[Samba] migration from samba3 -> 4 architecture goal question

[Karel Lang AFD]

Thanks for comments Daniel!

Yeah, i understand what you say,
but i'm just one guy for 400ppl (and one more managing only desktops) 
and i dont want to do the migration to AD now, while i know, i'm getting 
new Hardware soon (like 6-8months)

Also, the lifecycle is now like 2,5 yrs left for CentOS 6.
So i'd like to do it on the CentOS 7 - but as you say, it has bugs, 
yeah, i know, it's 7.0 now, that's why i'll wait to 7.1 or 7.2 (which 
nicely coincide with new HW) and then i've got 6 years ahead of 
lifecycle for new Hardware and OS.

Does that make sense? That is why i asked originally about viability of 
just 'upgrading' Samba3 -> 4 while retaining the 'classic' domain (but 
gaining the faster LAN speeds via SMB 2.1/3 protocol)




On 10/07/2014 10:35 AM, Daniel Müller wrote:
> I just did it with centos 6.5 .  2 Samba4/DNS servers with a replicating
> glusterfs vol. 7 is reported to have  some bugs.
> If you do it the classic way you will do the work twice.
> Your timeframe is more than enough.
>
>
> Greetings Daniel
>
> EDV Daniel Müller
>
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> Paul-Lechler-Str. 24
> 72076 Tübingen
> Tel.: 07071/206-463, Fax: 07071/206-499
> eMail: mueller at tropenklinik.de
> Internet: www.tropenklinik.de
>
>
>
> -----Ursprüngliche Nachricht-----
> Von: Karel Lang AFD [mailto:lang at afd.cz]
> Gesendet: Dienstag, 7. Oktober 2014 10:11
> An: mueller at tropenklinik.de; samba at lists.samba.org
> Betreff: Re: AW: [Samba] migration from samba3 -> 4 architecture goal
> question
>
> Thank you Daniel!
>
> So no regrets going AD?
> As i explained, even if i decide 'jump this bandwagon' too, i could do it in
> like 8-10 months timeframe.
>
> Do you think it makes sense to update to Samba4 classic in meantime, while i
> wait for new Hardware for new serverroom and wait for RHEL
> (CentOS) 7.1 (7.2)?
>
> Karel
>
> On 10/07/2014 07:53 AM, Daniel Müller wrote:
>> Hello,
>>
>> If you go Samba4 you go ADS.
>> And meanwhile --I had a similar environment like yours--- I do not
>> want to go back again.
>> Samba4 serves as auth principal for my centos servers, dovecot imap,
>> all windows servers and clients without any issue.
>> With SOGo/Openchange  another open source software I reach a exchange
>> like environment for the outlook clients.
>>
>>
>> EDV Daniel Müller
>>
>> Leitung EDV
>> Tropenklinik Paul-Lechler-Krankenhaus
>> Paul-Lechler-Str. 24
>> 72076 Tübingen
>> Tel.: 07071/206-463, Fax: 07071/206-499
>> eMail: mueller at tropenklinik.de
>> Internet: www.tropenklinik.de
>>
>>
>>
>>
>> -----Ursprüngliche Nachricht-----
>> Von: samba-bounces at lists.samba.org
>> [mailto:samba-bounces at lists.samba.org] Im Auftrag von Karel Lang AFD
>> Gesendet: Montag, 6. Oktober 2014 23:55
>> An: samba at lists.samba.org
>> Betreff: [Samba] migration from samba3 -> 4 architecture goal question
>>
>> Hello list and all,
>> this is my case:
>>
>> 4month ago i joined new job with company:
>> 400 employees, RHEL and CEntOS 6.5 servers in backbone (and some
>> windows servers as app servers), with one Samba3 PDC fileserver/domain
>> server with tdbsam backend for windows 7 workstations and NIS for
>> Linux workstation and servers authentication... you can imagine this
>> situation was a bit mess
>>
>> My goal was to improve user authentication process, network speed
>> (user roaming profile size etc), Zimbra implementation etc.
>>
>> With the help of great people here on this list and others i migrated
>> all users to 389 Directory server and thus i achieved united
>> authentication for users (samba + ldap backend for windows
>> workstations and SSSD daemon + ldap backend for unix / linux
>> authentication) I implemented 2new BDC servers and now i'm process of
>> creating another
>> 389 DS (slave) server to add robustness.
>>
>> After tunning of smb.conf and linux kernel parameters i achieve up to
>> 50MB/s transfer speed of files over CIFS (this is top for one big
>> file, meaning it's always less)
>>
>> Now, after all work done, users are quite happier, but the network
>> speed over CIFS is still issue (compared eg. to NFS4).
>>
>>
>> Situation now:
>> what i want most of Samba4 is the access to SMB2 an SMB3 protocols
>> with hopes of higher LAN speed data transfers.
>>
>> My concern is now, that Samba4 is a very different beast and i'm not
>> entirely sure, the AD should be my goal in mixed environment of
>> windows and unix servers and windows and unix workstations.
>>
>> questions:
>> 1. if i go with Samba4 AD scenario migration - is SSSD Linux daemon
>> able to authenticate users against LDAP server bundled with Samba?
>>
>> 2. is it possible to update Samba3 - Samba4 while retain 'classic'
>> NTv4 like domain architecture? (the internet search didn't turn with
>> examples of ppl doing this - everyone goes 'crazy' for Samba4 AD from
> SAmba 3).
>>
>> This is actually my main question - because if this is possible, this
>> would give me (correct me if wrong)
>> - the access to new SMB protocols, while not breaking current setup
>> architecture (hard-worked out after 2month of sleepless nights)
>> - achieve higher LAN transfer speeds in 'faster' time horizon
>> - give to time to rethink over/test the migration process to AD (if i
>> decide i need it)
>> - gain time to wait for new HW planned for RHEL 7.x servers
>> - because again, if i decide to switch to AD i'd like to do this on
>> new RHEL 7.x servers and not on 6x (distro lifetime cycle is getting
>> near
>> end) and this means wait until RHEL gets to version 7.2 and is stable
>> and bug free enough
>>
>> 3. this question follows previos - if i go with Samba4 'classic'
>> domain, is it doable (hard / easy?) to switch it to AD afterwards?
>>
>> 4. should i go for some MS windows course to get better understanding
>> of AD in case i decide to 'go for it'?
>>
>>
>> So basically you see, i need to gain some time for study and test
>> Samba
>> 4 AD, yet, i'd like to get benefit of new samba protocols faster for
>> better LAN speed transfers..
>>
>>
>> Thank you guys for reading this far :]
>>
>> Karel Lang
>>
>>
>
>
>