On 27/12/19 5:26 am, Fabio Martins wrote: > I am drawing a scenario to replace the Windows 2003 Server with OpenBSD, > acting as AD/DC and firewall. There is a need to share folders and > printers, restrict access to folders based on logins, and no GPO are > needed at all. > > Is it possible with the current samba+winbind?
It's a pretty recent of samba in current OpenBSD (4.9.17 in OpenBSD 6.6)… not sure the instructions for setting up a Samba AD DC differ much whether it be Linux or BSD as the underlying OS. It's been some time since I did an AD DC with Samba 4 on Ubuntu 14.04, but I don't recall too much that was Linux-specific. Possibly PAM integration, and that's only relevant if AD users are going to be logging in to the box. I'd probably commandeer a couple of test victims and set up a dummy network to trial the concept first before rolling it out. If need be, do that with a Linux-based AD DC since there are guides for doing exactly that, then try on OpenBSD, hopefully having done it once on a "reference" OS it shouldn't be hard to remove the Linux-isms from the process. That said, I seem to recall that ActiveDirectory required that you keep file/print servers separate from domain controllers. Even on Windows I hear it's recommended to keep the functions separate. Maybe vmm can be pressed into service to run the DC with the host doing file/print server duties? (Maybe vmm is performant enough I/O wise to be a functional file/print server?) Regards, -- Stuart Longland (aka Redhatter, VK4MSL) I haven't lost my mind... ...it's backed up on a tape somewhere.
