[Samba] samba as a dc in a windows ad

Sketch smblist at rednsx.org
Wed Jun 15 12:57:46 UTC 2016

On Tue, 14 Jun 2016, David Bear wrote:

> I couldn't readily find this answer to this question but can samba act as a
> member dc along side windows running the domain? This would be a samba as a
> 'secondary' domain controller.

You can, as long as your windows DCs are not newer than 2008 R2.  I think 
the only real caveat is with sysvol replication.  DRS replication is not 
supported, so you'll have to use rsync or similar.  See the Sysvol section 


> Why would I want to do this? I am thinking of putting samba on the outside
> of the firewall acting as a RO DC and providing ldap authentication to web
> applications.

You may need a fairly recent version of Samba for this.  I believe RODC 
support is somewhat of a work in progress, but it looks like it's mostly 
complete now.  I'm not sure as of what version this was the case...


