[Samba] Is a mixed MS/Samba DC environment doable?
Anders Östling
anders.ostling at gmail.com
Wed Dec 6 10:34:06 UTC 2023
Hi
I'd like to learn more on the pros and cons of a mixed domain that consists
of both MS and Samba domain controllers and member servers.
What I have learnt so far is this;
I created a new lab domain with an MS DC 2019. I then added a Samba 4.19-3
file server as a domain member w/o any issues.
The clients are 2 Win 10 VM's for tests of shares, GPO's and related
technologies. Still no issues that wasn't self-inflicted. File sharing with
Samba and setting up permissions and group memberships worked as expected.
I created GPO's for home directory, roaming profiles and folder redirection
and verified these.
Yesterday I fired up a Debian 12 and joined this as a DC. First attempt
failed due to schema incompatibility (known issue). I downgraded the MS
schema to 2008R2 and after that the join was successful.
>From what I can see, replication also works as it should. I then tested to
transfer roles back and forth between Samba and MS, and that worked also
fine.
Some iissues noted so far.
1. Existing GPO's on the MS server side are not replicated to the Samba DC.
At least there are no files/directories under
/var/lib/samba/sysvol/<domain>/ visible. I guess this is caused by the lack
of DFS/RPC on the Samba side.
The event viewer on both client VM's shows the same error messages,
probably caused by the lack of DFS, event 1058. My guess is that they are
attempting to read the GPO's from the Samba AD after that this DC was
added. Originally they got the GPO's from the MS. I will read up more on
GPO''s and Samba to better understand the interoperatility.
2. I shutdown the MS AD vm and tried a logon onto one of the W10 clients. I
expected that the Samba DC would handle the logon, but that didn't work.
The logon process just hung there until I fired up the MS DC again. Could
not find anything in the client except the GPO messages mentioned above.
To conclude this rant, is a mixed environment really doable, or would it
just create a lot of issues as times go by? Any advice is welcome!
Learning is Living!
--
------ -------------------- 8 ------------------ ------
"A *wise* man once told me - Any idiot can do backups, but it takes a
genius to successfully restore"
Anders Östling
+46 768 716 165 (Mobil)
More information about the samba
mailing list