[Samba] migration from samba3 -> 4 architecture goal question

Karel Lang AFD lang at afd.cz
Tue Oct 7 02:10:47 MDT 2014

Thank you Daniel!

So no regrets going AD?
As i explained, even if i decide 'jump this bandwagon' too, i could do 
it in like 8-10 months timeframe.

Do you think it makes sense to update to Samba4 classic in meantime, 
while i wait for new Hardware for new serverroom and wait for RHEL 
(CentOS) 7.1 (7.2)?


On 10/07/2014 07:53 AM, Daniel Müller wrote:
> Hello,
> If you go Samba4 you go ADS.
> And meanwhile --I had a similar environment like yours--- I do not want to
> go back again.
> Samba4 serves as auth principal for my centos servers, dovecot imap, all
> windows servers and clients without any issue.
> With SOGo/Openchange  another open source software I reach a exchange like
> environment for the outlook clients.
> EDV Daniel Müller
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> Paul-Lechler-Str. 24
> 72076 Tübingen
> Tel.: 07071/206-463, Fax: 07071/206-499
> eMail: mueller at tropenklinik.de
> Internet: www.tropenklinik.de
> -----Ursprüngliche Nachricht-----
> Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
> Auftrag von Karel Lang AFD
> Gesendet: Montag, 6. Oktober 2014 23:55
> An: samba at lists.samba.org
> Betreff: [Samba] migration from samba3 -> 4 architecture goal question
> Hello list and all,
> this is my case:
> 4month ago i joined new job with company:
> 400 employees, RHEL and CEntOS 6.5 servers in backbone (and some windows
> servers as app servers), with one Samba3 PDC fileserver/domain server with
> tdbsam backend for windows 7 workstations and NIS for Linux workstation and
> servers authentication... you can imagine this situation was a bit mess
> My goal was to improve user authentication process, network speed (user
> roaming profile size etc), Zimbra implementation etc.
> With the help of great people here on this list and others i migrated all
> users to 389 Directory server and thus i achieved united authentication for
> users (samba + ldap backend for windows workstations and SSSD daemon + ldap
> backend for unix / linux authentication) I implemented 2new BDC servers and
> now i'm process of creating another
> 389 DS (slave) server to add robustness.
> After tunning of smb.conf and linux kernel parameters i achieve up to 50MB/s
> transfer speed of files over CIFS (this is top for one big file, meaning
> it's always less)
> Now, after all work done, users are quite happier, but the network speed
> over CIFS is still issue (compared eg. to NFS4).
> Situation now:
> what i want most of Samba4 is the access to SMB2 an SMB3 protocols with
> hopes of higher LAN speed data transfers.
> My concern is now, that Samba4 is a very different beast and i'm not
> entirely sure, the AD should be my goal in mixed environment of windows
> and unix servers and windows and unix workstations.
> questions:
> 1. if i go with Samba4 AD scenario migration - is SSSD Linux daemon able
> to authenticate users against LDAP server bundled with Samba?
> 2. is it possible to update Samba3 - Samba4 while retain 'classic' NTv4
> like domain architecture? (the internet search didn't turn with examples
> of ppl doing this - everyone goes 'crazy' for Samba4 AD from SAmba 3).
> This is actually my main question - because if this is possible, this
> would give me (correct me if wrong)
> - the access to new SMB protocols, while not breaking current setup
> architecture (hard-worked out after 2month of sleepless nights)
> - achieve higher LAN transfer speeds in 'faster' time horizon
> - give to time to rethink over/test the migration process to AD (if i
> decide i need it)
> - gain time to wait for new HW planned for RHEL 7.x servers
> - because again, if i decide to switch to AD i'd like to do this on new
> RHEL 7.x servers and not on 6x (distro lifetime cycle is getting near
> end) and this means wait until RHEL gets to version 7.2 and is stable
> and bug free enough
> 3. this question follows previos - if i go with Samba4 'classic' domain,
> is it doable (hard / easy?) to switch it to AD afterwards?
> 4. should i go for some MS windows course to get better understanding of
> AD in case i decide to 'go for it'?
> So basically you see, i need to gain some time for study and test Samba
> 4 AD, yet, i'd like to get benefit of new samba protocols faster for
> better LAN speed transfers..
> Thank you guys for reading this far :]
> Karel Lang

More information about the samba mailing list