Being the Linux wannabe guy that I am, at work I decided to turn the old Windows 2003 DC into a Samba DC. So, not being as competent in Linux as I would like, I decided to go with the Zentyal OS, which is just Ubuntu 14.04 with the zenytal package of samba, as well as some other servery options you can choose to install, and a web interface to make getting everything set up easier.
So I get everything installed, and aside from the web interface being buggy and having to restart the service a few time, it was a breeze to add to the domain as an additional DC. I check things out, and I see that the AD Objects are replicating over, however nothing from SYSVOL is coming over. The Samba documentation says you have to set the syncing up of Sysvol on your own, but Zentyal says the Sysvol folder will sync to the Samba DC, but not from the Samba DC to the other DCs, so I assumed that they added their own script to do that. However, the fix to getting the Sysvol download working was to use the samba command line tool to reset permissions, so I'm not quite sure which part of the system is doing what there.
So I do some tests, everything seems to be working, so I leave it online. So the next week I get a call of someone's password not working, sure enough, shutdown the Samba DC and it works. It happens again to another user, reseting the password works and all the DCs are then good. Happens to another user, and they say their old password worked. Then it happens to me, so then I figure it's time to get this fixed, haha.
I check on the replication (using samba command line tools now), for some reason the Samba server doesn't have any outbound neighbours, so I try to do the replication manually, everything is good until I get an error at the forest schema.
Well, it turns out that according to the Samba documentation says that the highest schema usable is Server 2008 R2 (we have a 2012R2 domain controller). I didn't read the Samba documentation before, I read the Zentyal documentation, which says nothing about schema, but that the highest forest and domain functional level supported is Server 2012. What I'd like to know is how you can get a Server 2012 functional level domain controller with a 2008R2 schema...either the Samba documentation is outdated, or the Zentyal documentation is wrong. Either way, it's probably still the end of the road for Samba for me until they can get the schema to Server2012R2, I'm probably lucky I didn't corrupt AD.
Once they get 2012R2 schema, I'll be back. I'm also looking forward to them setting up a RODC option. When I do try it again, I think I will set up Samba myself, rather than using something pre-packaged to make it easier, I needed to dive into the underbelly of it anyway, and it would have made it easier in the long run if I had set it up myself and new how it worked. Also, avoiding that buggy web interface, and being able to choose whichever OS I want would be a plus.
So I get everything installed, and aside from the web interface being buggy and having to restart the service a few time, it was a breeze to add to the domain as an additional DC. I check things out, and I see that the AD Objects are replicating over, however nothing from SYSVOL is coming over. The Samba documentation says you have to set the syncing up of Sysvol on your own, but Zentyal says the Sysvol folder will sync to the Samba DC, but not from the Samba DC to the other DCs, so I assumed that they added their own script to do that. However, the fix to getting the Sysvol download working was to use the samba command line tool to reset permissions, so I'm not quite sure which part of the system is doing what there.
So I do some tests, everything seems to be working, so I leave it online. So the next week I get a call of someone's password not working, sure enough, shutdown the Samba DC and it works. It happens again to another user, reseting the password works and all the DCs are then good. Happens to another user, and they say their old password worked. Then it happens to me, so then I figure it's time to get this fixed, haha.
I check on the replication (using samba command line tools now), for some reason the Samba server doesn't have any outbound neighbours, so I try to do the replication manually, everything is good until I get an error at the forest schema.
Well, it turns out that according to the Samba documentation says that the highest schema usable is Server 2008 R2 (we have a 2012R2 domain controller). I didn't read the Samba documentation before, I read the Zentyal documentation, which says nothing about schema, but that the highest forest and domain functional level supported is Server 2012. What I'd like to know is how you can get a Server 2012 functional level domain controller with a 2008R2 schema...either the Samba documentation is outdated, or the Zentyal documentation is wrong. Either way, it's probably still the end of the road for Samba for me until they can get the schema to Server2012R2, I'm probably lucky I didn't corrupt AD.
Once they get 2012R2 schema, I'll be back. I'm also looking forward to them setting up a RODC option. When I do try it again, I think I will set up Samba myself, rather than using something pre-packaged to make it easier, I needed to dive into the underbelly of it anyway, and it would have made it easier in the long run if I had set it up myself and new how it worked. Also, avoiding that buggy web interface, and being able to choose whichever OS I want would be a plus.
