David Wilson
2018-Oct-03 14:45 UTC
[Samba] Samba4 as an additional Domain Controller in existing Windows 2016 AD
Good day guys, I hope all is well on your side. We are looking at implementing the latest stable version of Samba4 to function as a (secondary) domain controller in an existing Active Directory environment that is currently managed by an existing single Windows Server 2016 server. Aside from fairly easily-addressed sysvol replication challenges - looking at the official Samba documentation, it seems that nothing higher than a Domain/Forest Function Level of 2008r2 is supported, if Samba4 is to function as Domain Controller in an existing (Windows Server controlled) Active Directory environment? The information available seems to indicate that the reason for this is due to changes within the Windows Server Kerberos services, that are possibly not available within MIT or Heimdal Kerberos? Has anyone within the community had experience with this? References: https://wiki.samba.org/index.php/Raising_the_Functional_Levels https://groups.google.com/forum/#!topic/linux.samba/kAbGkR4CGLg 1 https://docs.microsoft.com/cs-cz/windows-server/identity/ad-ds/active-directory-functional-levels I would be most grateful for any guidance and feedback, if possible please. Kind regards, David Wilson
David Wilson
2018-Oct-08 13:21 UTC
[Samba] Samba4 as an additional Domain Controller in existing Windows 2016 AD
Sorry for the pressure guys. Any ideas on this please? Regards, David Wilson From: "samba. org" <samba at lists.samba.org> To: "samba. org" <samba at lists.samba.org> Sent: Wednesday, 3 October, 2018 16:45:42 Subject: [Samba] Samba4 as an additional Domain Controller in existing Windows 2016 AD Good day guys, I hope all is well on your side. We are looking at implementing the latest stable version of Samba4 to function as a (secondary) domain controller in an existing Active Directory environment that is currently managed by an existing single Windows Server 2016 server. Aside from fairly easily-addressed sysvol replication challenges - looking at the official Samba documentation, it seems that nothing higher than a Domain/Forest Function Level of 2008r2 is supported, if Samba4 is to function as Domain Controller in an existing (Windows Server controlled) Active Directory environment? The information available seems to indicate that the reason for this is due to changes within the Windows Server Kerberos services, that are possibly not available within MIT or Heimdal Kerberos? Has anyone within the community had experience with this? References: https://wiki.samba.org/index.php/Raising_the_Functional_Levels https://groups.google.com/forum/#!topic/linux.samba/kAbGkR4CGLg 1 https://docs.microsoft.com/cs-cz/windows-server/identity/ad-ds/active-directory-functional-levels I would be most grateful for any guidance and feedback, if possible please. Kind regards, David Wilson -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Norbert Hanke
2018-Oct-08 20:31 UTC
[Samba] Samba4 as an additional Domain Controller in existing Windows 2016 AD
Hi David Go to the samba wiki on https://wiki.samba.org/index.php/Main_Page, search for "2016", klick on FAQ, scroll down a bit. There it says: I Am Running Samba as an AD DC. Which Windows Server Version Can I Join as an DC to the Forest? The following Windows server versions are supported as a DC together with a Samba DC: Windows Server Version Comments Windows Server 2016 Not supported. regards, Norbert On 08.10.2018 15:21, David Wilson via samba wrote:> Sorry for the pressure guys. Any ideas on this please? > > > > Regards, > > David Wilson > > From: "samba. org" <samba at lists.samba.org> > To: "samba. org" <samba at lists.samba.org> > Sent: Wednesday, 3 October, 2018 16:45:42 > Subject: [Samba] Samba4 as an additional Domain Controller in existing Windows 2016 AD > > Good day guys, > > I hope all is well on your side. > > We are looking at implementing the latest stable version of Samba4 to function as a (secondary) domain controller in an existing Active Directory environment that is currently managed by an existing single Windows Server 2016 server. > > Aside from fairly easily-addressed sysvol replication challenges - looking at the official Samba documentation, it seems that nothing higher than a Domain/Forest Function Level of 2008r2 is supported, if Samba4 is to function as Domain Controller in an existing (Windows Server controlled) Active Directory environment? > The information available seems to indicate that the reason for this is due to changes within the Windows Server Kerberos services, that are possibly not available within MIT or Heimdal Kerberos? > > Has anyone within the community had experience with this? > > References: > https://wiki.samba.org/index.php/Raising_the_Functional_Levels > https://groups.google.com/forum/#!topic/linux.samba/kAbGkR4CGLg 1 > https://docs.microsoft.com/cs-cz/windows-server/identity/ad-ds/active-directory-functional-levels > > I would be most grateful for any guidance and feedback, if possible please. > > > > Kind regards, > > David Wilson
Andrew Bartlett
2018-Oct-10 06:08 UTC
[Samba] Samba4 as an additional Domain Controller in existing Windows 2016 AD
On Mon, 2018-10-08 at 15:21 +0200, David Wilson via samba wrote:> Sorry for the pressure guys. Any ideas on this please? > > > > Regards, > > David Wilson > > From: "samba. org" <samba at lists.samba.org> > To: "samba. org" <samba at lists.samba.org> > Sent: Wednesday, 3 October, 2018 16:45:42 > Subject: [Samba] Samba4 as an additional Domain Controller in existing Windows 2016 AD > > Good day guys, > > I hope all is well on your side. > > We are looking at implementing the latest stable version of Samba4 to function as a (secondary) domain controller in an existing Active Directory environment that is currently managed by an existing single Windows Server 2016 server. > > Aside from fairly easily-addressed sysvol replication challenges - looking at the official Samba documentation, it seems that nothing higher than a Domain/Forest Function Level of 2008r2 is supported, if Samba4 is to function as Domain Controller in an existing (Windows Server controlled) Active Directory environment? > The information available seems to indicate that the reason for this is due to changes within the Windows Server Kerberos services, that are possibly not available within MIT or Heimdal Kerberos?The Kerberos issues come from the newer functional levels, they imply that the KDC has to do more things. As long as the functional level remains at 2008R2 that won't be the blocker. But why do you need to mix Samba and windows? Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Apparently Analagous Threads
- Samba4 as an additional Domain Controller in existing Windows 2016 AD
- Samba4 as an additional Domain Controller in existing Windows 2016 AD
- Samba4 as an additional Domain Controller in existing Windows 2016 AD
- Domain Functionality Level and GPO password policies
- Raise Domain functional level to 2012_R2