Successfull migration to samba4
Andrew Bartlett
abartlet at samba.org
Wed Oct 3 19:55:50 MDT 2012
On Mon, 2012-10-01 at 11:36 +0200, Marc Muehlfeld wrote:
> Hi,
>
> I wanted to report about my migration to samba4 (experiences, problems, etc.)
> three weeks ago.
>
> First of all: Many thanks to all who work on samba4. You did great work and a
> very good job. And of course thanks to all who answered my questions during
> the last month here on the list, while I was testing. I've learned a lot.
>
> We are a genetic laboratory with around 170 user accounts and 230 windows
> clients (no windows servers). About 3 weeks ago I finally migrated our samba
> 3.5 domain to s4beta8. One week ago I migrated to rc1.
>
> I spended a lot of time in building a test environment for the migration (DC,
> member server, windows machine, servers that use LDAP for authentication,
> etc.), because during the last 10 years, we hooked up most of our services to
> LDAP. The samba openLDAP backend was our main database where we stored user
> accounts and information. So it was realy a big job to migrate samba to s4 and
> connect 22 other services to AD on one weekend.
Indeed, it sounds like a very big job!
> In our DMZ, I don't wanted to have a samba4 server with all it's many services
> and open ports, to provides accounts and logins for Cyrus, Postfix, Apache and
> serveral other services. I wanted to keep it simple. That's why I configured a
> read only openLDAP proxy (back_ldap).
>
> During the migration I worked out some solutions, like the openLDAP proxy
> configuration, postfix authorization, thunderbird addressbook,... that could
> be usefull for others, too. And I'd like to share it with others, but don't
> know where a good place is for that. I don't know if my ways are the perfect
> solutions, but maybe on a public place it could be discussed and improved. I'm
> not sure if you want such additional information/configurations somewhere on a
> extra wiki page.
Get and account and put it on the wiki.
> After 3 weeks with samba4, I can say it is running very stable and I'm very
> happy that I did the migration. The only things that I am missing or that are
> making problems at them moment are:
> - delegation of user/GPO editing to none admin users doesn't work
> - inconsistent permissions from sysvol folder and AD (Bug 9140)
> - A way to reload the services without start/stop the services would be
> important (like with smbcontrol on s3)
smbcontrol should just work, as that area is unchanged from earlier 3.x
releases when using the default file server.
> - network neighbourhood isn't working (I tried Andrews trick running nmbd, but
> only a few computers appear in the list).
> - I haven't understand how to work with shares on a s4 machine (see my thread
> "How to work with shares on s4?" here on the list, where nobody hasn't
> answered yet).
I'll take a look.
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list