[Samba] migration from samba3 -> 4 architecture goal question

Sven Schwedas sven.schwedas at tao.at
Tue Oct 7 02:13:33 MDT 2014

On 2014-10-07 10:10, Karel Lang AFD wrote:
> Thank you Daniel!
> So no regrets going AD?
> As i explained, even if i decide 'jump this bandwagon' too, i could do
> it in like 8-10 months timeframe.
> Do you think it makes sense to update to Samba4 classic in meantime,
> while i wait for new Hardware for new serverroom and wait for RHEL
> (CentOS) 7.1 (7.2)?

As far as I understand it, samba4 in "classic" mode just uses the 3.x
codebase, so it shouldn't make a difference.

> Karel
> On 10/07/2014 07:53 AM, Daniel Müller wrote:
>> Hello,
>> If you go Samba4 you go ADS.
>> And meanwhile --I had a similar environment like yours--- I do not
>> want to
>> go back again.
>> Samba4 serves as auth principal for my centos servers, dovecot imap, all
>> windows servers and clients without any issue.
>> With SOGo/Openchange  another open source software I reach a exchange
>> like
>> environment for the outlook clients.
>> EDV Daniel Müller
>> Leitung EDV
>> Tropenklinik Paul-Lechler-Krankenhaus
>> Paul-Lechler-Str. 24
>> 72076 Tübingen
>> Tel.: 07071/206-463, Fax: 07071/206-499
>> eMail: mueller at tropenklinik.de
>> Internet: www.tropenklinik.de
>> -----Ursprüngliche Nachricht-----
>> Von: samba-bounces at lists.samba.org
>> [mailto:samba-bounces at lists.samba.org] Im
>> Auftrag von Karel Lang AFD
>> Gesendet: Montag, 6. Oktober 2014 23:55
>> An: samba at lists.samba.org
>> Betreff: [Samba] migration from samba3 -> 4 architecture goal question
>> Hello list and all,
>> this is my case:
>> 4month ago i joined new job with company:
>> 400 employees, RHEL and CEntOS 6.5 servers in backbone (and some windows
>> servers as app servers), with one Samba3 PDC fileserver/domain server
>> with
>> tdbsam backend for windows 7 workstations and NIS for Linux
>> workstation and
>> servers authentication... you can imagine this situation was a bit mess
>> My goal was to improve user authentication process, network speed (user
>> roaming profile size etc), Zimbra implementation etc.
>> With the help of great people here on this list and others i migrated all
>> users to 389 Directory server and thus i achieved united
>> authentication for
>> users (samba + ldap backend for windows workstations and SSSD daemon +
>> ldap
>> backend for unix / linux authentication) I implemented 2new BDC
>> servers and
>> now i'm process of creating another
>> 389 DS (slave) server to add robustness.
>> After tunning of smb.conf and linux kernel parameters i achieve up to
>> 50MB/s
>> transfer speed of files over CIFS (this is top for one big file, meaning
>> it's always less)
>> Now, after all work done, users are quite happier, but the network speed
>> over CIFS is still issue (compared eg. to NFS4).
>> Situation now:
>> what i want most of Samba4 is the access to SMB2 an SMB3 protocols with
>> hopes of higher LAN speed data transfers.
>> My concern is now, that Samba4 is a very different beast and i'm not
>> entirely sure, the AD should be my goal in mixed environment of windows
>> and unix servers and windows and unix workstations.
>> questions:
>> 1. if i go with Samba4 AD scenario migration - is SSSD Linux daemon able
>> to authenticate users against LDAP server bundled with Samba?
>> 2. is it possible to update Samba3 - Samba4 while retain 'classic' NTv4
>> like domain architecture? (the internet search didn't turn with examples
>> of ppl doing this - everyone goes 'crazy' for Samba4 AD from SAmba 3).
>> This is actually my main question - because if this is possible, this
>> would give me (correct me if wrong)
>> - the access to new SMB protocols, while not breaking current setup
>> architecture (hard-worked out after 2month of sleepless nights)
>> - achieve higher LAN transfer speeds in 'faster' time horizon
>> - give to time to rethink over/test the migration process to AD (if i
>> decide i need it)
>> - gain time to wait for new HW planned for RHEL 7.x servers
>> - because again, if i decide to switch to AD i'd like to do this on new
>> RHEL 7.x servers and not on 6x (distro lifetime cycle is getting near
>> end) and this means wait until RHEL gets to version 7.2 and is stable
>> and bug free enough
>> 3. this question follows previos - if i go with Samba4 'classic' domain,
>> is it doable (hard / easy?) to switch it to AD afterwards?
>> 4. should i go for some MS windows course to get better understanding of
>> AD in case i decide to 'go for it'?
>> So basically you see, i need to gain some time for study and test Samba
>> 4 AD, yet, i'd like to get benefit of new samba protocols faster for
>> better LAN speed transfers..
>> Thank you guys for reading this far :]
>> Karel Lang

Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas
TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
Mail/XMPP: sven.schwedas at tao.at | +43 (0)680 301 7167

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 648 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20141007/64606507/attachment.pgp>

More information about the samba mailing list