Success: Samba4 AD DC on a fresh domain with 250+ clients

Andrew Walters aw-sambalists at silverstream.net.nz
Wed Mar 14 15:37:15 MDT 2012 

Hi all, 

The wiki for Samba4 asks for "brave" testers to report success/failure to the Samba Technical failing list, so here I am. 

I'm happy to report I have successfully rolled out a fresh Active Directory domain to a primary school consisting of 250+ client PCs with Samba as the sole domain controller and file server. There are couple of Windows Server 2003 member services doing a few specific tasks (AV distribution, print queues, remote desktop...) but the core of the network is Samba/AD. 

My configuration was inspired by the "Franky" guides, although I separated the Samba3 and Samba4 instances completely. On CentOS 6, I have the standard distro-supplied Samba-3 packages, along with a locally compiled Samba4 installed completely within its own folder structure to keep it and its components separate from Samba3. 

Each is configured to listen on a separate service IP address and have different names, although both reside on the same server. 

The Samba 3 instance is functioning as a domain member server, doing the job of file server, in the domain controlled by the Samba 4 instance, which is dedicated to AD domain control and nothing else besides the netlogon share. 

Samba 4 is Alpha 17, because that was my starting point when I began testing it, and because it works :) 
Samba 3 is CentOS 6.2 standard v3.5.4.68.el6_0.2. 
Clients are all Windows XP. Group Policy is working well (although the MS Active Directory Users and Computers MMC snapin does crash from time to time). 
I have the local DHCP server handle dynamic DNS updates as this plus the odd manual update turned out to be easier than getting a custom build of BIND to work. 

My next challenge is to migrate over a Samba 3 + LDAP domain to AD at another school. I see there's discussion about doing this in the list archives and will give this a read. 

Thanks heaps for providing such an awesome tool. I'm looking forward to the final release of Samba 4 but am thrilled to be able to have an AD domain working in the meantime! Now I can accommodate Windows 7 clients properly. 

Thanks, 


Andrew W

More information about the samba-technical mailing list