[Samba] samba4 best practices questions

Andrew Bartlett abartlet at samba.org
Sun Feb 9 18:41:52 MST 2014

On Sat, 2014-02-08 at 14:46 -0600, Joe Maloney wrote:
> I'm interested in using samba4 in a production environment that has
> multiple locations tied together via a WAN.  In order to do so I need to
> figure out what is the absolute most stable and supported path.
> I found this email thread here stating samba4 ad roles, and file server
> roles should be on separate servers.
> https://groups.google.com/forum/#!topic/mailing.unix.samba/QySoM_uGGL8
> Can anyone answer is this still the case?
> In addition I've been noticing that sysvol replication is not officially
> supported and third party tools such as rsync can be used as a work
> around.  So I think I would ultimately like each location to have it's own
> standalone PDC or just member servers of the PDC.

Your language is a bit confusing.  Each location should have at least
one DC (depending on the size of the location), and if possible a
separate file server. 

> My question is are trust relationships working between samba 4 and samba4
> servers yet?   I've been reading that trust relationships are one way only
> does this apply to samba servers only talking to eachother as well?  Could
> one user from one location log in at another location and so on this way?
> Is this just a bad idea altogether right now?

This refers to trusts between different DOMAINS or REALMS, not between
servers in the domain, which is fully functional. 

> If the above is not possible would joining file servers as member servers
> only prove to be the best way forward until these features are
> implimented?  Thanks in advance for any help or advice you may be able to
> provide.

Your file severs should be joined as a member server. 

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list