[Samba] Samba 4 in production?

Lukasz Zalewski lukas at eecs.qmul.ac.uk
Fri Oct 22 14:13:15 MDT 2010


On 22/10/2010 20:42, Lukasz Zalewski wrote:
> Hi Michael, Mark, all
> On 22/10/2010 19:31, Michael Wood wrote:
>> On 22 October 2010 20:12, Mark Rutherford<mark at lowcountrybilling.com>
>> wrote:
>>> Hi Michael,
>>> Thank you for the response.
>>>
>>> I have 2 new servers to replace our older cluster with and I am going to
>>> give Samba 4 a shot at it.
>>
>> I'm assuming the old ones are Samba 3? Using OpenLDAP as the backend?
>>
>>> My issue so far has been user and machine accounts - I can't find any
>>> documentation or hints to migrate those.
>>
>> Upgrades/migration from Samba 3 is not finished yet. It is being
>> worked on, though. Search the archives for mentions of myldap-pub.py
>> which Lukasz Zalewski has been working on.
>>
>> I assume Lukasz used that script for his migration mentioned here:
>> http://lists.samba.org/archive/samba-technical/2010-October/074031.html
>>
> That is correct - i have used the above script to import most of my
> users and computers from s3 (with OpenLDAP backend) to the new s4 domain
> (and keep using it to add new arrivals)
> Metze is currently reviewing the changes i have made to his original
> script, so hopefully soon this script will become part of s4. In essence
> the script will allow you to move the whole domain across (you will
> provision s4 with the original s3 domain SID and then move
> users/computers/groups acroos), or move all/selected users across to the
> new domain.
I do not know, in case of the whole domain being imported, the computer 
accounts will continue working or will have to be rejoined to the domain 
(i suspect the latter, but would like to know for sure)

Luk
>
> Regards
>
> Luk
>>> When it comes to user accounts I created one and changed the SID to
>>> the SID
>>> on the current domain and that worked fine.
>>> I did have to rejoin the machine.
>>> My test environment is running Samba4 as the domain controller and
>>> Samba 3
>>> doing the heavy lifting.
>>
>> That sounds sensible to me.
>>
>>> It all seems to work okay, for the most part.
>>>
>>> I will probably stress this setup for a few weeks and if I can't
>>> break it my
>>> thoughts are to turn off the old cluster and
>>> move on with life.
>>> If I can figure out how to migrate accounts in the meantime, that's a
>>> plus.
>>> When I get this all working as it should I will write up something
>>> for the
>>> samba-technical mailing list.
>>> Right now Samba 4 seems to work exceptionally well as a plain domain
>>> controller.
>>> The only issues I have run into are problems with bind not behaving
>>> itself.
>>> Thanks again for the feedback.
>>>
>>> On 10/20/2010 4:53 PM, Michael Wood wrote:
>>>>
>>>> On 11 October 2010 22:19, Mark Rutherford<mark at lowcountrybilling.com>
>>>> wrote:
>>>>>
>>>>> I have read many stories and testimonials from people that are running
>>>>> Samba 4 in production.
>>>>> This encouraged me to try it out in a couple of virtual machines
>>>>> and, as
>>>>> expected I encountered no problems that
>>>>> I could not overcome. (mostly DNS setup issues)
>>>>>
>>>>> We are running 3.5 right now just as a plain NT4 domain controller
>>>>> with
>>>>> DRBD
>>>>> and friends.
>>>>> This setup has worked for many, many years and the possibility of
>>>>> gaining
>>>>> AD
>>>>> is very appealing.
>>>>>
>>>>> When I tested Samba 4, I joined a few Samba 3 servers to it and used
>>>>> resources from those servers without any issues.
>>>>> How are others using it in production?
>>>>> Any pitfalls to using Samba 4 in this manner?
>>>>> Anyone care to share their stories, good or bad?
>>>>>
>>>>> Thanks everyone.
>>>>
>>>> I'm using it only for authentication of services on a Mac OS X server
>>>> at the moment. No workstations, file/print sharing etc.
>>>>
>>>> It was a bit of trouble getting the user accounts migrated from Open
>>>> Directory, but after that hurdle it's been very little trouble.
>>>>
>>>> I'm copying samba-technical, since you've not received any other
>>>> answers on the samba list and the samba-technical list is, for now,
>>>> still the place to report success/failure/etc. with Samba 4.
>>
>



More information about the samba-technical mailing list