It’s April, 2017 and Samba 3.x has been used as a domain controller for many, many years. Samba 4.x has introduced radical new capabilities while still including the 3.x kitchen sink.
I recently successfully migrated a Windows domain controller to Samba 4.x and discovered a few very important distinctions and supported capabilities of 4.x vs. 3.x CentOS vs. Debian that a new Samba admin should know.
- Samba 4.x is nothing like 3.x. 4.x doesn’t need much in the way of a configuration. Samba-tool makes an smb.conf and kerberos config for you. Use them.
- CENTOS Samba 4.0 domain controller functionality is entirely unsupported. What CENTOS 7.x supports is running Samba 4.x in 3.x mode. Samba-tool does not work therefore it isn’t provided. That’s very important to know if you are trying to set up a modern Windows domain. The reason for the required the encryption backend isn’t in CENTOS and apparently there are no plans for it.
- Use Debian Testing as a virtual machine. You get everything you need with Debian Testing. There is full Samba 4.x support, samba-tool works like the wiki states. I run CENTOS 7.x as the host OS for a bunch of servers. Running libvirt/kvm-qemu works great.