[Samba] simple recommendations

Thomas Maerz tmaerz at brewerscience.com
Fri Apr 1 02:09:09 UTC 2016

I know this is old, but I wanted to add one more detail: Samba v3 is deprecated as of March 2015 with the release of Samba 4.2! From the Samba 4.2 release notes: https://wiki.samba.org/index.php/Samba_4.2_Features_added/changed <https://wiki.samba.org/index.php/Samba_4.2_Features_added/changed>

With the final release of Samba 4.2, the last series of Samba 3 has been discontinued! People still running 3.6.x or earlier, should consider moving to a more recent and maintained version (4.0 - 4.2). One of the common misconceptions is that Samba 4.x automatically means "Active Directory only": This is wrong!
Acting as an Active Directory Domain Controller is just one of the enhancements included in Samba 4.0 and later. Version 4.0 was just the next release after the 3.6 series and contains all the features of the previous ones - including the NT4-style (classic) domain support. This means you can update a Samba 3.x NT4-style PDC to 4.x, just as you've updated in the past (e.g. from 3.4.x to 3.5.x). You don't have to move your NT4-style domain to an Active Directory!
And of course the possibility remains unchanged, to setup a new NT4-style PDC with Samba 4.x, like done in the past (e.g. with openLDAP backend). Active Directory support in Samba 4 is additional and does not replace any of these features. We do understand the difficulty presented by existing LDAP structures and for that reason there isn't a plan to decommission the classic PDC support. It remains tested by the continuous integration system.
The code that supports the classic Domain Controller is also the same code that supports the internal 'Domain' of standalone servers and Domain Member Servers. This means that we still use this code, even when not acting as an AD Domain Controller. It is also the basis for some of the features of FreeIPA and so it gets development attention from that direction as well.”

Thomas Maerz
Network/Systems Administrator
Brewer Science, Inc.
tmaerz at brewerscience.com <mailto:tmaerz at brewerscience.com>
work: 	573-364-0444 x1402
cell:		573-612-1349

This message (and any of its attachments) is intended for the addressee and may contain confidential information, may be attorney-client privileged, and may constitute inside or non-public information under federal or state laws. Unauthorized use of this information is strictly prohibited and may be unlawful. If you have received this email transmission in error, please immediately notify the sender by return email, delete the email and any attachments, and empty any folders containing the discarded information. 

> On Feb 18, 2016, at 3:55 PM, Thomas Maerz <tmaerz at brewerscience.com> wrote:
> Well, in my opinion, setting up a S4 DC is relatively easy. I’ve actually had more troubles setting up member servers. It’s already integrated with the file server, and you can manage it with the MS tools and manage file permissions from the same place. If he already has an LDAP server (I’ll bet he doesn’t), what you are describing would also make sense. Otherwise he has to set up an OpenLDAP server which requires more expertise than setting up a S4 AD DC in my opinion. Either solution is much more simple, scalable and maintainable than attempting to add a bunch of users manually to each of his workstations.
> Provisioning a Samba4 domain controller:
> Install S4 DC packages
> execute this command
> samba-tool domain provision --use-rfc2307 --interactive
> Follow the prompts
> Test the DC
> Install Active Directory Users and Computers plugin on any workstation
> Create users
> Create file share
> Documentation is here: https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller#Provisioning_the_Samba_Active_Directory <https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller#Provisioning_the_Samba_Active_Directory>
> Samba4’s DC functionality is great!
> Thomas Maerz
> Network/Systems Engineer
>> On Feb 18, 2016, at 12:47 PM, Rowland penny <rpenny at samba.org <mailto:rpenny at samba.org>> wrote:
>> On 18/02/16 17:55, Thomas Maerz wrote:
>>> I would set up your server as a Samba AD and use the directory. Give each user a username and password on the server that they will authenticate to the server with and when they connect the permissions will act as you are expecting. Joining the machines to the domain is not necessary; it simply integrates the workstation with the server so that the user doesn’t have to enter the credentials manually to connect to resources. We use hundreds of non-domain joined Macs to connect to a Samba4 DC-based file server.
>>> I hope this helps.
>>> Thomas Maerz
>>> Network/Systems Engineer
>> That simply doesn't make sense, why go to all the trouble of setting up a Samba4 AD DC and then just use it as a fileserver ?
>> You might as well just set up Samba as a standalone server with ldap.
>> Rowland
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba>

More information about the samba mailing list