[Samba] AD/DC on EL8/Centos8 etc

[Nick Howitt]

On 15/06/2021 13:17, Denis CARDON via samba wrote:
>
> Hi Nick,
>
> Le 15/06/2021 à 13:13, Nick Howitt via samba a écrit :
>> Hi Gents,
>> Do you know if anyone is maintaining packages for 
>> EL8/Centos8/AlmaLinux8 etc with AD/DC support compiled in?
>
> we have packages for EL8 for Samba 4.12 / 4.13 / 4.14 at 
> https://samba.tranquil.it/redhat8/ with EL7 / EL8 documentation at 
> https://dev.tranquil.it/samba/en/samba_config_server/redhat8/server_install_samba_centos.html 
> . They are compiled and tested on AlmaLinux8. The spec file are ported 
> from latest Fedora replacing MIT Kerberos with Heimdal and a dozen 
> other small fixes. Note : they are some libs that may be incompatible 
> with existing stuff (like libldb) so it is better to have a dedicated 
> VM for your DC.
>
> You can also take a look at Samba+ rpm packages from SetNet.
>
> Cheers,
>
> Denis
>
>
>> Regards,
>> Nick
Very interesting. Can I ask why you maintain them? Also what are the 
issues with the incompatible files?

My interest is that my distro, ClearOS is looking at AlmaLinux as a 
possible parent for ClearOS 8, but they need to work on a Directory 
product. Currently they use OpenLDAP in 7.x, but the EL8 preferred 
version is Directory 389. ClearOS currently use NT4 domains in 7.x 
(which Roland rightly complains about), but I'd like to explore Samba 
AD/DC in 8.x as well as a more conventional LDAP product.

At the same time ClearOS is used as a file server and the (strong) 
recommendation from Samba is not to do AD/DC and file serving on the 
same box, and, if you must, run one of them in Docker/Podman or a VM. 
AD/DC upgrades between major versions seem to be best done by running up 
a new DC and joining it to the old and then demoting the old one. This 
gives an interesting (problematic) upgrade route on a single box.

I'd love to hear any feedback and experiences you have.

Nick