hosts. > > > > > > > > > > AFAIK CentOS package does not support AD DC role, > > > > > > > > > > > > > > > I thought in Debian, but the release available in their > > > > > repo's is 4.5.x. So would you recommend: > > > > > > > > > > - Compiling from sources? > > > > > - To use backports > > > > > - Choose some other distro? > > > > > > > > > > So, in short, what distro and release do you recommend me? > > > > > > > > Debian Stretch > > > > But use Louis Van Belle's repo: > > > > > > > > http://apt.van-belle.nl/ > > > > > > > > The Packages also work with Devuan. > > > > > > > > Rowland > > > > > > > > > > > Are they ready for production? > > > > Well, Louis uses them in production. He creates them for his own > > use in his establishment/company and very graciously makes them > > available for others to use. I don't know how many people use them, > > but I believe they are quite popular. I am sure Louis would be more > > than willing to enlighten you more on his packages, but he is on > > holiday (oops sorry, vacation) at the moment. > > > > Rowland > > > > > > > Nice, and what about Fedora AD, anyone has implemented? > >You want to use Fedora in production ?? There may be available Samba packages for Fedora (If there are, I don't know of any, but then, I don't use Fedora), but they will probably use MIT kerberos and there are still drawbacks with using MIT. Rowland
El jue., 12 de jul. de 2018 3:18 p.m., Rowland Penny via samba < samba at lists.samba.org> escribió:> On Thu, 12 Jul 2018 15:08:57 -0300 > Sergio Belkin <sebelk at gmail.com> wrote: > > > El jue., 12 jul. 2018 a las 11:57, Rowland Penny via samba (< > > samba at lists.samba.org>) escribió: > > > > > On Thu, 12 Jul 2018 11:44:47 -0300 > > > Sergio Belkin <sebelk at gmail.com> wrote: > > > > > > > El jue., 12 jul. 2018 a las 9:44, Rowland Penny via samba (< > > > > samba at lists.samba.org>) escribió: > > > > > > > > > On Thu, 12 Jul 2018 09:34:59 -0300 > > > > > Sergio Belkin via samba <samba at lists.samba.org> wrote: > > > > > > > > > > > Hi community, > > > > > > > > > > > > I'd like to deploy a SAMBA4 as a Active Directory Domain > > > > > > Controller. It's for around 30 domain users and 60 hosts. > > > > > > > > > > > > AFAIK CentOS package does not support AD DC role, > > > > > > > > > > > > > > > > > > I thought in Debian, but the release available in their > > > > > > repo's is 4.5.x. So would you recommend: > > > > > > > > > > > > - Compiling from sources? > > > > > > - To use backports > > > > > > - Choose some other distro? > > > > > > > > > > > > So, in short, what distro and release do you recommend me? > > > > > > > > > > Debian Stretch > > > > > But use Louis Van Belle's repo: > > > > > > > > > > http://apt.van-belle.nl/ > > > > > > > > > > The Packages also work with Devuan. > > > > > > > > > > Rowland > > > > > > > > > > > > > > Are they ready for production? > > > > > > Well, Louis uses them in production. He creates them for his own > > > use in his establishment/company and very graciously makes them > > > available for others to use. I don't know how many people use them, > > > but I believe they are quite popular. I am sure Louis would be more > > > than willing to enlighten you more on his packages, but he is on > > > holiday (oops sorry, vacation) at the moment. > > > > > > Rowland > > > > > > > > > > > Nice, and what about Fedora AD, anyone has implemented? > > > > > > You want to use Fedora in production ?? > > There may be available Samba packages for Fedora (If there are, I > don't know of any, but then, I don't use Fedora), but they will > probably use MIT kerberos and there are still drawbacks with using MIT. > > Rowland >It was just a question :)
On 07/12/2018 02:17 PM, Rowland Penny via samba wrote:> On Thu, 12 Jul 2018 15:08:57 -0300 > Sergio Belkin <sebelk at gmail.com> wrote: >...>>>>> >>>> Are they ready for production? >>> >>> Well, Louis uses them in production. He creates them for his own >>> use in his establishment/company and very graciously makes them >>> available for others to use. I don't know how many people use them, >>> but I believe they are quite popular. I am sure Louis would be more >>> than willing to enlighten you more on his packages, but he is on >>> holiday (oops sorry, vacation) at the moment. >>> >>> Rowland >>> >>> >>> >> Nice, and what about Fedora AD, anyone has implemented? >> >>The Fedora included build since Fedora 27 includes the AD support based on MIT Kerberos. As Rowland said, there are drawbacks. The only problem I found was posted on this bug by another brave soul running the MIT Kerberos based code https://bugzilla.samba.org/show_bug.cgi?id=13516 In summary this bug makes computer based GPOs unusable (they don't apply by apparent computer groups membership issues). I am running this in production (small business), but running on a container based instance of Fedora over a CentOS 7 hosts, the host runs a Samba domain member as a file server. This way it is isolated and easily replaceable in case of a big bug and upgradeable to newer Fedoras easily of to CentOS if AD support ever land on 7.x branch before 8 . The previous domain was Samba NT4 based so Samba AD without computer GPOs (user GPOs work fine) is better than a NT 4 domain, they aren't losing features.> > You want to use Fedora in production ??Someone has to be brave enough to run new code on production or no one will ever be able to fix problems that no other people found during testing. :)> > There may be available Samba packages for Fedora (If there are, I > don't know of any, but then, I don't use Fedora), but they will > probably use MIT kerberos and there are still drawbacks with using MIT. > > Rowland > >