[Discuss] Replacing AD with Samba4

[richb at pioneer.ci.net (Rich Braun)]

Chris Allen <csallen1204 at gmail.com> said:
> As an IT person, Active Directory has been a necessary evil,
> regardless if the majority of the server base is running Linux.
> All of the companies I have worked for have had an AD Domain,
> regardless if their products were Unix/Linux-based.

That's a good summary of why I want to keep Active Directory alive in my home:
 it's ubiquitous at workplaces, at least until someday one of the alternative
SSO technologies takes its place (we have Okta and various SAML solutions like
Ping Federate at my workplace). And my home setup is mainly a lab/sandbox
environment that helps keep me current in a workaday world where everything
you knew 2+ years ago is generally no longer important to know as you pursue
your next job.

Thanks for your hints; I got things a little closer to working using your
smb.conf / krb5.conf suggestions, and today I discovered a major hint to fix
my replication failure at this URL: http://wiki.indie-it.com/wiki/Samba. Sure
enough I have a glibc library version 2.17 which trips on DNS lookups (one of
the lovely things about AD is that it uses standards-noncompliant underscore
characters in its DNS entries). So I had to add /etc/hosts entries and do some
manual DNS tweaks before replication would work.

Getting the internal-DNS server to actually serve port-53 for my AD subdomain
is a whole 'nuther story; probably have to get rid of internal server and use
a real bind9 server instead, until the samba4 folks fix more bugs: I just
didn't want to fool around with configuring dynamic dns-update security if I
don't have to.

-rich