[Samba] A set of questions before building a new server

L.P.H. van Belle belle at bazuin.nl
Tue Dec 9 07:14:31 MST 2014


If you dont need any guest access to the server/shares, then i suggest setup an AD. 
It gives so much more options for security settings for example.
I use it at home ( 2 pc's , 1 laptop ) 3 users.. with things like protection against malware .. 

and.. you will learn for the future..  ;-) 
Look at the wiki of Davor, the SOHO setup, thats a good starting point. 
get it before it's gone..

And if you do need guest access to server/shares.. wel.. than a "classic" setup with ldap is imo the best.
which tool for ldap setup.. i use ldapadmin and the old NT4 tools.



>-----Oorspronkelijk bericht-----
>Van: gaiseric.vandal at gmail.com 
>[mailto:samba-bounces at lists.samba.org] Namens Gaiseric Vandal
>Verzonden: dinsdag 9 december 2014 14:59
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] A set of questions before building a new server
>On 12/09/14 00:11, Robert Moskowitz wrote:
>> I have a Samba server here with 4 users and 4 XP systems.  Kind of 
>> small, but it does the job.  It is running as a PDC with roaming 
>> profiles.  I should note that I left professionally 
>supporting Windows 
>> networking around the time XP came out, so I have maintained an 
>> NTDomain through a number of incarnations (NT, Win2000, 
>Samba2/3) and 
>> use of someone elses packaging.  This time I want to use as 
>> direct-to-Samba as I can.  All I want with this server is to be a 
>> Samba server to Windows (and maybe Linux) machines.
>> I have new hardware, an armv7 board that I can run either 
>Redsleeve 6 
>> (Centos 6 arm port) that has Samba3 or Fedora 21 that has Samba4. I 
>> have new XP systems (updated with 'SP4' and right now standalone) 
>> ready to use this server.  I will have to migrate 2 of the old 
>> systems.  The new server can be on a new subnet with a new rfc1918 
>> network address.  I will also be serving gobal/static IPv6 addresses 
>> on this new network.  At some point I may actually have a 
>new Windows 
>> OS system, but there is no pressure here to do that.  My 
>family is so 
>> far content with Office 2003!
>> So a set of questions come up:
>> Do I migrate from NTDomain to AD, or stay with NTDomain for 
>a few more 
>> years?  Actually can be a total fresh build of AD.
>> Does AD require Samba 4?  I have looked at the Wiki, and 
>have not seen 
>> this clearly stated, but that is probably my reading challenges.
>> Does AD support roaming profiles?
>> I like that AD has the LDAP built in.  But do I still need an LDAP 
>> admin tool for AD?
>> If I stay with NTDomain, what LDAP tool to use?
>> As I start building, then rebuilding the new server, I know I will 
>> have more questions.  Hopefully most will be on the Wiki, and I will 
>> be able to find them.
>> thank you
>> Now back to reading more on the Wiki and elsewhere
>With Samba 4, you can can configure a "classic domain" the 
>same as with 
>Samba 3.    Recent versions of Fedora will include Samba 4 BUT they 
>don't include all  requirements to configure an Active 
>Directory domain 
>controller anyway.   And for 4 users a classic domain should be 
>sufficient.     (The only reason I would consider an AD environment 
>would be if you wanted to gain some experience .)        Since 
>this is a 
>single server environment there should not be any need to use 
>LDAP as a 
>backend-  you can use /etc/passwd for unix accounts and TDB 
>backend for 
>samba  accounts.    IF you wanted to gain some experience with 
>samba and 
>LDAP then you could install OpenLDAP or Oracle/Sun Directory Studio as 
>an LDAP backend both services.     I use apache directory studio for 
>LDAP management.
>Samba 3 can be a member of an AD domain but not a domain controller.
>I am not aware of any SP4 for XP.       You are no doubt aware that XP 
>and Office 2003 have been EOL'd.
>I have not used IPv6 addresses with Linux or Samba yet.   I don't know 
>how well XP supports IPv6.      You may want to hold off on IPv6 until 
>you move to Win 7 or later.
>With Samba 3, I found roaming profiles to be more trouble than 
>they were 
>worth.   The additional login and logout times were unacceptable.
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list