Migrating s3+ldap integrated solution (SambaEdu3) to s4 ?
denis.bonnenfant at diderot.org
Wed Apr 25 05:03:49 MDT 2012
I'm one of the maintainers of SambaEdu3
http://wwdeb.crdp.ac-caen.fr/mediase3/index.php/Accueil, A french
all-in-one solution for schools, based on Samba3, ldap, and a custom
logon hack to allow .pol policies to be used as "pseudo-GPOs", dhcp
reservations, application deployment with wpkg, automated cloning and
As Samba4 is going more and more mature, i'm trying to figure the
migration path from our solution to a Samba4 one. It's a long-term goal,
but as correct Seven integration in our domains raises some new issues,
i'm wondering if it is worth solving it, or if starting to work on s4
switch will be better.
- Directory and domain migration : we are using the standard samba3
openldap schema, so the migration to s4 builtin directory should work
with migration scripts ? AD tree is quite "flat", how to migrate
existing branches ?
- files an print server : s3 server is still required, can it be
located on the same machine ? is there any important issues in this area ?
- GPO : As far as I understand, s4 serves standard policies generated
with Windows tools. So user must use windows to generate it. Is there
samba4-specific tools, libs, allowing linux-side GPO generation,
typically a web python or php frontend allowing .admx/.adml parsing and
.pol generation in conformance with AD structure ? we already have a
python generator for .pol and php frontend, but it uses a mysql
database, not admx/adml.
- DNS/dhcp : I saw on the list many messages about it : does bind9 and
dhcp integration can be considered as production-ready ?
- Web frontend : we have our own ldap frontend. Switching it to AD
schema is not difficult, but it is a time-consuming work. User experiences ?
- DC replication : samba4 allows automatic DC replication. is it
- File server clustering / load balancing : is there any changes in
this area with samba4 ? as the fileserver is still samba3 I guess no,
but maybe i missed something...
The strength of SE3 project is to allow the user to manage a domain
completly from a single web interface, GPO included, but the weakness is
the hacky nature of our "pseudo GPO" system and the s3 domain controller
So finally, the only missing thing will be a web frontend for GPO
editing. Is this analysis true ?
Thanks in advance for your advises, and maybe sharing similar experiences.
More information about the samba-technical