[Samba] Samba AD and adding a Windows 2008R2 DC
Rowland Penny
rpenny at samba.org
Mon Mar 25 12:28:21 UTC 2019
On Mon, 25 Mar 2019 11:24:03 +0000
"Deventer-2, M.S.J. van via samba" <samba at lists.samba.org> wrote:
> Hi,
>
> we now have an old Windows NT4.0 domain served by Samba 4.2.x (using
> Samba and LDAP) and want to move to Windows AD.
> The reason we need to do that is because of the clients (Windows 10
> and MacOS) and because of a third party device which does not want to
> talk to Samba AD (Isilon OneFS).
Possibly if Isilon would accept that Samba AD works in the same way as
Windows AD, it might be made to work.
In one of their PDF's is this:
Active Directory with RFC 2307 and Windows Services for UNIX
A best practice is to use Microsoft Active Directory with Windows Services for UNIX and RFC 2307 attributes
to manage Linux, UNIX, and Windows systems. Integrating UNIX and Linux systems with Active Directory
centralizes identity management and eases interoperability, reducing the need for user mapping rules. Make
sure your domain controllers are running Windows Server 2003 or later. For more information on RFC 2307,
refer to the following KB:
How to configure OneFS and Active Directory for RFC2307 compliance:
https://support.emc.com/kb/335338
Samba AD matches all of the above, it uses the 2008R2 schema and the
SFU ldif.
The problem I have is that the KB: 335338 is behind a login page,
perhaps if this could be seen, it might be possible to see where the
problem lies.
>
> I did a 'classicupgrade' to Samba AD from our Samba/LDAP config and
> then I use this guide :
> https://wiki.samba.org/index.php/Joining_a_Windows_Server_2008_/_2008_R2_DC_to_a_Samba_AD
> to add the Windows 2008R2 DC to the Samba AD. This all worked out but
> I encountered an error on the Windows AD integrated DNS (error 4014 :
> The DNS server was unable to initialize AD security interfaces). The
> wiki page does not mention this and I was wondering which version of
> Samba was used when this page was created ?
> Looking for a solution on the Microsoft side sends you from one link
> to another and back again...
>
> Anyone here who did a succesfull join of Windows 2008R2 DC to an Samba
> AD domain ?
I have added a 2012 and it worked, but I use Bind9, perhaps if you
tried adding Bind9 to your Samba AD ?
Rowland
More information about the samba
mailing list