[Samba] Samba4 Kerberos Authentication Error

[Rob Mason]

> -----Original Message-----
> From: Rowland Penny [mailto:rpenny at samba.org]
> Sent: 06 December 2018 14:34
> To: samba at lists.samba.org
> Subject: Re: [Samba] Samba4 Kerberos Authentication Error
>
> On Thu, 6 Dec 2018 09:12:03 -0500
> Marco Shmerykowsky PE via samba <samba at lists.samba.org> wrote:
>
> > >>
> > >> I'm basically trying to set up one Linux appliance to handle
> > >> overall authentication and let two other machines simply serve
> > >> files.
> > >>
> > >
> > > I would do it slightly differently, two DC's and then whatever
> > > fileservers are required. The Centos Samba packages are usable for a
> > > domain member, they just cannot be used for a DC.
> > >
> > > Rowland
> >
> > Why 2 DC's?  My understanding is that a file server should not
> > simultaneously serve as a DC in an Active Directory setup.
>
> I never said use a DC as a fileserver, I was just picking up on what you said
> 'one Linux appliance to handle overall authentication '. I took it you meant
> use one Samba AD DC and two Samba AD DC's are always better.
>
> >
> > I have a small office.  While I have no issue making one of the file
> > servers also function as a backup DC, I really don't want to add yet
> > another server to the mix to handle a single role.
>
> I know Windows sysadmins refer to DC's via various different names, but AD
> RWDC's are all the same apart from the FSMO roles and they can be on any
> DC.
>
> If resources are limited, you can use a DC as a fileserver, you just have to be
> aware of the limitations.
>
> Rowland
>

Hi Rowland - it might be worth adding a specific section into the wiki regarding limitations of joint DC/FS usage? Currently, I don't think it is spelt out as clearly as it needs to be.

Acasta Ltd - A Crown Commercial Service Supplier. CyberEssentials Certified QGCE013.
Registered in England 6619191. 42 Pitt Street, Barnsley, S70 1BB. VAT Registered 934 6797 75.