[Samba] Is there any book about Samba 4?

Marc Muehlfeld mmuehlfeld at samba.org
Fri May 23 09:52:57 MDT 2014

Hello Pablo,

Am 23.05.2014 15:48, schrieb Pablo Sanz:
> We have never used a Windows as
> AD, and now, that many applications require AD, we decided to implement
> Samba 4 as AD server. We will migrate from Samba 3 PDC to Samba 4 AD.

Ok. Now we know: It's a migration and not just a simple Samba 3 PDC to
Samba 4 PDC update. :-)

What version are you currently running on your PDC? 3.6.x?

> With your answers, and some reading of the samba wiki, we see that Samba
> 4, from implementation perspective, is documented in the wiki, and for
> admin use (after implementation) it works exactly the same as a Windows
> AD, right?

It should. If not, then you hit a bug (or a missing feature) ;-)
In that case, you should file a bug report.

> And we can use the same windows admin tools?

Yes. The Samba tool for administering AD is "samba-tool". But currently
there is not everything fully implemented. But Samba moves more into the
direction, that the administration gets fully Windows compatible. This
means, that you can use the Windows tools for that job. Install RSAT on
a Windows Workstation or VM:

> If I undertood well, Samba 4 AD differs from Samba 3 PDC only as user
> directory, and new functions, as GPO, but for file/printer sharing is
> almost the same?

It's a bit more. :-) A Samba PDC and Samba AD differs the same like an
MS NT4 PDC and Windows AD. The backend is completely different. AD
relies extremely on DNS. The management differs. And AD provides you
many more possibilities, like GPO, multi DC replication, etc.

But many things haven't changed and existing stuff like printer sharing,
etc. don't need to be changed on your existing servers. Your Member
Servers may just need a few configuration changes (realm, etc.).

What I would recommend is: Copy your PDC (LDAP/tdbsam, configs, etc.) to
a VM and try the migration there. Find out if every migrates smoothly.
Add a second VM where you copy the config/databases of e. g. a Member
Server/Print Server and check if everything works fine. 1000 users isn't
a small installation and surely you have other services authenticating
against your current PDC, which need to be adapted as well.

If you have any problems/questions, have a look at the Wiki HowTos. And
if not answered there, just come back and ask here on the list.

> Knowing this, we will follow your recommendations, and search for a good
> AD/GPO course and documentation.

I would suggest to buy a book about AD - even if not everything is might
be interesting (like installing a Windows server, etc). But it's good
for a first understanding what AD is, how it works, what it can do, etc.

I took a "Windows AD - best practice" training last year, what was very
helpful, because as a Linux/Samba Admin, I had a lot to
learn/understand, because I never worked with AD before. But a good book
about AD might be a good start. :-)


More information about the samba mailing list