Bug 910464
| Summary: | [RFE] Add Samba AD domain controller support | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Jeremy Agee <jagee> |
| Component: | samba | Assignee: | Andreas Schneider <asn> |
| Status: | CLOSED WONTFIX | QA Contact: | qe-baseos-daemons |
| Severity: | low | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 8.0 | CC: | ahmed.khalil, antonio, asn, cparadka, cww, degts, dossow, dpal, ekeck, fedora-bugs, gdeschner, jarrpa, kbanerje, lagern, mkosek, mpanaous, Neustradamus, ngompa13, redhat-bugzilla, rhack, ricardo.arguello, rlucente, robert.scheck, sbose, sgadekar, sgallagh, striker, thaygiaoth, tscherf, vcojot |
| Target Milestone: | alpha | Keywords: | FutureFeature |
| Target Release: | 8.1 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-11-26 09:43:03 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1378373 | ||
| Bug Blocks: | 1203710, 1398314, 1400961, 1451294 | ||
|
Description
Jeremy Agee
2013-02-12 17:26:08 UTC
Need single sign-on for all workstations regardless of host OS. RHEL IPA can mangage UNIX/Linux domains and share account data with AD. AD lives in an essentially MS exclusive world where support for other environments is usually broken if it is there at all. RHEL with IPA and Samba4 can provide better cross platform support than MS-AD does. With Samba ported to so many environments, there is far better understanding of non-MS environments in that community than there is in the MS camp. This expertise should be leveraged. Military customers often use a single MS windows guest VM to act as the AD DC, even in tactical environments. It would be great to offer this functionality in RHEL and eliminate the need for the Windows VM. Cross-filed case #01285697 on the Red Hat customer portal as it seems to affect us, too. Dear Red Hat Do Samba 4x provide audit tools such as Event Viewer? We need to audit some events such as: domain user login/logoff, change/reset password, create/delete user, domain computer shutdown/restart... It is crucial requirement for security! I followed this link: https://wiki.samba.org/index.php/Event_Logging But maybe it can not logging above events in domain AD Hi Trung, Samba has basic protocol support for the two eventlog protocols (MS-EVEN and MS-EVEN6) and some server side support tools for filling up eventlog databases (eventlogadm) but currently no event viewer GUI. There are also some ideas how to record audit events in the fashion Windows does but no full implementation of that is available right now. Thanks for your info! I also want to know 2 AD features in Samba4x High Availability tech 1. DFS is usable? https://wiki.samba.org/index.php/DFS 2. AD Read-only DC https://wiki.samba.org/index.php/Samba4_DRS_TODO_List I tested this feature but I not succeed at Credential caching stage I think I'm not enough samba knowledge for configuration 1 and 2 Also some replicate operations need to improve 3. AD Multi-site I found some bugs such as https://bugzilla.samba.org/show_bug.cgi?id=10419 https://bugzilla.samba.org/show_bug.cgi?id=10251 Can you confirm they are verified? Thank you for your best effort about AD alternative solution Hi Trung, a) DFS features are available on the same level as current Samba in RHEL 7.1. I'm sure there will be more bug fixes and improvements by upstream anytime soon. b) This is not supported by upstream yet. We do not have an ETA for this. c) Nobody is working on RODC support right now. Upstream is aware that it is non working. No ETA for this item. The focus is to support trusted domains first. thanks the last question is about backup/restore As I know Samba4 is highly recommend using additional DC as AD backup solution https://wiki.samba.org/index.php/Backup_and_Recovery Is there effort for more tools or features for backup/restore on single DC? *** Bug 1651036 has been marked as a duplicate of this bug. *** From what I can see at RHEL 8 beta [1], there is no Samba AD domain controller support, yet. Why? [1] http://downloads.redhat.com/redhat/rhel/rhel-8-beta/baseos/x86_64/Packages/ Red Hat has evaluated the RFE and came to conclusion that including Samba AD DC into Red Hat Enterprise Linux would create a significant support challenge due to complexity and broad set of the use cases that are expected to be supported by the solution. To avoid undesirable customer experience, Red Hat will not include Samba AD DC into Red Hat Enterprise Linux in any foreseeable future. Based on this conclusion this RFE is now being closed. Red Hat acknowledges the value of Samba AD DC to Red Hat customers and welcomes partners that have targeted expertise in this area to join forces to provide an integrated Identity Management solution for heterogeneous environments that would meet the variety of customer use cases. All interested parties are welcome to contact Red Hat via available communication channels. Based on the feedback and desire of Red Hat customers to invest into development of this technology, or if market conditions or partner integration will not be sufficient to meet customer requirements, Red Hat might reconsider its position in future. This is really depressing. Red Hat's FreeIPA team and Samba have been working on making this possible for many years. And now it's not even going to ship in RHEL 8? I was really hoping for RHEL IdM to be able to fully replace AD just out of the box. I'm supremely disappointed that Red Hat has elected to not offer this with RHEL 8, as it's a major missed opportunity. |