Successfull migration to samba4

Marc Muehlfeld Marc.Muehlfeld at
Mon Oct 1 03:36:49 MDT 2012


I wanted to report about my migration to samba4 (experiences, problems, etc.) 
three weeks ago.

First of all: Many thanks to all who work on samba4. You did great work and a 
very good job. And of course thanks to all who answered my questions during 
the last month here on the list, while I was testing. I've learned a lot.

We are a genetic laboratory with around 170 user accounts and 230 windows 
clients (no windows servers). About 3 weeks ago I finally migrated our samba 
3.5 domain to s4beta8. One week ago I migrated to rc1.

I spended a lot of time in building a test environment for the migration (DC, 
member server, windows machine, servers that use LDAP for authentication, 
etc.), because during the last 10 years, we hooked up most of our services to 
LDAP. The samba openLDAP backend was our main database where we stored user 
accounts and information. So it was realy a big job to migrate samba to s4 and 
connect 22 other services to AD on one weekend.

In our DMZ, I don't wanted to have a samba4 server with all it's many services 
and open ports, to provides accounts and logins for Cyrus, Postfix, Apache and 
serveral other services. I wanted to keep it simple. That's why I configured a 
read only openLDAP proxy (back_ldap).

During the migration I worked out some solutions, like the openLDAP proxy 
configuration, postfix authorization, thunderbird addressbook,... that could 
be usefull for others, too. And I'd like to share it with others, but don't 
know where a good place is for that. I don't know if my ways are the perfect 
solutions, but maybe on a public place it could be discussed and improved. I'm 
not sure if you want such additional information/configurations somewhere on a 
extra wiki page.

After 3 weeks with samba4, I can say it is running very stable and I'm very 
happy that I did the migration. The only things that I am missing or that are 
making problems at them moment are:
- delegation of user/GPO editing to none admin users doesn't work
- inconsistent permissions from sysvol folder and AD (Bug 9140)
- A way to reload the services without start/stop the services would be 
important (like with smbcontrol on s3)
- network neighbourhood isn't working (I tried Andrews trick running nmbd, but 
only a few computers appear in the list).
- I haven't understand how to work with shares on a s4 machine (see my thread 
"How to work with shares on s4?" here on the list, where nobody hasn't 
answered yet).

Best regards,

Marc Muehlfeld (IT-Leiter)
Zentrum fuer Humangenetik und Laboratoriumsmedizin
Dr. Klein, Dr. Rost und Kollegen
Lochhamer Str. 29 - D-82152 Martinsried
Telefon: +49(0)89/895578-0 - Fax: +49(0)89/895578-780

More information about the samba-technical mailing list