Fri Sep 11 14:08:02 UTC 2015
Robert Moskowitz <rgm at htt-consult.com>

On 09/11/2015 08:56 AM, Dario Lesca wrote:
> Il giorno ven, 11/09/2015 alle 14.25 +0200, Oscar Osta Pueyo ha
> scritto:
>> Hello,
>> On 11 September 2015 at 14:04, Dario Lesca <d.lesca at solinos.it>
>> wrote:
>>> Il giorno lun, 08/09/2014 alle 20.03 +0100, James Hogarth ha
>>> scritto:
>>>> On 8 Sep 2014 17:00, "Frantisek Hanzlik" <franta at hanzlici.cz>
>>>> wrote
>>>> ...
>>>>> Hi James, thanks for reply. It seems as at SerNet's site have
>>>>> packages for RHEL6/Centos6 only, not for RHEL7/Centos7 or any
>>>>> Fedora versions, at least this.
>>>> Indeed but fortunately EL6 has many years ahead of it yet.
>>>>> Regarding to Samba4 with MIT in 4.2/4.3 - as I know, 4.2 still
>>>>> is not even in rc, thus final release can be perhaps at the
>>>>> turn of the year.
>>>> The rc is due Sep 15th last I heard.
>>>>> And when time between releases is approx. 9 month, then we can
>>>>> wait
>>>>> around
>>>>> for year...
>>>>> I'll keep my fingers crossed, that it happen in 4.2
>>>> Andrew Bartlett has expressed an opinion on the samba technical
>>>> list that he'd be in favour of a very short 4.2 cycle if it means
>>>> getting these sort of updates out.
>>> There is some news for this tread?
>>> Samba 4.3 is out:
>>> https://www.samba.org/samba/history/samba-4.3.0.html
>>> and into Fedora Development there's already new package:
>>> https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/x
>>> 86_64/os/Packages/s/
>>> But the "samba-ad" package still missing.
>>> Someone have more info?
>>> Many thanks
>> It is a decision of red hat over MIT or Heimdal. Red hat chooses MIT
>> and Samba 4 AD chooses Heimdal.
>> You have more info in https://access.redhat.com/discussions/1235263
> Ok, thanks for reply.
> I read from last message of discussion:
>> February 9 2015 at 1:54 PM - Razvan Corneliu Vilt say:
>> The Samba 4 release in RHEL 7 does not support the Active Directory
>> Domain Controller role. It is however a good NT4 Style Primary Domain
>> Controller, a decent SMB3 file server, etc. What's more interesting
>> is that you CAN make Samba 4 from EL 7 work with FreeIPA for
>> authentication via NTLM AND Kerberos. I already have implemented this
>> using the stock Red Hat Packages and authentication works via FreeIPA
>> using both MS-RPC authentication in NTLM form and Kerberised
>> authentication. ....
> This means that that never will be a samba-ad for redhat/centos.
> Then, if I as I understand the reply, with Centos7 + Samba 4 in old NT4
> -DC mode + Kerberos + FreeIPA ( I do not know what it is FreeIPA) it's
> possible setup a Linux PDC working with all versions of Windows client,
> without changing the registry into win7/8 to join to domain?
> I'm not a guru of Linux, someone can point me to the right way?

I have been building a Samba4 AD on Centos7 (actually C7-armv7 beta) 
using the sernet rpms.


Though we had to build an armv7 distro from sernet sources:


This is Samba 4.2.  It includes their Kerberos, ldap, and internal DNS.  
You MUST use their Kerberos and strongly recommend their ldap.  I am 
using the Bind 9.9 that comes with C7; not to hard to integrate.  I am 
also using the C& dhcpd.

WRT Samba 4.3 and MIT Kerberos.  Samba 4.3 has shipped.  But MIT 
Kerberos support did not make it into the initial release.  Sernet has 
not released a 4.3 ver to date.

There is pretty good help on the Samba list:


The wiki is quite good.  Particularly as I have been asking lots of 
newbie questions and Marc has been busy incorporating the obvious 
answers into the wiki  :)