[Samba] SAMBA 4.10 SYSVOL Replication adn RODC

Rowland penny rpenny at samba.org
Sat Sep 14 14:53:54 UTC 2019

On 14/09/2019 15:23, joe.greer--- via samba wrote:
> Hi All,
> 1) I read that the devs are working on supporting AD 2012 in 4.11, very
> cool.
> 2) I read SAMBA 4.11 can support 100,000 users and 120,000 computers, very
> cool.
> It appears that SAMBA is moving to be a viable file server, authentication
> and authorization server that can replace Microsoft Active Directory -
> Directory Services.  Is this possible before 2030 for business with
> multiple sites and over 10,000 employees?
Should be, after all, from my understanding, Samba is already being used 
by users with multiple sites and over 10,000 employees.
> I read there are issues with SYSVOL and that concerns me.
Yes, it would be nice to have sysvol replicated.
>    I need to have
> SYSVOL functional on more than just one sever.
You already can, but it is a 'workaround' at the moment.
>   I also need RODC's to work
They do.
> and be able to remove them and add more.
What is stopping you ?
>    If the devs can't make this work
> maybe they need to make a proxy caching server for SAMBA that can sit at
> sites across a WAN and cache all the authentication and DNS that is sent to
> a central SAMBA.
So far everything on your list (apart from sysvol) is fully working
> Thanks,
> Joe
> ==============================================
> What is not cool, SYSVOL replication :
> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#Sysvol_Replication
> GPO's have to be manually synced, AD without GPO's lis like a car running
> on all spare tires...
Well, just like you cannot tell when a car is running on its spare 
wheel, you cannot tell when Samba DCs are running with a correctly 
manually synced sysvol.
> Internal DNS is said to not be good for complex or large deployments, so
> use Bind_DLZ.
What is wrong with that, Even Microsoft lets you use Bind9 on a Windows DC.
> Some of these issues have been around for over a decade(
> https://bugzilla.samba.org/show_bug.cgi?id=6714).  Does anyone really care
> about Samba being used outside of home users, NASes and Small single server
> businesses?
Yes, quite a lot of people do, but there are only so many people working 
on the Samba code and sysvol isn't at the top of anyone's priorities, 
but if it irks you so much, feel free to propose patches to get sysvol 
working like it does on Windows ;-)
> -----------------------------------------------
> It seems that the developers or a developer should get the SYSVOL part
> done.  By done I mean, done so that many to many replication works between
> SAMBA AD DS where you have no Microsoft AD DS.  If you need it connected to
> a production Windows active directory sell that connector as a commercial
> module.
Don't know whether you noticed it, but Samba is opensource.
> Make the Trusts work as well between SAMBA ONLY Domains.
I thought they did work
> Windows 10 is going to force many companies to either rip and replace lots
> of Windows servers with new ones or migrate to a Samba AD network and say
> goodby to Microsoft.
Why ?
> Has microsoft contributed any code to SAMBA?
I don't think they have provided any actual code, but they have provided 
help and documentation.
> Are the
> API's still public and the documentation matching the Microsoft product
> line?
As far as I am aware, yes & yes.


More information about the samba mailing list