[Samba] A set of questions before building a new server
Robert Moskowitz
rgm at htt-consult.com
Tue Dec 9 07:55:44 MST 2014
Thanks for responding
On 12/09/2014 05:59 AM, Gaiseric Vandal wrote:
> On 12/09/14 00:11, Robert Moskowitz wrote:
>> I have a Samba server here with 4 users and 4 XP systems. Kind of
>> small, but it does the job. It is running as a PDC with roaming
>> profiles. I should note that I left professionally supporting
>> Windows networking around the time XP came out, so I have maintained
>> an NTDomain through a number of incarnations (NT, Win2000, Samba2/3)
>> and use of someone elses packaging. This time I want to use as
>> direct-to-Samba as I can. All I want with this server is to be a
>> Samba server to Windows (and maybe Linux) machines.
>>
>> I have new hardware, an armv7 board that I can run either Redsleeve 6
>> (Centos 6 arm port) that has Samba3 or Fedora 21 that has Samba4. I
>> have new XP systems (updated with 'SP4' and right now standalone)
>> ready to use this server. I will have to migrate 2 of the old
>> systems. The new server can be on a new subnet with a new rfc1918
>> network address. I will also be serving gobal/static IPv6 addresses
>> on this new network. At some point I may actually have a new Windows
>> OS system, but there is no pressure here to do that. My family is so
>> far content with Office 2003!
>>
>> So a set of questions come up:
>>
>> Do I migrate from NTDomain to AD, or stay with NTDomain for a few
>> more years? Actually can be a total fresh build of AD.
>> Does AD require Samba 4? I have looked at the Wiki, and have not
>> seen this clearly stated, but that is probably my reading challenges.
>> Does AD support roaming profiles?
>> I like that AD has the LDAP built in. But do I still need an LDAP
>> admin tool for AD?
>> If I stay with NTDomain, what LDAP tool to use?
>>
>> As I start building, then rebuilding the new server, I know I will
>> have more questions. Hopefully most will be on the Wiki, and I will
>> be able to find them.
>>
>> thank you
>> Now back to reading more on the Wiki and elsewhere
>>
>
> With Samba 4, you can can configure a "classic domain" the same as
> with Samba 3. Recent versions of Fedora will include Samba 4 BUT
> they don't include all requirements to configure an Active Directory
> domain controller anyway.
I want to do this over the next month... So what is Fedora missing? I
want ARM over INTEL for the power savings (70w vs 2w).
> And for 4 users a classic domain should be sufficient. (The only
> reason I would consider an AD environment would be if you wanted to
> gain some experience .)
I may need that, as I am being laid off the 1st of the year. :(
> Since this is a single server environment there should not be any need
> to use LDAP as a backend- you can use /etc/passwd for unix accounts
> and TDB backend for samba accounts. IF you wanted to gain some
> experience with samba and LDAP then you could install OpenLDAP or
> Oracle/Sun Directory Studio as an LDAP backend both services. I
> use apache directory studio for LDAP management.
I want to go the OpenLDAP route. Where do I find out about the apache
directory studio?
> Samba 3 can be a member of an AD domain but not a domain controller.
>
> I am not aware of any SP4 for XP. You are no doubt aware that XP
> and Office 2003 have been EOL'd.
Google it. Some fellow has put together all of the patches since SP3
in a reasonable package, including the little tool out there that sets
the registry to say this is a POS that MS will be supporting with basic
patches for a number more years yet. Good enough for the home systems.
> I have not used IPv6 addresses with Linux or Samba yet. I don't know
> how well XP supports IPv6. You may want to hold off on IPv6 until
> you move to Win 7 or later.
I have been using IPv6 with Linux for 3+ years. With XP there is/was a
patch; testing called for. Not too important for the XP systems, other
than I would have to run a 4-6 web proxy before I sundown the XP boxes.
> With Samba 3, I found roaming profiles to be more trouble than they
> were worth. The additional login and logout times were unacceptable.
>
I have been running roaming profiles on Samba 3 for 4+ years. Of
course, I don't put data in the user profile, but else where on the
systems, and get my users to really use their home directory on the
server. Login/out times are for copying the profile. Work with your
users (my wife!) to not save documents locally in their profile.
More information about the samba
mailing list