You mean an NT4 DC or an AD DC?

NT4: Yes, in several cases.
AD: Yes, in at least two installations (possibly growing in a near future).
NT4: Currently yes, but I used to have a PDC and a BDC in a couple of cases.
AD: Yes (although I might be setting up a secondary DC on one network in
the future).
NT4: FreeBSD
AD: that would be FreeBSD again.
No.
NT4: no.
AD: Yes, in a jail (mainly, but not only, because on an AD DC there are
some limitations WRT to NSS; that lets the base system or another jail
act as file server).
I've been using Jails for a while, but never tried bhyve yet (last time
I checked it was still not considered production-ready).
I believe usual considerations (i.e. nothing Samba specific) apply to
the choice between the two.



Feel free to ask if you have other questions.

bye
av.

Suppose you want (for whatever reason) to see the Samba users as UNIX
users: you'll put something like "passwd: files winbind" in
/etc/nsswitch.conf.
AFAICT that's not going to work on the machine (phyisical, virtual,
jail, etc...) where Samba is configured to be an AD DC (*).
I'm not sure why, I think it has something to do with the way winbindd
works, which is different on the DC.

So I use a jail for the DC (where I'll have no need for UNIX users) and
configure any other instance be a domain member.

(*) Notice "AD DC"; it will work on an NT DC.



The only nuisance is the need to use that jail for DNS.
I never investigated (yet), so I can't answer.
It's also possible I've fallen behind and bhyve now works well.
(Leaving aside bhyve specific problems, which, as I said earlier, I'm
not entitled to consider), I don't think there would be any problem:
that's what I'm doing with jails.
Why? I thinks the community might benefit from this... let them decide :)

bye
av.