[Samba] Distro and release recommended

Robert Marcano robert at marcanoonline.com
Fri Jul 13 12:39:26 UTC 2018 

On 07/12/2018 02:17 PM, Rowland Penny via samba wrote:
> On Thu, 12 Jul 2018 15:08:57 -0300
> Sergio Belkin <sebelk at gmail.com> wrote:
> 

...

>>>>>
>>>> Are they ready for production?
>>>
>>> Well, Louis uses them in production. He creates them for his own
>>> use in his establishment/company and very graciously makes them
>>> available for others to use. I don't know how many people use them,
>>> but I believe they are quite popular. I am sure Louis would be more
>>> than willing to enlighten you more on his packages, but he is on
>>> holiday (oops sorry, vacation) at the moment.
>>>
>>> Rowland
>>>
>>>
>>>
>> Nice, and what about Fedora AD, anyone has implemented?
>>
>>

The Fedora included build since Fedora 27 includes the AD support based 
on MIT Kerberos. As Rowland said, there are drawbacks. The only problem 
I found was posted on this bug by another brave soul running the MIT 
Kerberos based code https://bugzilla.samba.org/show_bug.cgi?id=13516

In summary this bug makes computer based GPOs unusable (they don't apply 
by apparent computer groups membership issues).

I am running this in production (small business), but running on a 
container based instance of Fedora over a CentOS 7 hosts, the host runs 
a Samba domain member as a file server. This way it is isolated and 
easily replaceable in case of a big bug and upgradeable to newer Fedoras 
  easily of to CentOS if AD support ever land on 7.x branch before 8 . 
The previous domain was Samba NT4 based so Samba AD without computer 
GPOs (user GPOs work fine) is better than a NT 4 domain, they aren't 
losing features.

> 
> You want to use Fedora in production ??

Someone has to be brave enough to run new code on production or no one 
will ever be able to fix problems that no other people found during 
testing. :)

> 
> There may be available Samba packages for Fedora (If there are, I
> don't know of any, but then, I don't use Fedora), but they will
> probably use MIT kerberos and there are still drawbacks with using MIT.
> 
> Rowland
>   
>

More information about the samba mailing list