> Hi Thiago,
> Like for the Windows case, where we have Heat templates for AD DC and
> other MSFT related workloads (Exchange, SQL Server, SharePoint, etc)
> [1], the best place in OpenStack for Samba 4 DC is a dedicated Heat
> template.
> Heat is the de facto workload orchestration standard for OpenStack, so
> I'd definitely start from there.

Interesting.  How do you see this compared to doing it in Murano?  (In
any case, I'm happy to help anyone working on this, no matter the

> Said that, Keystone has AD support via LDAP. It'd be great to see some
> documentation for using a Samba 4 DC in place of a Windows DC. 
> Another area of interaction for Samba 4 is Cinder: we have code under
> review for exporting volumes over SMB, useful for Hyper-V compute
> nodes and other scenarios. [2]

Samba currently can't support HyperV as a SMB server due to a limitation
in our SMB3 support: https://bugzilla.samba.org/show_bug.cgi?id=9938
However, we are making progress on 'Leases', which I understand is part
of required solution here. 

> Talking about Nova, in large deployments using Hyper-V compute nodes
> it's common to manage credentials with domain membership, quite useful
> for live migration in particular. I'd like to document the usage of a
> Samba 4 AD DC in this context, although the last time I tried I had
> issues with Kerberos delegation, required for live migration. Quite
> some time passed, so it's definitely worth giving it another try.

If you have specific, reproducible issues with our KDC blocking Samba's
use in OpenStack and are able to work with me to test the solution,
please bring them to my personal attention.  I am very happy to address
specific use cases, and this one in particular means a lot to me. 


Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

