Rowland Penny
2023-May-10 19:34 UTC
[Samba] [External] - Re: Joining Windows Server 2022 to Samba Domain
On 10/05/2023 18:42, Dawson Greeley wrote:> Hey Rowland, > > I was actually able to figure it out by looking back at my notes from > when I first did it. > > After running the following commands to get the schema level to 2019 it > joins as a DC no problem. I'd assume it could be forced to the 2016 > schema level but was following this guide > <https://dev.to/aciklab/adding-a-windows-2019-dc-to-your-samba-domain-im2> for that portion of my notes. Do you know of any possible long term ill-effects? > > priv=$(smbd -b | grep -i private_dir | cut -d : -f 2 | xargs) > defaultNamingContext=$(ldbsearch -H ldap://127.0.0.1 -s base -b "" > defaultNamingContext | grep defaultNamingContext | cut -d : -f 2 | xargs) > schemaNamingContext=$(ldbsearch -H ldap://127.0.0.1 -s base -b "" > schemaNamingContext | grep schema | cut -d : -f 2 | xargs) > ldbedit -e "sed -i 's/objectVersion:.*/objectVersion: 88/g'" -H > $priv/sam.ldb '(objectClass=dMD)' -b $schemaNamingContext > ------------------------------------------------------------------------I have never tried to join a Windows 2022 DC to a Samba domain, mainly because I thought it wasn't possible. Whilst you seem to have achieved this, I am sure there is more to it than just raising the schema level. If was so easy, I feel that Samba would be trumpeting it from the roof tops, so as to what will happen going forward, who knows ? Rowland
Andrew Bartlett
2023-May-11 05:47 UTC
[Samba] [External] - Re: Joining Windows Server 2022 to Samba Domain
On Wed, 2023-05-10 at 20:34 +0100, Rowland Penny via samba wrote:> > On 10/05/2023 18:42, Dawson Greeley wrote: > > Hey Rowland, > > > > I was actually able to figure it out by looking back at my notes > > from > > when I first did it. > > > > After running the following commands to get the schema level to > > 2019 it > > joins as a DC no problem. I'd assume it could be forced to the > > 2016 > > schema level but was following this guide > > < > > https://dev.to/aciklab/adding-a-windows-2019-dc-to-your-samba-domain-im2 > > > for that portion of my notes. Do you know of any possible long > > term ill-effects? > > > > priv=$(smbd -b | grep -i private_dir | cut -d : -f 2 | xargs) > > defaultNamingContext=$(ldbsearch -H ldap://127.0.0.1 -s base -b "" > > defaultNamingContext | grep defaultNamingContext | cut -d : -f 2 | > > xargs) > > schemaNamingContext=$(ldbsearch -H ldap://127.0.0.1 -s base -b "" > > schemaNamingContext | grep schema | cut -d : -f 2 | xargs) > > ldbedit -e "sed -i 's/objectVersion:.*/objectVersion: 88/g'" -H > > $priv/sam.ldb '(objectClass=dMD)' -b $schemaNamingContext > > ----------------------------------------------------------------- > > ------- > > I have never tried to join a Windows 2022 DC to a Samba domain, > mainly > because I thought it wasn't possible. Whilst you seem to have > achieved > this, I am sure there is more to it than just raising the schema > level. > If was so easy, I feel that Samba would be trumpeting it from the > roof > tops, so as to what will happen going forward, who knows ? > > RowlandThis was always hoped to be possible. We got stuck a bit at 2012R2 because Microsoft was checking us out via DCOM if we didn't have Samba already filled with the adprep data for 2012R2, which is a big part of why that work was done years ago. That got fixed after we mentioned it. We don't do a lot of testing with Windows joining Samba, just because it is a pain to automate, but it is expected to work and I would love to see more testing and bug reports with modern versions. Recently (to be released with Samba 4.19) schema and tools to upgrade the schema were improved to the 2019 level, which should remove some of the hack steps in this guide. Andrew Bartlett -- Andrew Bartlett (he/him) https://samba.org/~abartlet/ Samba Team Member (since 2001) https://samba.org Samba Team Lead https://catalyst.net.nz/services/samba Catalyst.Net Ltd Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group company Samba Development and Support: https://catalyst.net.nz/services/samba Catalyst IT - Expert Open Source Solutions