[Samba] Is there any book about Samba 4?

Fri May 23 10:24:57 MDT 2014

Marc, thanks for your helpfull response.

We are using Samba 3.6.9-167 on a RHEL 6.0 x64.

First we planned to do a "clean" Samba 4 installation on a VM, but now 
we see is better to simulate the upgrade on a VM directly. Moreover, the 
current samba 3 PDC server is on a VM, so we can clone that VM directly, 
put on a test network environment, separate from production environment, 
and begin the test-fail-test-success process ;-)

Regards,

Pablo Sanz.

El 23/05/2014 17:52, Marc Muehlfeld escribió:
> Hello Pablo,
>
>
> Am 23.05.2014 15:48, schrieb Pablo Sanz:
>> We have never used a Windows as
>> AD, and now, that many applications require AD, we decided to implement
>> Samba 4 as AD server. We will migrate from Samba 3 PDC to Samba 4 AD.
> Ok. Now we know: It's a migration and not just a simple Samba 3 PDC to
> Samba 4 PDC update. :-)
>
> What version are you currently running on your PDC? 3.6.x?
>
>
>
>> With your answers, and some reading of the samba wiki, we see that Samba
>> 4, from implementation perspective, is documented in the wiki, and for
>> admin use (after implementation) it works exactly the same as a Windows
>> AD, right?
> It should. If not, then you hit a bug (or a missing feature) ;-)
> In that case, you should file a bug report.
>
>
>
>> And we can use the same windows admin tools?
> Yes. The Samba tool for administering AD is "samba-tool". But currently
> there is not everything fully implemented. But Samba moves more into the
> direction, that the administration gets fully Windows compatible. This
> means, that you can use the Windows tools for that job. Install RSAT on
> a Windows Workstation or VM:
> https://wiki.samba.org/index.php/Installing_RSAT_on_Windows_for_AD_Management
>
>
>
>> If I undertood well, Samba 4 AD differs from Samba 3 PDC only as user
>> directory, and new functions, as GPO, but for file/printer sharing is
>> almost the same?
> It's a bit more. :-) A Samba PDC and Samba AD differs the same like an
> MS NT4 PDC and Windows AD. The backend is completely different. AD
> relies extremely on DNS. The management differs. And AD provides you
> many more possibilities, like GPO, multi DC replication, etc.
>
> But many things haven't changed and existing stuff like printer sharing,
> etc. don't need to be changed on your existing servers. Your Member
> Servers may just need a few configuration changes (realm, etc.).
>
> What I would recommend is: Copy your PDC (LDAP/tdbsam, configs, etc.) to
> a VM and try the migration there. Find out if every migrates smoothly.
> Add a second VM where you copy the config/databases of e. g. a Member
> Server/Print Server and check if everything works fine. 1000 users isn't
> a small installation and surely you have other services authenticating
> against your current PDC, which need to be adapted as well.
>
> If you have any problems/questions, have a look at the Wiki HowTos. And
> if not answered there, just come back and ask here on the list.
>
>
>
>> Knowing this, we will follow your recommendations, and search for a good
>> AD/GPO course and documentation.
> I would suggest to buy a book about AD - even if not everything is might
> be interesting (like installing a Windows server, etc). But it's good
> for a first understanding what AD is, how it works, what it can do, etc.
>
> I took a "Windows AD - best practice" training last year, what was very
> helpful, because as a Linux/Samba Admin, I had a lot to
> learn/understand, because I never worked with AD before. But a good book
> about AD might be a good start. :-)
>
>
>
> Regards,
> Marc

-- 

Pablo Sanz

Empresarios Agrupados

Magallanes 3

28015 Madrid

Tel. +34 91 309 80 00 (ext: 8206)

psf at empre.es <mailto:psf at empre.es>

---------------------------------------------------------------------
This message may contain confidential and/or privileged information.
If you are not the addressee or authorized to receive this for the 
addressee, you must not use, copy, disclose or take any action based 
on this message or any information herein. If you have received this 
message by mistake, please advise the sender immediately by reply 
e-mail and delete this message. Thank you for your cooperation.
Visit our web page: www.empre.es

Este mensaje puede contener información confidencial o privilegiada.
Si Vd. no es el destinatario ni está autorizado por el mismo para 
recibir este mensaje, Vd. no debe usar, copiar, revelar ni tomar 
ninguna medida basada en este mensaje o en la información que 
contiene. Si Vd. ha recibido este mensaje por error, notifíquelo de 
forma inmediata al remitente por correo electrónico y borre el 
mensaje. Gracias por su cooperación.
Visite nuestra página web: www.empre.es
---------------------------------------------------------------------

Please, Do not print this message unless it is necessary. 
Our environment is in our hands.
Antes de imprimir este mensaje, asegúrese de que es necesario.
El medio ambiente está en nuestra mano.