ralph strebbing
2022-Mar-10 21:17 UTC
[Samba] Windows Server 2019 Domain Controller Compatibility
Hi All, So I'm looking into some solutions with windows specific integration applications, and unfortunately it's looking like the one application we're using (asked in a previous thread), utilized the windows security audit logs. So I'm back with some what-ifs and hoping someone has either tried it, or any of the veterans of this software know how well we can use it. I need to know if I can join a Windows Server 2019 VM to our existing Samba Active Directory setup as a domain controller. I need this VM for nothing but to receive the logs that the other servers may be getting from things like authentication, etc. So (if I understand what this is in the first place), a Read Only Domain Controller? Looking forward to hearing some thoughts on this. Regards, Ralph
Rowland Penny
2022-Mar-10 21:28 UTC
[Samba] Windows Server 2019 Domain Controller Compatibility
On Thu, 2022-03-10 at 16:17 -0500, ralph strebbing via samba wrote:> Hi All, > > So I'm looking into some solutions with windows specific integration > applications, and unfortunately it's looking like the one application > we're using (asked in a previous thread), utilized the windows > security audit logs. > So I'm back with some what-ifs and hoping someone has either tried > it, > or any of the veterans of this software know how well we can use it. > I > need to know if I can join a Windows Server 2019 VM to our existing > Samba Active Directory setup as a domain controller. I need this VM > for nothing but to receive the logs that the other servers may be > getting from things like authentication, etc. So (if I understand > what > this is in the first place), a Read Only Domain Controller? > > Looking forward to hearing some thoughts on this. > > Regards, > RalphSorry, but no, Samba hasn't got there yet, highest is 2012 You could join it as a Domain member, would that work for the logs ? Rowland
Andrew Bartlett
2022-Mar-10 22:12 UTC
[Samba] Windows Server 2019 Domain Controller Compatibility
On Thu, 2022-03-10 at 16:17 -0500, ralph strebbing via samba wrote:> Hi All, > > So I'm looking into some solutions with windows specific integration > applications, and unfortunately it's looking like the one application > we're using (asked in a previous thread), utilized the windows > security audit logs. > So I'm back with some what-ifs and hoping someone has either tried > it, > or any of the veterans of this software know how well we can use it. > I > need to know if I can join a Windows Server 2019 VM to our existing > Samba Active Directory setup as a domain controller. I need this VM > for nothing but to receive the logs that the other servers may be > getting from things like authentication, etc. So (if I understand > what > this is in the first place), a Read Only Domain Controller? > > Looking forward to hearing some thoughts on this.That should work, provided you are willing to use the current Windows 2008R2 functional level. Bugs in windows previously caused issues and were the reason we did a lot of work to implement 'adprep' (so we would be prepared for FL 2012R2 even if not operating it it), but it should work. We have great audit logs, we just don't provide them in the format windows does because those protocols are a pile of work (binary XML and XML queries for filtering, on top of DCE/RPC). Andrew Bartlett -- Andrew Bartlett (he/him) https://samba.org/~abartlet/ Samba Team Member (since 2001) https://samba.org Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba Samba Development and Support, Catalyst IT - Expert Open Source Solutions