[Samba] A set of questions before building a new server

Gaiseric Vandal gaiseric.vandal at gmail.com
Tue Dec 9 10:10:04 MST 2014

On 12/09/14 09:55, Robert Moskowitz wrote:
> Thanks for responding
> On 12/09/2014 05:59 AM, Gaiseric Vandal wrote:
>> On 12/09/14 00:11, Robert Moskowitz wrote:
>>> I have a Samba server here with 4 users and 4 XP systems.  Kind of 
>>> small, but it does the job.  It is running as a PDC with roaming 
>>> profiles.  I should note that I left professionally supporting 
>>> Windows networking around the time XP came out, so I have maintained 
>>> an NTDomain through a number of incarnations (NT, Win2000, Samba2/3) 
>>> and use of someone elses packaging.  This time I want to use as 
>>> direct-to-Samba as I can.  All I want with this server is to be a 
>>> Samba server to Windows (and maybe Linux) machines.
>>> I have new hardware, an armv7 board that I can run either Redsleeve 
>>> 6 (Centos 6 arm port) that has Samba3 or Fedora 21 that has Samba4. 
>>> I have new XP systems (updated with 'SP4' and right now standalone) 
>>> ready to use this server.  I will have to migrate 2 of the old 
>>> systems.  The new server can be on a new subnet with a new rfc1918 
>>> network address.  I will also be serving gobal/static IPv6 addresses 
>>> on this new network.  At some point I may actually have a new 
>>> Windows OS system, but there is no pressure here to do that.  My 
>>> family is so far content with Office 2003!
>>> So a set of questions come up:
>>> Do I migrate from NTDomain to AD, or stay with NTDomain for a few 
>>> more years?  Actually can be a total fresh build of AD.
>>> Does AD require Samba 4?  I have looked at the Wiki, and have not 
>>> seen this clearly stated, but that is probably my reading challenges.
>>> Does AD support roaming profiles?
>>> I like that AD has the LDAP built in.  But do I still need an LDAP 
>>> admin tool for AD?
>>> If I stay with NTDomain, what LDAP tool to use?
>>> As I start building, then rebuilding the new server, I know I will 
>>> have more questions.  Hopefully most will be on the Wiki, and I will 
>>> be able to find them.
>>> thank you
>>> Now back to reading more on the Wiki and elsewhere
>> With Samba 4, you can can configure a "classic domain" the same as 
>> with Samba 3.    Recent versions of Fedora will include Samba 4 BUT 
>> they don't include all  requirements to configure an Active Directory 
>> domain controller anyway.
> I want to do this over the next month...  So what is Fedora missing?  
> I want ARM over INTEL for the power savings (70w vs 2w).
>> And for 4 users a classic domain should be sufficient.     (The only 
>> reason I would consider an AD environment would be if you wanted to 
>> gain some experience .)
> I may need that, as I am being laid off the 1st of the year. :(
>> Since this is a single server environment there should not be any 
>> need to use LDAP as a backend-  you can use /etc/passwd for unix 
>> accounts and TDB backend for samba accounts.    IF you wanted to gain 
>> some experience with samba and LDAP then you could install OpenLDAP 
>> or Oracle/Sun Directory Studio as an LDAP backend both services.     
>> I use apache directory studio for LDAP management.
> I want to go the OpenLDAP route.  Where do I find out about the apache 
> directory studio?
>> Samba 3 can be a member of an AD domain but not a domain controller.
>> I am not aware of any SP4 for XP.       You are no doubt aware that 
>> XP and Office 2003 have been EOL'd.
> Google it.   Some fellow has put together all of the patches since SP3 
> in a reasonable package, including the little tool out there that sets 
> the registry to say this is a POS that MS will be supporting with 
> basic patches for a number more years yet.  Good enough for the home 
> systems.
>> I have not used IPv6 addresses with Linux or Samba yet.   I don't 
>> know how well XP supports IPv6.      You may want to hold off on IPv6 
>> until you move to Win 7 or later.
> I have been using IPv6 with Linux for 3+ years.  With XP there is/was 
> a patch; testing called for.  Not too important for the XP systems, 
> other than I would have to run a 4-6 web proxy before I sundown the XP 
> boxes.
>> With Samba 3, I found roaming profiles to be more trouble than they 
>> were worth.   The additional login and logout times were unacceptable.
> I have been running roaming profiles on Samba 3 for 4+ years.  Of 
> course, I don't put data in the user profile, but else where on the 
> systems, and get my users to really use their home directory on the 
> server.  Login/out times are for copying the profile.  Work with your 
> users (my wife!) to not save documents locally in their profile.

Apache Directory Studio is available at

It is NOT specific to OpenLDAP or any other directory server.    there 
are other free LDAP Browsers and Editors available but I think this one 
because it is available for mac, windows and linux.      I don't use 
Samba 4 as a DC-  it will have its own tools for managing samba users.  
But Apache Directory Studio may be useful when you are trying to tweek 
the unix attributes .

If you look thru previous posts to this forum you will see that Samba 4 
uses Heimdal Kerberos libraries , while Fedora uses MIT kerberos 
libraries, so you need to recompile Samba 4 from scratch will all the 
appropriate dependencies.  I have not done this. Samba 4 as an AD DC  
includes its own LDAP server.

I would also try the move to Win 7 Professional.  If you are planning to 
get back into tech support  you will want that experience.

I prefer fedora over centos for the broader and more current package 
availability.   centos is used when people want a potentially more 
verified and stable distribution.

More information about the samba mailing list