[Samba] Suggestions for argument for Samba over Windows 2003?

Fri Oct 17 15:55:37 GMT 2003

> Hi

>
> I'm currently running a RedHat 9 (which means Samba 2.2.7) on a DELL
> server.  The hardware should be fine to handle the load for the whole
> school, which comprises about 200 - 250 users.   (This server is currently
> controlling the Samba "domain" for one of the former schools).
> So, anyway, from my reading of the doco so far, it would seem that
> we could integrate the Unix box one of two ways:
>
>  . Upgrade it to Samba 3, and have it join the Win 2003 domain.
>    Since the only access we're supporting into the box is SMB,
>    we don't need to worry about setting or syncing the Unix password.
>
>    I still need some way to create the underlying unix account though,
>    preferably with consistent, rather than randomly assigned uids/gids.
>
>    I could use normal Unix commands to manually create the Unix accounts,
>    but since I have previously set up an OpenLDAP box and made accounts
>    on it for everyone, I could probably homebrew some sort of
>    web-based  makeuser  script, and point NSS at it.
>
>  . leave it on Samba 2.2.7, leave it off the whole domain thingo,
>    set  security=server  and point the password server at one of
>    the AD boxes, and touch wood.
>
>    Even if we don't have 2 passwords and password syncing, we still
>    have a small issue of having 2 sets of accounts, and needing to
>    create/delete accounts in 2 places.
If you were living in northern Germany, I would invite you to come to my
site, so we could discuss that with a working setup at hands.
I am running at this school a setup with a PDC (1GHz HP, 1GB RAM) and a
BDC (similar, but P4) with a user base of about 7000. Only about 1500 are
active users, as user-accounts are created by a perl script, 40 accounts
per class.
Every user has of course his/her own homedirectory and as far as I know,
all users are more satisfied with this network as they were before
(Netware, W2k Advanced Server). We had a license of w2k advanced server
and I am glad that I never gave it a try, though I never had set up a
samba-PDC before (I just told them it was no problem :-))
I am just about to switch completely to samba3.0.1pre1 (I know it's not
for productive, but we don't produce here anything ;-) ) and it seems to
be worth it for the smaller load concerning ldap. The CPU-load wasn't a
problem, but I always had to have an eye on it, sometimes it was at 100%,
as many users log in at the same moment in school-environments.
In my Opinion masses of accounts are better handled by some scripts than
by GUI and I find it easier to write those scripts on unix. Further more,
OpenLDAP is better documented and more standard-conformant, its easier to
extend it with my own schemas (For problem-reporting and management,
login-script storage) plus standard schemas for mail-routing.
Difficulties with samba will occour, but they do as well with Windows
whatsoever, be it 2000, XP or 2003. Actually, few people here know that
the servers are running Linux/Samba...

Sincerely,
Malte Müller