[Samba] Samba 2.4.2 as secondary DC to Windows 2008 R2

[Prof. Dr. Michael Schefczyk]

Dear All,

I am running a two location SOHO network with a Microsoft AD on a Windows 2008 R2 server. The only secondary DC is a Microsoft HyperV VM running on the same Windows machine. My aim is to become more independent from Microsoft products. Nevertheless, I need to upgrade my server to Windows 2016 sometime soon.

In parallel, I would like to move the active directory to two separate servers (= one per location) running debian jessie and Samba 4.2.10 (current debian package 2:4.2.10+dfsg-0+deb8u3). To gain confidence, I would like to run the Windows and Samba DC in parallel for some time (being aware that sysvol replication needs to be managed).

I found it quite doable to setup the Samba 4.2.10 severs and let them join the Microsoft AD as DC. Running samba-tool drs showrepl on them, indicates no issues (except "Warning: No NC replicated for Connection!" Under KCC Connection Objects). However, the Winders 2008 R2 server throws "AD Replication error 8418" The replication operation failed because of a schema mismatch between the servers involved when replicating from Windows Server 2008 R2 to Samba.

I use Microsoft Exchange 2010 (to be replaced as well). My smb.conf has dsdb:schema update allowed = true in the [global] section. All the manual replications from Windows to Samba (listed at https://wiki.samba.org/index.php/Samba-tool_drs_replicate) do work including CN=Schema,CN=Configuration when initiated on the Samba DC. Nevertheless, automatic replication by the Windows (FSMO) DC keeps failing as described above.

Quite likely, it is similar to this issue: https://lists.samba.org/archive/samba/2013-January/170906.html The author of that thread confirmed that he did not get this resolved.

Is there any pragmatic way to copy the AD schema from the Microsoft AD to a Samba 4.2.10 DC to run them in parallel for a while before turning off the Microsoft AD altogether?

Regards,

Michael