[Samba] Samba 4.x and classic domains

Andrew Bartlett abartlet at samba.org
Sat May 24 23:34:04 MDT 2014 

On Thu, 2014-05-22 at 11:38 -0400, Gaiseric Vandal wrote:
> It depends on the size of your location and the clients in question.
> 
> 
> Assuming , when talking about mapping shares, you mean from Windows 
> clients.      If you have more than 5 windows workstations, the Windows 
> workgroup approach (i.e. no centralized accounts) is a pain to 
> manage.      The domain approach with a domain controller is usually the 
> way to go.      A Windows domain controller can be a Windows 200x Active 
> Directory Domain Controller, as Samba 4 domain controller (which mimics 
> a Windows 200x DC) or a Samba 3.x DC (with is more like a NT4 DC.)
> 
> 
> I have been running Samba 3.x at my location for several years.     I am 
> using an LDAP backend, and this is the same LDAP backend that is used 
> for authenticating Linux workstations and other services.         If you 
> have an existing LDAP infrastructure I would look at Samba 3.x     The 
> big downside of Samba 3.x is that it looks like major development work 
> is stopped on it.     However, from what I can tell, it is NOT easy to 
> tie Samba 4 into an existing LDAP structure.

Samba 4.x still supports 'classic' domains, such as our those folks use
against OpenLDAP.  The AD support in Samba 4.x is additional, and does
not replace any of these features.

We do understand the difficulty presented by existing LDAP structures,
and for that reason there isn't a plan to decommission the classic DC
support, and it remains tested by our continuous integration system.  

The code that supports the classic DC is also the same code that
supports the internal 'domain' of standalone servers and domain member
servers.  This means that we still use this code, even when not acting
as a DC.  It is also the basis for some of the features of FreeIPA, and
so it gets development attention from that direction as well. 

That said, I still suggest folks move to the AD DC code, because clients
and attached devices (this such as a NAS) integrate much better with an
AD DC.

I hope this clarifies things,

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list