[Samba] Samba 3 vs 4, User Maintenance

Richard Hurt rnhurt at kangaroobox.com
Tue Feb 26 14:22:20 GMT 2008 

Andrew,

I'm thinking that Samba4 offers what I need and will be pretty safe  
(data wise) as long as I don't stray too far into uncharted/ 
undeveloped areas.  Primarily we need to be able to do 3 things:  
manage users, groups, & computers; share data on the network; be able  
to log into any machine on the network.  Thats it.  No printing, no  
fancy AD forests, no BDC, no integration into existing directories.   
Now having said that, we would like to eventually do some of those  
things (i.e. share printers) and its my understanding that GPO works  
today.  So things like locking down the screensaver, forced Windows  
updates, and folder redirection, should work with Samba4 now, right?

One of my main dislikes of previous Samba versions are their  
complexity when combined with a directory service and lack of  
management tools.  Samba4 takes care of the first item on the list but  
still leaves the second one hanging.  I am in the process of  
downloading the AD tools to see if they will be workable, but like you  
I hate depending on Microsoft for this.

As far as Samba 3.x goes, it has served me well but I was never really  
exposed to the underbelly and was always filtered through OS X.  After  
seeing how badly Apple messed up in 10.5 I spent some time with the  
current Samba release and was scared out of my mind.  :)  At least  
Samba4 seems to be moving in the right direction.

Anyway, I think I am willing to give Samba4 a try and see how far I  
can go with it.  If it satisfies our needs and is stable then we will  
be very happy indeed and puts me in a better position to do other  
things in my organization.  :)

What do you need from me?

On Feb 25, 2008, at 10:35 PM| Feb 25, 2008, Andrew Bartlett wrote:

>
> On Mon, 2008-02-25 at 15:54 -0500, Richard Hurt wrote:
>> Hey all,
>>
>> We are currently using an Apple XServe G5 as a PDC for 150 Windows XP
>> Pro machines.  Everything worked well (sorta) under OS X 10.4 (Tiger)
>> but when we upgraded to 10.5 (Leopard) it just fell apart.  I
>> reinstalled the OS several times and tried everything I could to get
>> it to work properly (i.e. log in more than 20 machines at once).  We
>> have even opened a ticket with Apple to get some help, but they
>> haven't been very responsive at all.
>>
>> So, I am going to set up my own stand-along Samba box (Debian 4) to
>> replace the old XServe.  My question is should I use Samba 3 or 4?  I
>> know that 4 is still alpha but we really don't need much - a PDC and
>> half a dozen file shares.  What do you think, would 4 be stable  
>> enough
>> for this?  If not now, any thought as to when the beta period might
>> begin?  I probably have until next Fall to really nail this down so I
>> am willing to 'play' for a little bit.
>
> If you are willing the spend the time, and want to see Samba4 move
> forward, I'm very happy to help with any issues you come across along
> the way.  Samba4 supports Group policy and Kerberos logins, so this  
> may
> be a useful upgrade from the Samba3 world.
>
> The issues with Samba4 are not 'stability' (I've not seen it crash
> randomly), but instead in lack of feature completeness.  This
> fortunately can be offset by using Samba3 for (say) printing  
> functions,
> if this is a problem.
>
>> On a related note, I noticed that SWAT was being dropped (or at least
>> not worked on) for Samba 4.  What is a good replacement?   
>> phpLDAPAdmin
>> is great for what it does but it does *not work* in the education
>> environment.  That's the one thing that Apple's solution has going  
>> for
>> it - it looks darn pretty and is easy to use.  What does everyone  
>> else
>> use for user, group, and share point management?  Is the AD tool kit
>> (whatever that is) on Windows an option?
>
> Much as I hate Microsoft's tools on windows being a primary
> administration tool, it is one of the more complete options (because  
> we
> must support it anyway).
>
> SWAT needs the love and long-term care of a good web developer.  There
> was an almost functional LDB browser, which can be found in the SVN
> history, but it didn't get the maintainence it required.
>
> Other than that, someone could probably write up a good set of simple,
> form-submit based user management tools in python (or ejs), and
> integrate them.
>
> Andrew Bartlett
>
> -- 
> Andrew Bartlett
> http://samba.org/~abartlet/
> Authentication Developer, Samba Team           http://samba.org
> Samba Developer, Red Hat Inc.

More information about the samba mailing list