[Samba] Best samba4 network deployment

[Caleb O'Connell]

It sounds like the best setup, if you have multiple servers, is to keep 
the actual file server running samba 3.x and joining to the samba4 
domain running on the other servers.  Is s3fs comparable enough to 
samba3.6?  I haven't had too much trouble with it at all but I wasn't 
able to use write list = @groupname (no integration with the shadow 
accounts I guess).

Thanks for your answer, it was helpful to me as I'm making the 
decisions as I go along with my project.



Andrew Bartlett wrote:

> On Thu, 2012-08-02 at 12:06 -0400, Caleb O'Connell wrote:
>> I've been playing around with Samba4 as an AD for a domain.  I like 
it a
>> lot
>> and it's been very stable for me.  I've been using Samba 3.5 for a 
while
>> with OpenLDAP and connecting win7 computers fine, sharing files fine 
and
>> even sharing printers and printer drivers fine.
>> 
>> I'd like to move to Samba4 as by backend LDAP and Authentication 
server
>> and, like many, want to also keep all the Samba3 file sharing
>> capabilities that I've gotten accustomed to.
>> 
>> I thought the best option was to install samba4 on all the servers,
>> making
>> one the DC and the others as member servers.  Basically distributing 
the
>> authentication and the directory.  On my current file server just 
keep
>> running samba3 and just joining it to the samba4 domain.  Does this 
sound
>> like the best solution for business network?
> 
> This is a good plan.
> 
>> Is there anything I should be
>> aware of by setting this up?  If I do setup a network with this
>> configuration, can I just use ntvfs on all the samba4 computers?  
Would
>> that
>> be more stable?  I know the s3fs is going to be the default file 
sharing
>> mechanism in Samba4 but since I'll be using samba3 for filesharing I 
can
>> just use the ntvfs, right?
> 
> While there are valid use cases for using the well understood ntvfs
> configuration, we are steering users away from it, so that we just 
have
> one major deployment configuration in the long term.
> 
> We seem to have got past the biggest stability concerns that I 
feared,
> with some ACL issues being the only remaining issue.  Having the
> smb.conf parameter table merged is also a big positive step in this
> direction.
> 
>> On the file server itself, I can run samba3 and samba4 side by side 
just
>> fine, right?  They won't but heads, so long as smbd nmbd listen on 
their
>> ports and samba4 listens on the Kerberson and DNS ports, right?
> 
> It isn't this simple - the AD DC also needs to listen on the ports 
nmbd
> and smbd would listen on.  Essentially what you describe is the new
> default (s3fs) configuration, where we use smbd as the file server.
> 
> Using different interfaces would get you closer, but things like
> nss_winbind tend to be global for the whole server, and so I would
> totally split the DC from the file server if you can.
> 
>> I was just hoping to probe the minds of others who've maybe done 
this
>> exact
>> network config.  Also, hopefully help my understanding on best 
practices
>> with the current status of the samba project.
> 
> I'll leave it for others to comment on their exact production
> configurations, these comments above are just my guide from a 
developer
> perspective.
> 
> Andrew Bartlett
>