[CentOS] SAMBA as AD DC

Fri Sep 11 12:56:55 UTC 2015
Dario Lesca <d.lesca at solinos.it>

Il giorno ven, 11/09/2015 alle 14.25 +0200, Oscar Osta Pueyo ha
scritto:
> Hello,
> 
> On 11 September 2015 at 14:04, Dario Lesca <d.lesca at solinos.it>
> wrote:
> 
> > Il giorno lun, 08/09/2014 alle 20.03 +0100, James Hogarth ha
> > scritto:
> > > On 8 Sep 2014 17:00, "Frantisek Hanzlik" <franta at hanzlici.cz>
> > > wrote
> > > ...
> > > > 
> > > > Hi James, thanks for reply. It seems as at SerNet's site have
> > > > packages for RHEL6/Centos6 only, not for RHEL7/Centos7 or any 
> > > > Fedora versions, at least this.
> > > > 
> > > 
> > > Indeed but fortunately EL6 has many years ahead of it yet.
> > > 
> > > > Regarding to Samba4 with MIT in 4.2/4.3 - as I know, 4.2 still 
> > > > is not even in rc, thus final release can be perhaps at the 
> > > > turn of the year.
> > > 
> > > The rc is due Sep 15th last I heard.
> > > 
> > > > And when time between releases is approx. 9 month, then we can
> > > > wait
> > > > around
> > > > for year...
> > > > I'll keep my fingers crossed, that it happen in 4.2
> > > 
> > > Andrew Bartlett has expressed an opinion on the samba technical 
> > > list that he'd be in favour of a very short 4.2 cycle if it means
> > > getting these sort of updates out.
> > 
> > There is some news for this tread?
> > 
> > Samba 4.3 is out:
> > https://www.samba.org/samba/history/samba-4.3.0.html
> > 
> > and into Fedora Development there's already new package:
> > 
> > https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/x
> > 86_64/os/Packages/s/
> > 
> > But the "samba-ad" package still missing.
> > 
> > Someone have more info?
> > 
> > Many thanks
> > 
> > 
> 
> It is a decision of red hat over MIT or Heimdal. Red hat chooses MIT 
> and Samba 4 AD chooses Heimdal.
> 
> You have more info in https://access.redhat.com/discussions/1235263

Ok, thanks for reply.

I read from last message of discussion:

> February 9 2015 at 1:54 PM - Razvan Corneliu Vilt say:
>  
> The Samba 4 release in RHEL 7 does not support the Active Directory 
> Domain Controller role. It is however a good NT4 Style Primary Domain 
> Controller, a decent SMB3 file server, etc. What's more interesting 
> is that you CAN make Samba 4 from EL 7 work with FreeIPA for 
> authentication via NTLM AND Kerberos. I already have implemented this 
> using the stock Red Hat Packages and authentication works via FreeIPA 
> using both MS-RPC authentication in NTLM form and Kerberised 
> authentication. ....
> 

This means that that never will be a samba-ad for redhat/centos.

Then, if I as I understand the reply, with Centos7 + Samba 4 in old NT4
-DC mode + Kerberos + FreeIPA ( I do not know what it is FreeIPA) it's
possible setup a Linux PDC working with all versions of Windows client,
without changing the registry into win7/8 to join to domain?

I'm not a guru of Linux, someone can point me to the right way?

Many thanks
Dario

-- 
Dario Lesca
(inviato dal mio Linux Fedora 22 con Gnome 3.16)