Samba4 ADS BDC howto/help/status, please?

Brian Dickson Brian.Dickson at
Thu Jan 21 11:28:00 MST 2010


I'm interested in deploying Samba4 in a non-critical (but very useful!) role, as an AD backup DC, for authentication purposes only.

Specifically, the environment in which this is to be deployed is:

(A) An AD PDC (and two BDCs) all running Windows Server 2003 SP2 (not, unfortunately, R2 :-) ).

(B) Lots of users and groups, for some smallish value of "lots" (a few dozen).

(C) Add to this, the desire to have Linux host(s) which will authenticate users via PAM with one of pam_winbind, pam_ldap, and/or pam_krb5, by way of Samba4.

The need to have a Linux host do the mappings between UID/GID, and RID/SID (or whatever *ID exists), is why I think Samba4 as BDC (possibly read-only) would be ideal. Samba3 only supports queries against AD PDC with the "support for unix" stuff that came in R2, or against a stand-alone Linux Samba3 PDC.

The mappings UID/GID would be one-way only, on one host, so the scope is very limited. No conflicts, no race conditions, no data sharing, just authentication (and creating home directories, natch.)

So, my questions are:

(1) Will Samba4 in its current state, be able to handle this?
(2) What compile/install/provision/configure steps/instructions are (or will be) required?
(3) Can anyone point me at relevant bits and pieces that might need to be added or tweaked, to support this, if there's still work to be done? (I have incentive to do this, of course.)
(4) Would anyone object to me adding this to the Wiki/howto, as I think this will be a common use-case?

Thanks in advance,
Brian Dickson
P.S. Sorry for posting to -technical, but I think this is probably the best case to get answers to the above...

More information about the samba-technical mailing list