[Samba] looking for recommendations

Marc Muehlfeld samba at marc-muehlfeld.de
Thu Mar 6 12:07:48 MST 2014

Hello David,

Am 06.03.2014 18:04, schrieb David Bear:
> The first is easy -- simple AD DC for a home network. I think the only
> option I question is whether to use bind as a caching resolver or just go
> simple and use samba internal. I'm tempted to setup up Bind because a
> second and third use case involve setup of samba for a small small office.

If you want to keep it simple: use the internal DNS.

I would suggest: Start with the internal DNS. If it works fine for your 
requirements, keep it. If you miss something that can't be achieved, 
switch over to BIND. In the Wiki you will find how to switch with a few 
commands between the two DNS servers.

> There are 2 things I want to be able to accomplish with my home network.
> First, I have a qnap nas that I want to join to the samba AD and use as a
> simple file server. The second is that since all my home computers are
> linux (I force my kids to use linux) I would like some simple way to get
> auth tokens from the samba AD DC that would allow them to seamlessly
> connect to the qnap nas. Any experiences with this combination would be
> appreciated.

If you simply need something to authenticate a member server (qnap), you 
can use Samba as NT4-style PDC. It's much simpler to setup and to 
maintain. The Samba AD would be interesting if GPO, Kerberos, etc. would 
be neccessary. But if it should be small, I would choose the PDC for that.

Side note, because this often confuses people: Samba 4x can be an AD DC, 
but still does everything 3x had done in the past, like being an PDC. 
You don't have to setup an DC, only if you choosed Samba 4.

> The second use case would be to setup up samba 4 AD DC in an existing
> Windows AD DC as an additional DC. The goal would be to have the samba DC
> replicate all the DC data from the windows server so we can eventually shut
> down the windows server. Its old and we want to have a seamless
> 'replacement' for it. Are there any good war stories people have about
> doing this? I did see
> https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC but was
> wondering if it is 'complete' enough.

The HowTo is fine and works great. If you encounter any problems, then 
we should discuss this here on the list. Then maybe there's something 
special with the environment or you hit a bug. We'll find a solution. :-)

If you want to replace an existing Windows DC with Samba, you should 
first find out, what things you require from a DC. Samba is really 
great, but it's not a 100% replacement for a Windows server in all 

If you can post a list of what things you require from your DC, like 
separate passwort settings per OU, etc., we can say if it's already 
working. :-)

> The final use case is to use a samba 4 AD DC as an upgrade and replacement
> path for a Samba 3 PDC. I would love to no longer had the requirement that
> samba put all machine and user accounts in /etc/passwd and I seem to
> remember catching something like that in one of the posts to this list.. If
> I can avoid setting up ldap and just using samba's internal ldap, I would
> love keep things simple. But again -- we go back to the question, which
> internal samba services should I just use because they 'just work' for 99%
> of the cases.. In my case I have no need to replicate user accounts across
> multiple linux machines -- hence, I don't think I need ldap... Any wisdom
> on this would be greatly appreciated.

If you run Samba as and DC, there aren't many choices which internal 
services you can use. You have to use all internal ones. Only for DNS 
you can decide by yourself. :-)

If you have a working Samba 3x PDC and want to keep it simple, then 
update to 4x. But not to an AD. Stay with your PDC if you don't require 
the AD stuff. The update is like it was when you switched from 3.5 to 3.6.


More information about the samba mailing list