We have two instances of Samba. The first upstream/rhel one is the file server, and the second one runs the DC in a Linux container with its own IP address.
There’s plenty of discussions in this forum about this choice. Just as a starter: I still don't get why Samba has to be run in a container - #6 by davidep
The file server receives official rhel patches. We recompile the DC from the Samba vanilla source code which ships all the security patches we need. Their dev lifecycle has been sustainable so far and even minor upgrades of the DC ran smoothly, far better than rhel minor upgrades!
Here we’re discussing two distinct levels of issues with AD:
- the complexity of our architecture, required to be an all-in-one distro, compatible with previous ns6 version
- the complexity of an AD network, a nightmare for a support team, even for Red Hat’s one
