A couple of notes on content
No major changes (yet), just a few notes about style, technical accuracy, modernization to see what others think (on parts that don't affect me directly, unfortunately).
Updating the GPO: As of Samba4, this should probably be removed (I think). This was definitely necessary in S3, do we still support/care for S3? Can somebody confirm or deny the need for S4?
Updating DNS: There is no guarantee that the DNS servers are a domain controller, or even a windows server for that matter. Perhaps "Active Directory domain controllers" could be replaced by "internal DNS servers. In many small networks, these will be the domain controllers."?
Kerberos: PDC and BDC are old terms that should have died 15 years ago for Windows admins, and at release of Samba4 for us, but live on (and on, and on, and...). There are five FSMO roles now, four of which can be duplicated any number of times. A generic server1 and server2 would be good IMO. Also, the "Let us assume" part is an odd read for me, especially in a technical document. If a scenario is necessary, it should probably be covered in the introduction (unless the scenario must be built inline, and even then, an overview should be provided in the introduction). Finally, does Samba no longer create its own krb5.conf in /var/lib/samba/private/? I'm only looking from the ADDC POV right now, so I don't know. I'll setup a Samba client at some point before making any edits.
Creating a Kerberos Ticket: Rename "Requesting a Kerberos ticket". Also, there are other title capitalization errors elsewhere (including the title of the article), but the important part was creating vs requesting.
Finally, the general flow of the article could use some work. It feels a little piecemeal to me as you continue further into the additional sections not yet mentioned (probably due to it having major edits by 15 or so users over the past few years).
Response from Rudyvalencia
- Also ran into an issue configuring shares. On a network with a Windows Server 2016 ADDC and a bunch of Arch domain computers, creating a share from an arch host as per the wiki page and accessing it from the ADDC fails with Access Denied. Didn't try using
users = ..., but followed the instructions here with success. Not sure if this should be added (or if what I did is even a good idea), can anyone advise? Hmakale (talk) 00:50, 1 February 2020 (UTC)
Wireless WPA-EAP Machine Authentication
I did a small write-up on how to join a Cisco-Wifi with Machine-Auth against AD. I'm not good at writing :) Feel free to fix and integrate the content. User:B2ag/Active Directory Integration/WPA-EPA-machine-auth
Crossed out parts
What is the reason that some parts/headings are crossed out in the article? Are they obsolete. If so, why haven't they instead simply been removed? —This unsigned comment is by Hhut (talk) 13:09, 20 May 2022 (UTC). Please sign your posts with ~~~~!
Draft article cleanup/rewrite
While following the current (as of 10/4/2022) version of this article I found that the suggested PAM configuration prevents logging in as a local user when the AD domain is offline. Additionally, the currentl article lacks grammar and context.
Therefore, I've created a draft at User:RudyValencia/Active_Directory_integration to remove the old Wiki article sections and provide a better explanation of the process. Edits have also been made to the PAM configuration to allow local login even when the AD domain is offline.