Or can you chain the Samba4 to use the existing LDAP/Krb as back-end. Or are you forced to have two separate domains and user databases, one for Unix and one for Windows?
Gosh. Where such a crazy questions come from? AD technology was created from scratch with a few important goals. And one of them (very important for the Microsoft, but of course not to it's customers) was: make positively, absolutely, 200% sure that you can not ever use large Unix systems with it's LDAP and Kerberos servers.
Microsoft planned to kill Unix - and to do that it needed to nip the coexistence plan (Unix is on server, while Windows is on client) in the bud.
Samba can not fix this fundamental design decision. So it's either Samba4 in charge or separate user databases. I think over time third capability may arrive: some LDAP/Kerberos servers may be extended to support bastardized version of LDAP/Kerberos meeded for Windows clients... but don't hold your breath...
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds