Successfull migration to samba4
Marc.Muehlfeld at medizinische-genetik.de
Mon Oct 1 03:36:49 MDT 2012
I wanted to report about my migration to samba4 (experiences, problems, etc.)
three weeks ago.
First of all: Many thanks to all who work on samba4. You did great work and a
very good job. And of course thanks to all who answered my questions during
the last month here on the list, while I was testing. I've learned a lot.
We are a genetic laboratory with around 170 user accounts and 230 windows
clients (no windows servers). About 3 weeks ago I finally migrated our samba
3.5 domain to s4beta8. One week ago I migrated to rc1.
I spended a lot of time in building a test environment for the migration (DC,
member server, windows machine, servers that use LDAP for authentication,
etc.), because during the last 10 years, we hooked up most of our services to
LDAP. The samba openLDAP backend was our main database where we stored user
accounts and information. So it was realy a big job to migrate samba to s4 and
connect 22 other services to AD on one weekend.
In our DMZ, I don't wanted to have a samba4 server with all it's many services
and open ports, to provides accounts and logins for Cyrus, Postfix, Apache and
serveral other services. I wanted to keep it simple. That's why I configured a
read only openLDAP proxy (back_ldap).
During the migration I worked out some solutions, like the openLDAP proxy
configuration, postfix authorization, thunderbird addressbook,... that could
be usefull for others, too. And I'd like to share it with others, but don't
know where a good place is for that. I don't know if my ways are the perfect
solutions, but maybe on a public place it could be discussed and improved. I'm
not sure if you want such additional information/configurations somewhere on a
extra wiki page.
After 3 weeks with samba4, I can say it is running very stable and I'm very
happy that I did the migration. The only things that I am missing or that are
making problems at them moment are:
- delegation of user/GPO editing to none admin users doesn't work
- inconsistent permissions from sysvol folder and AD (Bug 9140)
- A way to reload the services without start/stop the services would be
important (like with smbcontrol on s3)
- network neighbourhood isn't working (I tried Andrews trick running nmbd, but
only a few computers appear in the list).
- I haven't understand how to work with shares on a s4 machine (see my thread
"How to work with shares on s4?" here on the list, where nobody hasn't
Marc Muehlfeld (IT-Leiter)
Zentrum fuer Humangenetik und Laboratoriumsmedizin
Dr. Klein, Dr. Rost und Kollegen
Lochhamer Str. 29 - D-82152 Martinsried
Telefon: +49(0)89/895578-0 - Fax: +49(0)89/895578-780
More information about the samba-technical