[Samba] A set of questions before building a new server

Robert Moskowitz rgm at htt-consult.com
Tue Dec 9 07:55:44 MST 2014

Thanks for responding

On 12/09/2014 05:59 AM, Gaiseric Vandal wrote:
> On 12/09/14 00:11, Robert Moskowitz wrote:
>> I have a Samba server here with 4 users and 4 XP systems.  Kind of 
>> small, but it does the job.  It is running as a PDC with roaming 
>> profiles.  I should note that I left professionally supporting 
>> Windows networking around the time XP came out, so I have maintained 
>> an NTDomain through a number of incarnations (NT, Win2000, Samba2/3) 
>> and use of someone elses packaging.  This time I want to use as 
>> direct-to-Samba as I can.  All I want with this server is to be a 
>> Samba server to Windows (and maybe Linux) machines.
>> I have new hardware, an armv7 board that I can run either Redsleeve 6 
>> (Centos 6 arm port) that has Samba3 or Fedora 21 that has Samba4. I 
>> have new XP systems (updated with 'SP4' and right now standalone) 
>> ready to use this server.  I will have to migrate 2 of the old 
>> systems.  The new server can be on a new subnet with a new rfc1918 
>> network address.  I will also be serving gobal/static IPv6 addresses 
>> on this new network.  At some point I may actually have a new Windows 
>> OS system, but there is no pressure here to do that.  My family is so 
>> far content with Office 2003!
>> So a set of questions come up:
>> Do I migrate from NTDomain to AD, or stay with NTDomain for a few 
>> more years?  Actually can be a total fresh build of AD.
>> Does AD require Samba 4?  I have looked at the Wiki, and have not 
>> seen this clearly stated, but that is probably my reading challenges.
>> Does AD support roaming profiles?
>> I like that AD has the LDAP built in.  But do I still need an LDAP 
>> admin tool for AD?
>> If I stay with NTDomain, what LDAP tool to use?
>> As I start building, then rebuilding the new server, I know I will 
>> have more questions.  Hopefully most will be on the Wiki, and I will 
>> be able to find them.
>> thank you
>> Now back to reading more on the Wiki and elsewhere
> With Samba 4, you can can configure a "classic domain" the same as 
> with Samba 3.    Recent versions of Fedora will include Samba 4 BUT 
> they don't include all  requirements to configure an Active Directory 
> domain controller anyway.

I want to do this over the next month...  So what is Fedora missing?  I 
want ARM over INTEL for the power savings (70w vs 2w).

> And for 4 users a classic domain should be sufficient.     (The only 
> reason I would consider an AD environment would be if you wanted to 
> gain some experience .)

I may need that, as I am being laid off the 1st of the year. :(

> Since this is a single server environment there should not be any need 
> to use LDAP as a backend-  you can use /etc/passwd for unix accounts 
> and TDB backend for samba  accounts.    IF you wanted to gain some 
> experience with samba and LDAP then you could install OpenLDAP or 
> Oracle/Sun Directory Studio as an LDAP backend both services.     I 
> use apache directory studio for LDAP management.

I want to go the OpenLDAP route.  Where do I find out about the apache 
directory studio?

> Samba 3 can be a member of an AD domain but not a domain controller.
> I am not aware of any SP4 for XP.       You are no doubt aware that XP 
> and Office 2003 have been EOL'd.

Google it.   Some fellow has put together all of the patches since SP3 
in a reasonable package, including the little tool out there that sets 
the registry to say this is a POS that MS will be supporting with basic 
patches for a number more years yet.  Good enough for the home systems.

> I have not used IPv6 addresses with Linux or Samba yet.   I don't know 
> how well XP supports IPv6.      You may want to hold off on IPv6 until 
> you move to Win 7 or later.

I have been using IPv6 with Linux for 3+ years.  With XP there is/was a 
patch; testing called for.  Not too important for the XP systems, other 
than I would have to run a 4-6 web proxy before I sundown the XP boxes.

> With Samba 3, I found roaming profiles to be more trouble than they 
> were worth.   The additional login and logout times were unacceptable.

I have been running roaming profiles on Samba 3 for 4+ years.  Of 
course, I don't put data in the user profile, but else where on the 
systems, and get my users to really use their home directory on the 
server.  Login/out times are for copying the profile.  Work with your 
users (my wife!) to not save documents locally in their profile.

More information about the samba mailing list