On 09/11/2015 08:56 AM, Dario Lesca wrote: > Il giorno ven, 11/09/2015 alle 14.25 +0200, Oscar Osta Pueyo ha > scritto: >> Hello, >> >> On 11 September 2015 at 14:04, Dario Lesca <d.lesca at solinos.it> >> wrote: >> >>> Il giorno lun, 08/09/2014 alle 20.03 +0100, James Hogarth ha >>> scritto: >>>> On 8 Sep 2014 17:00, "Frantisek Hanzlik" <franta at hanzlici.cz> >>>> wrote >>>> ... >>>>> Hi James, thanks for reply. It seems as at SerNet's site have >>>>> packages for RHEL6/Centos6 only, not for RHEL7/Centos7 or any >>>>> Fedora versions, at least this. >>>>> >>>> Indeed but fortunately EL6 has many years ahead of it yet. >>>> >>>>> Regarding to Samba4 with MIT in 4.2/4.3 - as I know, 4.2 still >>>>> is not even in rc, thus final release can be perhaps at the >>>>> turn of the year. >>>> The rc is due Sep 15th last I heard. >>>> >>>>> And when time between releases is approx. 9 month, then we can >>>>> wait >>>>> around >>>>> for year... >>>>> I'll keep my fingers crossed, that it happen in 4.2 >>>> Andrew Bartlett has expressed an opinion on the samba technical >>>> list that he'd be in favour of a very short 4.2 cycle if it means >>>> getting these sort of updates out. >>> There is some news for this tread? >>> >>> Samba 4.3 is out: >>> https://www.samba.org/samba/history/samba-4.3.0.html >>> >>> and into Fedora Development there's already new package: >>> >>> https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/x >>> 86_64/os/Packages/s/ >>> >>> But the "samba-ad" package still missing. >>> >>> Someone have more info? >>> >>> Many thanks >>> >>> >> It is a decision of red hat over MIT or Heimdal. Red hat chooses MIT >> and Samba 4 AD chooses Heimdal. >> >> You have more info in https://access.redhat.com/discussions/1235263 > Ok, thanks for reply. > > I read from last message of discussion: > >> February 9 2015 at 1:54 PM - Razvan Corneliu Vilt say: >> >> The Samba 4 release in RHEL 7 does not support the Active Directory >> Domain Controller role. It is however a good NT4 Style Primary Domain >> Controller, a decent SMB3 file server, etc. What's more interesting >> is that you CAN make Samba 4 from EL 7 work with FreeIPA for >> authentication via NTLM AND Kerberos. I already have implemented this >> using the stock Red Hat Packages and authentication works via FreeIPA >> using both MS-RPC authentication in NTLM form and Kerberised >> authentication. .... >> > This means that that never will be a samba-ad for redhat/centos. > > Then, if I as I understand the reply, with Centos7 + Samba 4 in old NT4 > -DC mode + Kerberos + FreeIPA ( I do not know what it is FreeIPA) it's > possible setup a Linux PDC working with all versions of Windows client, > without changing the registry into win7/8 to join to domain? > > I'm not a guru of Linux, someone can point me to the right way? I have been building a Samba4 AD on Centos7 (actually C7-armv7 beta) using the sernet rpms. https://portal.enterprisesamba.com/ Though we had to build an armv7 distro from sernet sources: http://repo.shivaserv.fr/centos/7/ This is Samba 4.2. It includes their Kerberos, ldap, and internal DNS. You MUST use their Kerberos and strongly recommend their ldap. I am using the Bind 9.9 that comes with C7; not to hard to integrate. I am also using the C& dhcpd. WRT Samba 4.3 and MIT Kerberos. Samba 4.3 has shipped. But MIT Kerberos support did not make it into the initial release. Sernet has not released a 4.3 ver to date. There is pretty good help on the Samba list: https://lists.samba.org/mailman/options/samba The wiki is quite good. Particularly as I have been asking lots of newbie questions and Marc has been busy incorporating the obvious answers into the wiki :) https://wiki.samba.org/index.php/User_Documentation