[Samba] migration from samba3 -> 4 architecture goal question

Mon Oct 6 15:54:38 MDT 2014

Hello list and all,
this is my case:

4month ago i joined new job with company:
400 employees, RHEL and CEntOS 6.5 servers in backbone (and some windows 
servers as app servers), with one Samba3 PDC fileserver/domain server 
with tdbsam backend for windows 7 workstations and NIS for Linux 
workstation and servers authentication... you can imagine this situation 
was a bit mess

My goal was to improve user authentication process, network speed (user 
roaming profile size etc), Zimbra implementation etc.

With the help of great people here on this list and others i migrated 
all users to 389 Directory server and thus i achieved united 
authentication for users (samba + ldap backend for windows workstations 
and SSSD daemon + ldap backend for unix / linux authentication)
I implemented 2new BDC servers and now i'm process of creating another 
389 DS (slave) server to add robustness.

After tunning of smb.conf and linux kernel parameters i achieve up to 
50MB/s transfer speed of files over CIFS (this is top for one big file, 
meaning it's always less)

Now, after all work done, users are quite happier, but the network speed 
over CIFS is still issue (compared eg. to NFS4).

Situation now:
what i want most of Samba4 is the access to SMB2 an SMB3 protocols with 
hopes of higher LAN speed data transfers.

My concern is now, that Samba4 is a very different beast and i'm not 
entirely sure, the AD should be my goal in mixed environment of windows 
and unix servers and windows and unix workstations.

questions:
1. if i go with Samba4 AD scenario migration - is SSSD Linux daemon able 
to authenticate users against LDAP server bundled with Samba?

2. is it possible to update Samba3 - Samba4 while retain 'classic' NTv4 
like domain architecture? (the internet search didn't turn with examples 
of ppl doing this - everyone goes 'crazy' for Samba4 AD from SAmba 3).

This is actually my main question - because if this is possible, this 
would give me (correct me if wrong)
- the access to new SMB protocols, while not breaking current setup 
architecture (hard-worked out after 2month of sleepless nights)
- achieve higher LAN transfer speeds in 'faster' time horizon
- give to time to rethink over/test the migration process to AD (if i 
decide i need it)
- gain time to wait for new HW planned for RHEL 7.x servers
- because again, if i decide to switch to AD i'd like to do this on new 
RHEL 7.x servers and not on 6x (distro lifetime cycle is getting near 
end) and this means wait until RHEL gets to version 7.2 and is stable 
and bug free enough

3. this question follows previos - if i go with Samba4 'classic' domain, 
is it doable (hard / easy?) to switch it to AD afterwards?

4. should i go for some MS windows course to get better understanding of 
AD in case i decide to 'go for it'?

So basically you see, i need to gain some time for study and test Samba 
4 AD, yet, i'd like to get benefit of new samba protocols faster for 
better LAN speed transfers..

Thank you guys for reading this far :]

Karel Lang