[Samba] Suggestions testing Samba 4 on same subnet as Standalone Samba 3 Server
Mike
1100100 at gmail.com
Tue Jul 30 14:27:26 MDT 2013
My network currently has the following server running Samba 3 as a
standalone server to 50 client boxes: Linux a1 2.6.35.7 #3 SMP Samba
Version 3.5.6. Currently, no true NT Domain Controller, in Windows speak -
it's a Workgroup only.
I have another server that I want to configure to use Samba 4 as an Active
Directory Domain Controller and file server: Linux a10 3.7.10-gentoo-r1 #1
SMP Samba Version 4.0.4.
I only have one subnet and cannot disrupt the users, but have read the
following concerns on the Samba wiki: Make sure you thoroughly test your
conversion and how your clients react before you activate your new server
in your production environment! Once a Windows client finds and connects to
the new server, it is not possible to go back!
Also, it is necessary to do testing on a separate network so that the old
and new domain controllers don't clash. The issues with having both domains
'live' at the same time are:
The databases are not syncronised after the initial migration
Even if no changes are made to the DB, clients which see an AD DC will no
longer honour NT4 system policies
The new Samba4 PDC and the old DC will both claim to hold the #1b name as
the netbios domain master
The paths to certain files and directories for your Samba3 installation are
often distribution specific (for example, /var/lib/samba vs. /etc/samba).
Please be sure to verify and if necessary, modify paths used in examples
appropriately.
- - - - - -
Has anyone dealt with only having one subnet upon which to configure and
test a new Samba 4 server in the presence of a currently active Samba 3
server?
I was thinking maybe the simplest way would be to make an iptables firewall
on the Samba 4 server -- allowing connections from only one particular
address on the subnet and use that one address for a client box to test on.
Possible iptables rule (allowing one client address, blocking all others on
subnet):
iptables -t filter -A INPUT -i eth0 -s 192.168.1.200 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -t filter -A INPUT -i eth0 ! -s 192.168.1.200 -j DROP
Would this be adequate to separate the Samba 4 server from others on the
LAN?
More information about the samba
mailing list