[Samba] [External] - Re: Joining Windows Server 2022 to Samba Domain

Andrew Bartlett abartlet at samba.org
Thu May 11 05:47:17 UTC 2023 

On Wed, 2023-05-10 at 20:34 +0100, Rowland Penny via samba wrote:
> 
> On 10/05/2023 18:42, Dawson Greeley wrote:
> > Hey Rowland,
> > 
> > I was actually able to figure it out by looking back at my notes
> > from 
> > when I first did it.
> > 
> > After running the following commands to get the schema level to
> > 2019 it 
> > joins as a DC no problem. I'd assume it could be forced to the
> > 2016 
> > schema level but was following this guide 
> > <
> > https://dev.to/aciklab/adding-a-windows-2019-dc-to-your-samba-domain-im2
> > > for that portion of my notes. Do you know of any possible long
> > term ill-effects?
> > 
> > priv=$(smbd -b | grep -i private_dir | cut -d : -f 2 | xargs)
> > defaultNamingContext=$(ldbsearch -H ldap://127.0.0.1 -s base -b "" 
> > defaultNamingContext | grep defaultNamingContext | cut -d : -f 2 |
> > xargs)
> > schemaNamingContext=$(ldbsearch -H ldap://127.0.0.1 -s base -b "" 
> > schemaNamingContext | grep schema | cut -d : -f 2 | xargs)
> > ldbedit -e "sed -i 's/objectVersion:.*/objectVersion: 88/g'" -H 
> > $priv/sam.ldb '(objectClass=dMD)' -b $schemaNamingContext
> > -----------------------------------------------------------------
> > -------
> 
> I have never tried to join a Windows 2022 DC to a Samba domain,
> mainly 
> because I thought it wasn't possible. Whilst you seem to have
> achieved 
> this, I am sure there is more to it than just raising the schema
> level. 
> If was so easy, I feel that Samba would be trumpeting it from the
> roof 
> tops, so as to what will happen going forward, who knows ?
> 
> Rowland

This was always hoped to be possible.  We got stuck a bit at 2012R2
because Microsoft was checking us out via DCOM if we didn't have Samba
already filled with the adprep data for 2012R2, which is a big part of
why that work was done years ago.

That got fixed after we mentioned it.  

We don't do a lot of testing with Windows joining Samba, just because
it is a pain to automate, but it is expected to work and I would love
to see more testing and bug reports with modern versions.

Recently (to be released with Samba 4.19) schema and tools to upgrade
the schema were improved to the 2019 level, which should remove some of
the hack steps in this guide. 

Andrew Bartlett

-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead                https://catalyst.net.nz/services/samba
Catalyst.Net Ltd

Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company

Samba Development and Support: https://catalyst.net.nz/services/samba

Catalyst IT - Expert Open Source Solutions

More information about the samba mailing list