[Samba] A set of questions before building a new server

Gaiseric Vandal gaiseric.vandal at gmail.com
Tue Dec 9 06:59:15 MST 2014 

On 12/09/14 00:11, Robert Moskowitz wrote:
> I have a Samba server here with 4 users and 4 XP systems.  Kind of 
> small, but it does the job.  It is running as a PDC with roaming 
> profiles.  I should note that I left professionally supporting Windows 
> networking around the time XP came out, so I have maintained an 
> NTDomain through a number of incarnations (NT, Win2000, Samba2/3) and 
> use of someone elses packaging.  This time I want to use as 
> direct-to-Samba as I can.  All I want with this server is to be a 
> Samba server to Windows (and maybe Linux) machines.
>
> I have new hardware, an armv7 board that I can run either Redsleeve 6 
> (Centos 6 arm port) that has Samba3 or Fedora 21 that has Samba4. I 
> have new XP systems (updated with 'SP4' and right now standalone) 
> ready to use this server.  I will have to migrate 2 of the old 
> systems.  The new server can be on a new subnet with a new rfc1918 
> network address.  I will also be serving gobal/static IPv6 addresses 
> on this new network.  At some point I may actually have a new Windows 
> OS system, but there is no pressure here to do that.  My family is so 
> far content with Office 2003!
>
> So a set of questions come up:
>
> Do I migrate from NTDomain to AD, or stay with NTDomain for a few more 
> years?  Actually can be a total fresh build of AD.
> Does AD require Samba 4?  I have looked at the Wiki, and have not seen 
> this clearly stated, but that is probably my reading challenges.
> Does AD support roaming profiles?
> I like that AD has the LDAP built in.  But do I still need an LDAP 
> admin tool for AD?
> If I stay with NTDomain, what LDAP tool to use?
>
> As I start building, then rebuilding the new server, I know I will 
> have more questions.  Hopefully most will be on the Wiki, and I will 
> be able to find them.
>
> thank you
> Now back to reading more on the Wiki and elsewhere
>

With Samba 4, you can can configure a "classic domain" the same as with 
Samba 3.    Recent versions of Fedora will include Samba 4 BUT they 
don't include all  requirements to configure an Active Directory domain 
controller anyway.   And for 4 users a classic domain should be 
sufficient.     (The only reason I would consider an AD environment 
would be if you wanted to gain some experience .)        Since this is a 
single server environment there should not be any need to use LDAP as a 
backend-  you can use /etc/passwd for unix accounts and TDB backend for 
samba  accounts.    IF you wanted to gain some experience with samba and 
LDAP then you could install OpenLDAP or Oracle/Sun Directory Studio as 
an LDAP backend both services.     I use apache directory studio for 
LDAP management.


Samba 3 can be a member of an AD domain but not a domain controller.


I am not aware of any SP4 for XP.       You are no doubt aware that XP 
and Office 2003 have been EOL'd.

I have not used IPv6 addresses with Linux or Samba yet.   I don't know 
how well XP supports IPv6.      You may want to hold off on IPv6 until 
you move to Win 7 or later.

With Samba 3, I found roaming profiles to be more trouble than they were 
worth.   The additional login and logout times were unacceptable.

More information about the samba mailing list