samba - May 2023 - [External] - Re: Joining Windows Server 2022 to Samba Domain

On Wed, 2023-05-10 at 20:34 +0100, Rowland Penny via samba
wrote:
> 
> On 10/05/2023 18:42, Dawson Greeley wrote:
> > Hey Rowland,
> > 
> > I was actually able to figure it out by looking back at my notes
> > from 
> > when I first did it.
> > 
> > After running the following commands to get the schema level to
> > 2019 it 
> > joins as a DC no problem. I'd assume it could be forced to the
> > 2016 
> > schema level but was following this guide 
> > <
> >
https://dev.to/aciklab/adding-a-windows-2019-dc-to-your-samba-domain-im2
> > > for that portion of my notes. Do you know of any possible long
> > term ill-effects?
> > 
> > priv=$(smbd -b | grep -i private_dir | cut -d : -f 2 | xargs)
> > defaultNamingContext=$(ldbsearch -H ldap://127.0.0.1 -s base -b
""
> > defaultNamingContext | grep defaultNamingContext | cut -d : -f 2 |
> > xargs)
> > schemaNamingContext=$(ldbsearch -H ldap://127.0.0.1 -s base -b
""
> > schemaNamingContext | grep schema | cut -d : -f 2 | xargs)
> > ldbedit -e "sed -i 's/objectVersion:.*/objectVersion:
88/g'" -H
> > $priv/sam.ldb '(objectClass=dMD)' -b $schemaNamingContext
> > -----------------------------------------------------------------
> > -------
> 
> I have never tried to join a Windows 2022 DC to a Samba domain,
> mainly 
> because I thought it wasn't possible. Whilst you seem to have
> achieved 
> this, I am sure there is more to it than just raising the schema
> level. 
> If was so easy, I feel that Samba would be trumpeting it from the
> roof 
> tops, so as to what will happen going forward, who knows ?
> 
> Rowland
This was always hoped to be possible.  We got stuck a bit at 2012R2
because Microsoft was checking us out via DCOM if we didn't have Samba
already filled with the adprep data for 2012R2, which is a big part of
why that work was done years ago.

That got fixed after we mentioned it.  

We don't do a lot of testing with Windows joining Samba, just because
it is a pain to automate, but it is expected to work and I would love
to see more testing and bug reports with modern versions.

Recently (to be released with Samba 4.19) schema and tools to upgrade
the schema were improved to the 2019 level, which should remove some of
the hack steps in this guide. 

Andrew Bartlett

-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead                https://catalyst.net.nz/services/samba
Catalyst.Net Ltd

Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company

Samba Development and Support: https://catalyst.net.nz/services/samba

Catalyst IT - Expert Open Source Solutions

On 11/05/2023 06:47, Andrew Bartlett wrote:
> 
> This was always hoped to be possible.  We got stuck a bit at 2012R2
> because Microsoft was checking us out via DCOM if we didn't have Samba
> already filled with the adprep data for 2012R2, which is a big part of
> why that work was done years ago.
> 
> That got fixed after we mentioned it.
> 
> We don't do a lot of testing with Windows joining Samba, just because
> it is a pain to automate, but it is expected to work and I would love
> to see more testing and bug reports with modern versions.
> 
> Recently (to be released with Samba 4.19) schema and tools to upgrade
> the schema were improved to the 2019 level, which should remove some of
> the hack steps in this guide.
> 
> Andrew Bartlett
> 
You would like people to test things they know nothing about ?
Have you considered telling people what is available ?

Why do I feel like getting information out of Samba is like getting 
teeth pulled ?

I notice that MR !3080 has popped up on this very subject.

Rowland