Discussion:
[Samba] samba as a dc in a windows ad
David Bear
2016-06-15 03:54:19 UTC
Permalink
I couldn't readily find this answer to this question but can samba act as a
member dc along side windows running the domain? This would be a samba as a
'secondary' domain controller.

Why would I want to do this? I am thinking of putting samba on the outside
of the firewall acting as a RO DC and providing ldap authentication to web
applications.
--
David Bear
mobile: (602) 903-6476
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Sketch
2016-06-15 12:57:46 UTC
Permalink
Post by David Bear
I couldn't readily find this answer to this question but can samba act as a
member dc along side windows running the domain? This would be a samba as a
'secondary' domain controller.
You can, as long as your windows DCs are not newer than 2008 R2. I think
the only real caveat is with sysvol replication. DRS replication is not
supported, so you'll have to use rsync or similar. See the Sysvol section
here:

https://wiki.samba.org/index.php/Join_an_additional_Samba_DC_to_an_existing_Active_Directory
Post by David Bear
Why would I want to do this? I am thinking of putting samba on the outside
of the firewall acting as a RO DC and providing ldap authentication to web
applications.
You may need a fairly recent version of Samba for this. I believe RODC
support is somewhat of a work in progress, but it looks like it's mostly
complete now. I'm not sure as of what version this was the case...

https://wiki.samba.org/index.php/Join_a_domain_as_a_RODC
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
David Bear
2016-06-16 18:22:45 UTC
Permalink
Thanks all.
Post by Sketch
Post by Sketch
You can, as long as your windows DCs are not newer than 2008 R2. I
think the only real caveat is with sysvol replication. DRS replication
is not supported, so you'll have to use rsync or similar. See the
https://wiki.samba.org/index.php/Join_an_additional_Samba_DC_to_an_existing_Active_Directory
David, in case you looked at the referred section earlier this day: I
have now linked the "Robocopy based SysVol replication workaround" [1]
there, too. This approach preserves the ACLs.
Regards,
Marc
[1]
https://wiki.samba.org/index.php/Robocopy_based_SysVol_replication_workaround
--
David Bear
mobile: (602) 903-6476
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Loading...