[vetinari]

Maybe I'm weird, but what's difficult with Samba as an AD DC, with multiple sites or trusts? It seems easy to me, all you need to know is on the samba wiki.

The biggest "problem" is that distros do not ship Samba packages with DC support, you either have to use 3rd-party build like Tranquil's or build your own.

[tinus_hn]

There is a nasty, confusing mix of Heimdal and MIT Kerberos tools, bind and Samba internal dns, winbindd and sssd, the realm command and the net command and the samba-tool command and a million outdated howtos in between, fighting with tools that are editing configuration under you. And no standardized management tool, LDAP with its text based but unusable interface and different, opaque ways of storing machine credentials.

Creating a domain on a Samba domain controller is not too difficult if you follow the documents. But choosing the right way to join a client to the domain and then using SPNs? Synchronized uids? User management? I haven’t found it to be easy at all.

[loxias]

You're probably right, AND, I'm speaking about doing this ~a decade ago. I expect things have improved, but if I recall correctly, the challenge was all the integration with external systems (krb5, LDAP, print stuff). Took more than a month, but was a thing of beauty to have windows and linux desktops, where you type your password _once_, and then everything just works, and you have the same experience regardless of computer. For some reason I remember spending a lot of time on getting the printing to be one click working... shrug

I guess my only point was that samba for just sharing files is already super easy, so I don't get what an "easy way" is for. :) You might be saying "but hard things are easy too", implying that you're more experienced than me at samba and/or the software itself has improved. I wouldn't be surprised if both were true.