We are currently looking at upgrading our PDC which is currently Samba 3.4.7 with OpenLDAP backend for authentication. As it stands we are only wanting to move it to new hardware and possibly run the latest 3.X.X branch. However one of my co-workers suggested why not look at samba 4. We understand it is still in alpha but from what we read it is ready for production use. As some background we are a small government agency with roughly 200 end users. We have about half XP and 7 machines with a handful of Vista ones. All of our servers are Linux with only one 2008R2 server in there. We mainly use samba for SSO function with OpenLDAP for authentication, file sharing, and roaming profiles. Each division in the department has their own home server (BDC) that houses all their roaming profiles and redirected my documents. We have about 12 BDC's in this configuration with the PDC doing just DC functions. Before I get into the 3 vs 4 stuff I do have one question about migrating to a new machine. What is the best way to migrate the PDC from one machine to the next without having to rejoin all the pc's to the domain? If we end up going just the upgrade path we will need it to be as seamless as possible. Now for the 3 to 4 questions: Is there a way to go from 3 to 4 without having to touch all the pc's? We are wanting to move the PDC from the machine it is currently on onto new hardware (new IP, dns name, etc). Is this easily doable in 4? If so would it be better to migrate to the new machine before doing the upgrade to 4 or after? If we decided to go to 4 but do a fresh install instead of an "upgrade" does anyone know of an easy way to automate the rejoining of the domain on the end user pc's? Once samba4 is out of "alpha" should it easily be upgradable to a distributions package? For instance Fedora. Or would it need to be totally reinstalled? Would it be better for us to stay with samba 3 for now and wait for 4 to be out of alpha/beta? Since Samba 4 does not use LDAP as we do currently, should we still be able to authenticate our servers the same as now? Am I missing anything obvious on this possible move to samba 4? Thanks in advance for any and all advice on this.
On 02/29/2012 11:12 PM, Donny Brooks wrote:> We are currently looking at upgrading our PDC which is currently Samba > 3.4.7 with OpenLDAP backend for authentication. As it stands we are > only wanting to move it to new hardware and possibly run the latest > 3.X.X branch. However one of my co-workers suggested why not look at > samba 4. We understand it is still in alpha but from what we read it > is ready for production use. > > As some background we are a small government agency with roughly 200 > end users. We have about half XP and 7 machines with a handful of > Vista ones. All of our servers are Linux with only one 2008R2 server > in there. We mainly use samba for SSO function with OpenLDAP for > authentication, file sharing, and roaming profiles. Each division in > the department has their own home server (BDC) that houses all their > roaming profiles and redirected my documents. We have about 12 BDC's > in this configuration with the PDC doing just DC functions. > > Before I get into the 3 vs 4 stuff I do have one question about > migrating to a new machine. What is the best way to migrate the PDC > from one machine to the next without having to rejoin all the pc's to > the domain? If we end up going just the upgrade path we will need it > to be as seamless as possible. > > Now for the 3 to 4 questions: > Is there a way to go from 3 to 4 without having to touch all the pc's? > We are wanting to move the PDC from the machine it is currently on > onto new hardware (new IP, dns name, etc). Is this easily doable in 4? > If so would it be better to migrate to the new machine before doing > the upgrade to 4 or after? > If we decided to go to 4 but do a fresh install instead of an > "upgrade" does anyone know of an easy way to automate the rejoining of > the domain on the end user pc's? > Once samba4 is out of "alpha" should it easily be upgradable to a > distributions package? For instance Fedora. Or would it need to be > totally reinstalled? > Would it be better for us to stay with samba 3 for now and wait for 4 > to be out of alpha/beta? > Since Samba 4 does not use LDAP as we do currently, should we still be > able to authenticate our servers the same as now? > Am I missing anything obvious on this possible move to samba 4? > > Thanks in advance for any and all advice on this.Hi We have win and Linux clients with ldap under 3.6. We've been staring long and hard at the transfer of openLDAP attrs to samba4 ldb's. We don't know whether there will be any change made to the structure of the databases and are uncertain as to the official line on what should (or should not) be stored. There has been talk of a release but I don't see a freeze coming soon. OTOH, if we were staring from nothing, we'd g for 4 tomorrow morning. Cheers, Steve
On Wed, 2012-02-29 at 16:12 -0600, Donny Brooks wrote:> Now for the 3 to 4 questions: > Is there a way to go from 3 to 4 without having to touch all the pc's? > We are wanting to move the PDC from the machine it is currently on onto > new hardware (new IP, dns name, etc). Is this easily doable in 4? If so > would it be better to migrate to the new machine before doing the > upgrade to 4 or after?You can upgrade on the same machine or another. Just make sure that the users and groups that you wish to upgrade are on the new machine first. The upgrade command (no client interaction required) is samba-tool domain samba3upgrade Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org