Samba4: The mit list insist that file server and DC must be one and the same

[steve]

On 17/08/12 11:40, Stefan (metze) Metzmacher wrote:
> Am 17.08.2012 11:37, schrieb steve:
>> On 17/08/12 11:24, Andrew Bartlett wrote:
>>> On Fri, 2012-08-17 at 08:54 +0200, steve wrote:
>>>> On 17/08/12 04:50, Andrew Bartlett wrote:
>>>>> On Thu, 2012-08-16 at 10:10 +0200, steve wrote:
>>>>>> On 15/08/12 23:18, Gémes Géza wrote:

>>>
>>> That explains why you want to run samba-tool on the DC, but why do you
>>> want to have the unix home directories on the DC?  There does not need
>>> to be a connection between the two.
>>>
>>> Andrew Bartlett
>>>
>>
>> Hi
>>
>> My script creates not only the user himseld but also sendible values in
>> AD for unixHomeDirectory. I want to be able to create unixHomeDirectory.
>> If I do that on the DC then I must mount the real home directory from
>> the filesever otherwise I double the work for myself in having to:
>> 1. Create the user on the DC
>> 2. Go over to the file server and create his unixHomeDirectory
>
> Can't you use:
>
> ssh fileserver mkdir /some/path
> with a ssh-key without a passphrase?
>
> metze
>

Hi metze. Hi everyone.

Yes of course I can. I feel so stupid now. I created an rsa key on both 
the DC and fileserver so that root did not have to give a password to login.

My only remaining question is that to open port 22 on the file server, 
I've had to open all the other ports otherwise I could not kinit or 
anything else. Could you/is there a list of ports which need to be open 
for a S3 fileserver which is also a nfs server to be able to communicate 
to the rest of the LAN without all ports being opened?

As we have Kerbeors at both ends maybe it would be better to ssh using that?

Cheers,
Steve