Koozali.org: home of the SME Server

Smeserver 10 and Windows 2012 server

Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Smeserver 10 and Windows 2012 server
« Reply #15 on: July 16, 2021, 05:28:19 AM »
SME 10 does not implement Active Directory. hence you can only use SME as a standalone samba server or need to enable nt1 protocol and max server protocol to nt1 to use nt4 style PDC. which is not encouraged as nt1 aka smb1 aka cifs  is deprecated.

if you need AD DC you need to configure your own samba server and then you can use SME as secondary server. 

a lot of the work to implement AD DC is available in bug tracker but has not made it for different reasons.
The most prevalent is lack of work force for doing the final
implementation, but few issues were also encountered like a major security one: losing posix ACL in SME samba if it was the AD DC while supported as a domain member, when no support for windows ACL is available in linux filesystems leading to different permissions to access to the same file depending if you access from samba, http, ftp, ssh or locally.

one workaround is to set you samba ad dc in a docker instance or a side vm and sme as domain member
« Last Edit: July 16, 2021, 05:34:02 AM by Jean-Philippe Pialasse »

Offline Raphaël

  • *
  • 38
  • +0/-0
Re: Smeserver 10 and Windows 2012 server
« Reply #16 on: July 16, 2021, 10:23:20 AM »
Bonjour Jean-Pierre.
Thanks for the clarification, I understand better why it does not and cannot work as it is.

Offline gieres

  • *
  • 213
  • +0/-0
Re: Smeserver 10 and Windows 2012 server
« Reply #17 on: July 16, 2021, 07:00:53 PM »
Bonjour Raphaël,
C'est Jean-Philippe !
Jean-Pierre, c'est quelqu'un d'autre...
Bonne fin de semaine.

Offline Raphaël

  • *
  • 38
  • +0/-0
Re: Smeserver 10 and Windows 2012 server
« Reply #18 on: July 17, 2021, 12:39:06 PM »
Oups.
Désolé  :-?

Offline Raphaël

  • *
  • 38
  • +0/-0
Re: Smeserver 10 and Windows 2012 server
« Reply #19 on: July 22, 2021, 02:54:40 PM »
Hello.
I solved my problem, following the topic of Jean-Philippe.
By allowing the SMB1 protocol, no other simple solution for the moment.
Thank's.