On 12/6/2018 3:40 AM, Rowland Penny via samba wrote:> On Wed, 5 Dec 2018 17:36:43 -0500 > Marco Shmerykowsky PE via samba <samba at lists.samba.org> wrote: > >> >> On 12/5/2018 3:10 PM, Rowland Penny via samba wrote: >>>> >>>> That sucks. I'm assuming Centos has the same problems? >>> >>> No, Centos has an even bigger problem. As you are probably aware, >>> Centos is rebuilt from RHEL, Red-Hat has announced that there will >>> never be a Samba AD DC on RHEL, this means there will never be a >>> Samba AD DC on Centos, well not using OS packages anyway. >> >> The Centos servers are intended to be member servers in an >> active directory and not domain controllers. Would they still >> place nice with everyone else? >> >> I'm basically trying to set up one Linux appliance to handle >> overall authentication and let two other machines simply >> serve files. >> > > I would do it slightly differently, two DC's and then whatever > fileservers are required. The Centos Samba packages are usable for a > domain member, they just cannot be used for a DC. > > RowlandWhy 2 DC's? My understanding is that a file server should not simultaneously serve as a DC in an Active Directory setup. I have a small office. While I have no issue making one of the file servers also function as a backup DC, I really don't want to add yet another server to the mix to handle a single role. --- This email has been checked for viruses by AVG. https://www.avg.com
On Thu, 6 Dec 2018 09:12:03 -0500 Marco Shmerykowsky PE via samba <samba at lists.samba.org> wrote:> >> > >> I'm basically trying to set up one Linux appliance to handle > >> overall authentication and let two other machines simply > >> serve files. > >> > > > > I would do it slightly differently, two DC's and then whatever > > fileservers are required. The Centos Samba packages are usable for a > > domain member, they just cannot be used for a DC. > > > > Rowland > > Why 2 DC's? My understanding is that a file server should > not simultaneously serve as a DC in an Active Directory setup.I never said use a DC as a fileserver, I was just picking up on what you said 'one Linux appliance to handle overall authentication '. I took it you meant use one Samba AD DC and two Samba AD DC's are always better.> > I have a small office. While I have no issue making one of > the file servers also function as a backup DC, I really don't > want to add yet another server to the mix to handle a single > role.I know Windows sysadmins refer to DC's via various different names, but AD RWDC's are all the same apart from the FSMO roles and they can be on any DC. If resources are limited, you can use a DC as a fileserver, you just have to be aware of the limitations. Rowland
> -----Original Message----- > From: Rowland Penny [mailto:rpenny at samba.org] > Sent: 06 December 2018 14:34 > To: samba at lists.samba.org > Subject: Re: [Samba] Samba4 Kerberos Authentication Error > > On Thu, 6 Dec 2018 09:12:03 -0500 > Marco Shmerykowsky PE via samba <samba at lists.samba.org> wrote: > > > >> > > >> I'm basically trying to set up one Linux appliance to handle > > >> overall authentication and let two other machines simply serve > > >> files. > > >> > > > > > > I would do it slightly differently, two DC's and then whatever > > > fileservers are required. The Centos Samba packages are usable for a > > > domain member, they just cannot be used for a DC. > > > > > > Rowland > > > > Why 2 DC's? My understanding is that a file server should not > > simultaneously serve as a DC in an Active Directory setup. > > I never said use a DC as a fileserver, I was just picking up on what you said > 'one Linux appliance to handle overall authentication '. I took it you meant > use one Samba AD DC and two Samba AD DC's are always better. > > > > > I have a small office. While I have no issue making one of the file > > servers also function as a backup DC, I really don't want to add yet > > another server to the mix to handle a single role. > > I know Windows sysadmins refer to DC's via various different names, but AD > RWDC's are all the same apart from the FSMO roles and they can be on any > DC. > > If resources are limited, you can use a DC as a fileserver, you just have to be > aware of the limitations. > > Rowland >Hi Rowland - it might be worth adding a specific section into the wiki regarding limitations of joint DC/FS usage? Currently, I don't think it is spelt out as clearly as it needs to be. Acasta Ltd - A Crown Commercial Service Supplier. CyberEssentials Certified QGCE013. Registered in England 6619191. 42 Pitt Street, Barnsley, S70 1BB. VAT Registered 934 6797 75.
On 12/6/2018 9:33 AM, Rowland Penny via samba wrote:> On Thu, 6 Dec 2018 09:12:03 -0500 > Marco Shmerykowsky PE via samba <samba at lists.samba.org> wrote: > >>>> >>>> I'm basically trying to set up one Linux appliance to handle >>>> overall authentication and let two other machines simply >>>> serve files. >>>> >>> >>> I would do it slightly differently, two DC's and then whatever >>> fileservers are required. The Centos Samba packages are usable for a >>> domain member, they just cannot be used for a DC. >>> >>> Rowland >> >> Why 2 DC's? My understanding is that a file server should >> not simultaneously serve as a DC in an Active Directory setup. > > I never said use a DC as a fileserver, I was just picking up on what > you said 'one Linux appliance to handle overall authentication '. I > took it you meant use one Samba AD DC and two Samba AD DC's are always > better. > >> >> I have a small office. While I have no issue making one of >> the file servers also function as a backup DC, I really don't >> want to add yet another server to the mix to handle a single >> role. > > I know Windows sysadmins refer to DC's via various different names, but > AD RWDC's are all the same apart from the FSMO roles and they can be on > any DC. > > If resources are limited, you can use a DC as a fileserver, you just > have to be aware of the limitations. > > Rowland >I'm newbie lost with the terminology :) Currently I have two servers: 1) Centos Server handling file server duties and functioning as a PDC in a NT4 style domain. 2) Centos Server functioning as a member server holding supplemental files. New setup: 1) Ebox Appliance running Debian 9 w/ samba as an AD DC (got this up and running w/o an issue - Fedora was the problem) 2) Main File server as a member server (stay on Centos?) on the AD domain 3) Secondary server as a member server (stay on Centos?)on the AD domain Both the centos servers need upgrading, but since I don't have extra servers to move the files around to, that will take a little bit of work. When moving the file servers to samba4, do I set them up as "member servers" or something else? For that matter, do I migrate samba or do I follow an uninstall/fresh install path? --- This email has been checked for viruses by AVG. https://www.avg.com