Successfull migration to samba4

Andrew Bartlett abartlet at
Wed Oct 3 19:55:50 MDT 2012

On Mon, 2012-10-01 at 11:36 +0200, Marc Muehlfeld wrote:
> Hi,
> I wanted to report about my migration to samba4 (experiences, problems, etc.) 
> three weeks ago.
> First of all: Many thanks to all who work on samba4. You did great work and a 
> very good job. And of course thanks to all who answered my questions during 
> the last month here on the list, while I was testing. I've learned a lot.
> We are a genetic laboratory with around 170 user accounts and 230 windows 
> clients (no windows servers). About 3 weeks ago I finally migrated our samba 
> 3.5 domain to s4beta8. One week ago I migrated to rc1.
> I spended a lot of time in building a test environment for the migration (DC, 
> member server, windows machine, servers that use LDAP for authentication, 
> etc.), because during the last 10 years, we hooked up most of our services to 
> LDAP. The samba openLDAP backend was our main database where we stored user 
> accounts and information. So it was realy a big job to migrate samba to s4 and 
> connect 22 other services to AD on one weekend.

Indeed, it sounds like a very big job!

> In our DMZ, I don't wanted to have a samba4 server with all it's many services 
> and open ports, to provides accounts and logins for Cyrus, Postfix, Apache and 
> serveral other services. I wanted to keep it simple. That's why I configured a 
> read only openLDAP proxy (back_ldap).
> During the migration I worked out some solutions, like the openLDAP proxy 
> configuration, postfix authorization, thunderbird addressbook,... that could 
> be usefull for others, too. And I'd like to share it with others, but don't 
> know where a good place is for that. I don't know if my ways are the perfect 
> solutions, but maybe on a public place it could be discussed and improved. I'm 
> not sure if you want such additional information/configurations somewhere on a 
> extra wiki page.

Get and account and put it on the wiki.  

> After 3 weeks with samba4, I can say it is running very stable and I'm very 
> happy that I did the migration. The only things that I am missing or that are 
> making problems at them moment are:
> - delegation of user/GPO editing to none admin users doesn't work
> - inconsistent permissions from sysvol folder and AD (Bug 9140)
> - A way to reload the services without start/stop the services would be 
> important (like with smbcontrol on s3)

smbcontrol should just work, as that area is unchanged from earlier 3.x
releases when using the default file server. 

> - network neighbourhood isn't working (I tried Andrews trick running nmbd, but 
> only a few computers appear in the list).
> - I haven't understand how to work with shares on a s4 machine (see my thread 
> "How to work with shares on s4?" here on the list, where nobody hasn't 
> answered yet).

I'll take a look. 

Andrew Bartlett                      
Authentication Developer, Samba Team 

More information about the samba-technical mailing list