[Samba] A set of questions before building a new server

Gaiseric Vandal gaiseric.vandal at gmail.com
Tue Dec 9 10:10:04 MST 2014 

On 12/09/14 09:55, Robert Moskowitz wrote:
> Thanks for responding
>
> On 12/09/2014 05:59 AM, Gaiseric Vandal wrote:
>> On 12/09/14 00:11, Robert Moskowitz wrote:
>>> I have a Samba server here with 4 users and 4 XP systems.  Kind of 
>>> small, but it does the job.  It is running as a PDC with roaming 
>>> profiles.  I should note that I left professionally supporting 
>>> Windows networking around the time XP came out, so I have maintained 
>>> an NTDomain through a number of incarnations (NT, Win2000, Samba2/3) 
>>> and use of someone elses packaging.  This time I want to use as 
>>> direct-to-Samba as I can.  All I want with this server is to be a 
>>> Samba server to Windows (and maybe Linux) machines.
>>>
>>> I have new hardware, an armv7 board that I can run either Redsleeve 
>>> 6 (Centos 6 arm port) that has Samba3 or Fedora 21 that has Samba4. 
>>> I have new XP systems (updated with 'SP4' and right now standalone) 
>>> ready to use this server.  I will have to migrate 2 of the old 
>>> systems.  The new server can be on a new subnet with a new rfc1918 
>>> network address.  I will also be serving gobal/static IPv6 addresses 
>>> on this new network.  At some point I may actually have a new 
>>> Windows OS system, but there is no pressure here to do that.  My 
>>> family is so far content with Office 2003!
>>>
>>> So a set of questions come up:
>>>
>>> Do I migrate from NTDomain to AD, or stay with NTDomain for a few 
>>> more years?  Actually can be a total fresh build of AD.
>>> Does AD require Samba 4?  I have looked at the Wiki, and have not 
>>> seen this clearly stated, but that is probably my reading challenges.
>>> Does AD support roaming profiles?
>>> I like that AD has the LDAP built in.  But do I still need an LDAP 
>>> admin tool for AD?
>>> If I stay with NTDomain, what LDAP tool to use?
>>>
>>> As I start building, then rebuilding the new server, I know I will 
>>> have more questions.  Hopefully most will be on the Wiki, and I will 
>>> be able to find them.
>>>
>>> thank you
>>> Now back to reading more on the Wiki and elsewhere
>>>
>>
>> With Samba 4, you can can configure a "classic domain" the same as 
>> with Samba 3.    Recent versions of Fedora will include Samba 4 BUT 
>> they don't include all  requirements to configure an Active Directory 
>> domain controller anyway.
>
> I want to do this over the next month...  So what is Fedora missing?  
> I want ARM over INTEL for the power savings (70w vs 2w).
>
>> And for 4 users a classic domain should be sufficient.     (The only 
>> reason I would consider an AD environment would be if you wanted to 
>> gain some experience .)
>
> I may need that, as I am being laid off the 1st of the year. :(
>
>> Since this is a single server environment there should not be any 
>> need to use LDAP as a backend-  you can use /etc/passwd for unix 
>> accounts and TDB backend for samba accounts.    IF you wanted to gain 
>> some experience with samba and LDAP then you could install OpenLDAP 
>> or Oracle/Sun Directory Studio as an LDAP backend both services.     
>> I use apache directory studio for LDAP management.
>
> I want to go the OpenLDAP route.  Where do I find out about the apache 
> directory studio?
>
>> Samba 3 can be a member of an AD domain but not a domain controller.
>>
>> I am not aware of any SP4 for XP.       You are no doubt aware that 
>> XP and Office 2003 have been EOL'd.
>
> Google it.   Some fellow has put together all of the patches since SP3 
> in a reasonable package, including the little tool out there that sets 
> the registry to say this is a POS that MS will be supporting with 
> basic patches for a number more years yet.  Good enough for the home 
> systems.
>
>> I have not used IPv6 addresses with Linux or Samba yet.   I don't 
>> know how well XP supports IPv6.      You may want to hold off on IPv6 
>> until you move to Win 7 or later.
>
> I have been using IPv6 with Linux for 3+ years.  With XP there is/was 
> a patch; testing called for.  Not too important for the XP systems, 
> other than I would have to run a 4-6 web proxy before I sundown the XP 
> boxes.
>
>> With Samba 3, I found roaming profiles to be more trouble than they 
>> were worth.   The additional login and logout times were unacceptable.
>>
>
> I have been running roaming profiles on Samba 3 for 4+ years.  Of 
> course, I don't put data in the user profile, but else where on the 
> systems, and get my users to really use their home directory on the 
> server.  Login/out times are for copying the profile.  Work with your 
> users (my wife!) to not save documents locally in their profile.
>
>


Apache Directory Studio is available at
http://projects.apache.org/projects/directory_studio.html

It is NOT specific to OpenLDAP or any other directory server.    there 
are other free LDAP Browsers and Editors available but I think this one 
because it is available for mac, windows and linux.      I don't use 
Samba 4 as a DC-  it will have its own tools for managing samba users.  
But Apache Directory Studio may be useful when you are trying to tweek 
the unix attributes .

If you look thru previous posts to this forum you will see that Samba 4 
uses Heimdal Kerberos libraries , while Fedora uses MIT kerberos 
libraries, so you need to recompile Samba 4 from scratch will all the 
appropriate dependencies.  I have not done this. Samba 4 as an AD DC  
includes its own LDAP server.

I would also try the move to Win 7 Professional.  If you are planning to 
get back into tech support  you will want that experience.


I prefer fedora over centos for the broader and more current package 
availability.   centos is used when people want a potentially more 
verified and stable distribution.

More information about the samba mailing list