[Samba] Samba documentation team

Peter Ross Petros.Listig at fdrive.com.au
Wed Apr 2 21:12:46 MDT 2014 

From: "Jonathan Buzzard" <jonathan at buzzard.me.uk>
> On 31/03/14 20:36, Marc Muehlfeld wrote:
>> Hello,
>>
>> here's our chatlog from today:
>> https://cpaste.org/p9ktmthpb/o8xmma/raw
>>
>> The summeries I had added to the agenda behind the topics:
>> https://pad.riseup.net/p/Agenda_2014-03-31
>>
>>
>> I drafted a new agenda for next week (monday, 7pm CEST again):
>> https://pad.riseup.net/p/Agenda_2014-04-07
>> Please add everything, that should be discussed.
>>
>
> How about removing anything to do with setting up a NT4 domain and
> restricting mention of it to migrating from an NT4 domain to an AD domain.
>
> In 2014 it is bordering on criminal to be setting a NT4 domain up.
> Microsoft ditched NT4 domains 14 years ago with the release of Windows
> 2000. You need to deploy all sorts of nasty registry hacks to make it
> work on a supported version of Windows (well from next Tuesday) so lets
> consign it to the dustbin of history.

They are here, and not that dramatic. They still work with Windows7. With
Windows8 you have a showstopper when you want a domain with dots '.' in
it:

https://wiki.samba.org/index.php/Registry_changes_for_NT4-style_domains

I prefer a full documentation covering what Samba is able to do, instead
of one that restricts it to "popular choices". Sometimes people look for
things you never dreamt of - and it is good when you are fully aware what
the software is capable to achieve.

There are still scenarios where the current AD implementation is not
sufficient or difficult to use.

E.g. environments where external LDAP servers are used (according to the
Samba team you should use internal LDAP for now).

Or when you want to provision the AD domain on a system with NFSv4 ACLs
instead of POSIX (ZFS on FreeBSD). It is still quite experimental here and
needs workarounds.

I have both and NT4 domains seem to be a practical alternative to get
Samba and a domain service up and running (and reliable)

But I agree that we should cover the "best practise" first.

Talking about the pitfalls (e.g. problems mentioned above): It would be
good to have a place to look for them too, and, if possible, some "best
workaround" advice as given here on the list.

Unfortunately I am too busy with "other stuff" to move my Samba4 AD into
production at the moment - but the "don't do  this/ this is
experimental.." etc. remarks make me nervous. I am in the status of
procrastinating;-)

I have a problem to judge whether samba4 and AD really works in production
for me - but I used the NT domain functionality many times over the years,
with samba3.

IMHO it should be covered if it still works with Samba4.

Regards
Peter

More information about the samba mailing list