On Thu, 2012-08-02 at 12:06 -0400, Caleb O'Connell
wrote:> I've been playing around with Samba4 as an AD for a domain. I like it
a lot
> and it's been very stable for me. I've been using Samba 3.5 for a
while
> with OpenLDAP and connecting win7 computers fine, sharing files fine and
> even sharing printers and printer drivers fine.
>
> I'd like to move to Samba4 as by backend LDAP and Authentication server
and,
> like many, want to also keep all the Samba3 file sharing capabilities that
> I've gotten accustomed to.
>
> I thought the best option was to install samba4 on all the servers, making
> one the DC and the others as member servers. Basically distributing the
> authentication and the directory. On my current file server just keep
> running samba3 and just joining it to the samba4 domain. Does this sound
> like the best solution for business network?
This is a good plan.
> Is there anything I should be
> aware of by setting this up? If I do setup a network with this
> configuration, can I just use ntvfs on all the samba4 computers? Would
that
> be more stable? I know the s3fs is going to be the default file sharing
> mechanism in Samba4 but since I'll be using samba3 for filesharing I
can
> just use the ntvfs, right?
While there are valid use cases for using the well understood ntvfs
configuration, we are steering users away from it, so that we just have
one major deployment configuration in the long term.
We seem to have got past the biggest stability concerns that I feared,
with some ACL issues being the only remaining issue. Having the
smb.conf parameter table merged is also a big positive step in this
direction.
> On the file server itself, I can run samba3 and samba4 side by side just
> fine, right? They won't but heads, so long as smbd nmbd listen on
their
> ports and samba4 listens on the Kerberson and DNS ports, right?
It isn't this simple - the AD DC also needs to listen on the ports nmbd
and smbd would listen on. Essentially what you describe is the new
default (s3fs) configuration, where we use smbd as the file server.
Using different interfaces would get you closer, but things like
nss_winbind tend to be global for the whole server, and so I would
totally split the DC from the file server if you can.
> I was just hoping to probe the minds of others who've maybe done this
exact
> network config. Also, hopefully help my understanding on best practices
> with the current status of the samba project.
I'll leave it for others to comment on their exact production
configurations, these comments above are just my guide from a developer
perspective.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org