samba - Oct 2014 - migration from samba3 -> 4 architecture goal question

Hello list and all,
this is my case:

4month ago i joined new job with company:
400 employees, RHEL and CEntOS 6.5 servers in backbone (and some windows 
servers as app servers), with one Samba3 PDC fileserver/domain server 
with tdbsam backend for windows 7 workstations and NIS for Linux 
workstation and servers authentication... you can imagine this situation 
was a bit mess

My goal was to improve user authentication process, network speed (user 
roaming profile size etc), Zimbra implementation etc.

With the help of great people here on this list and others i migrated 
all users to 389 Directory server and thus i achieved united 
authentication for users (samba + ldap backend for windows workstations 
and SSSD daemon + ldap backend for unix / linux authentication)
I implemented 2new BDC servers and now i'm process of creating another 
389 DS (slave) server to add robustness.

After tunning of smb.conf and linux kernel parameters i achieve up to 
50MB/s transfer speed of files over CIFS (this is top for one big file, 
meaning it's always less)

Now, after all work done, users are quite happier, but the network speed 
over CIFS is still issue (compared eg. to NFS4).


Situation now:
what i want most of Samba4 is the access to SMB2 an SMB3 protocols with 
hopes of higher LAN speed data transfers.

My concern is now, that Samba4 is a very different beast and i'm not 
entirely sure, the AD should be my goal in mixed environment of windows 
and unix servers and windows and unix workstations.

questions:
1. if i go with Samba4 AD scenario migration - is SSSD Linux daemon able 
to authenticate users against LDAP server bundled with Samba?

2. is it possible to update Samba3 - Samba4 while retain 'classic' NTv4 
like domain architecture? (the internet search didn't turn with examples 
of ppl doing this - everyone goes 'crazy' for Samba4 AD from SAmba 3).

This is actually my main question - because if this is possible, this 
would give me (correct me if wrong)
- the access to new SMB protocols, while not breaking current setup 
architecture (hard-worked out after 2month of sleepless nights)
- achieve higher LAN transfer speeds in 'faster' time horizon
- give to time to rethink over/test the migration process to AD (if i 
decide i need it)
- gain time to wait for new HW planned for RHEL 7.x servers
- because again, if i decide to switch to AD i'd like to do this on new 
RHEL 7.x servers and not on 6x (distro lifetime cycle is getting near 
end) and this means wait until RHEL gets to version 7.2 and is stable 
and bug free enough

3. this question follows previos - if i go with Samba4 'classic' domain,
is it doable (hard / easy?) to switch it to AD afterwards?

4. should i go for some MS windows course to get better understanding of 
AD in case i decide to 'go for it'?


So basically you see, i need to gain some time for study and test Samba 
4 AD, yet, i'd like to get benefit of new samba protocols faster for 
better LAN speed transfers..


Thank you guys for reading this far :]

Karel Lang

On 7 October 2014 07:54, Karel Lang AFD <lang at afd.cz>
wrote:
> 2. is it possible to update Samba3 - Samba4 while retain 'classic'
NTv4 like
> domain architecture? (the internet search didn't turn with examples of
ppl
> doing this - everyone goes 'crazy' for Samba4 AD from SAmba 3).
Yes.

[root at blah ~]# rpm -qa | grep -i samba
sernet-samba-common-4.1.11-8.el6.x86_64
sernet-samba-4.1.11-8.el6.x86_64
sernet-samba-libs-4.1.11-8.el6.x86_64
sernet-samba-client-4.1.11-8.el6.x86_64
sernet-samba-libsmbclient0-4.1.11-8.el6.x86_64

[root at blah ~]# cat /etc/default/sernet-samba
# SAMBA_START_MODE defines how Samba should be started. Valid options are one of
#   "none"    to not enable it at all,
#   "classic" to use the classic smbd/nmbd/winbind daemons
#   "ad"      to use the Active Directory server (which starts the
smbd on its own)
# (Be aware that you also need to enable the services/init scripts that
# automatically start up the desired daemons.)
#SAMBA_START_MODE="none"
SAMBA_START_MODE="classic"

:)

-Dan

----------------
Dan Mons
Unbreaker of broken things
Cutting Edge
http://cuttingedge.com.au

Hello,

If you go Samba4 you go ADS.
And meanwhile --I had a similar environment like yours--- I do not want to
go back again.
Samba4 serves as auth principal for my centos servers, dovecot imap, all
windows servers and clients without any issue.
With SOGo/Openchange  another open source software I reach a exchange like
environment for the outlook clients.


EDV Daniel M?ller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 T?bingen 
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de




-----Urspr?ngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
Im
Auftrag von Karel Lang AFD
Gesendet: Montag, 6. Oktober 2014 23:55
An: samba at lists.samba.org
Betreff: [Samba] migration from samba3 -> 4 architecture goal question

Hello list and all,
this is my case:

4month ago i joined new job with company:
400 employees, RHEL and CEntOS 6.5 servers in backbone (and some windows
servers as app servers), with one Samba3 PDC fileserver/domain server with
tdbsam backend for windows 7 workstations and NIS for Linux workstation and
servers authentication... you can imagine this situation was a bit mess

My goal was to improve user authentication process, network speed (user
roaming profile size etc), Zimbra implementation etc.

With the help of great people here on this list and others i migrated all
users to 389 Directory server and thus i achieved united authentication for
users (samba + ldap backend for windows workstations and SSSD daemon + ldap
backend for unix / linux authentication) I implemented 2new BDC servers and
now i'm process of creating another
389 DS (slave) server to add robustness.

After tunning of smb.conf and linux kernel parameters i achieve up to 50MB/s
transfer speed of files over CIFS (this is top for one big file, meaning
it's always less)

Now, after all work done, users are quite happier, but the network speed
over CIFS is still issue (compared eg. to NFS4).


Situation now:
what i want most of Samba4 is the access to SMB2 an SMB3 protocols with 
hopes of higher LAN speed data transfers.

My concern is now, that Samba4 is a very different beast and i'm not 
entirely sure, the AD should be my goal in mixed environment of windows 
and unix servers and windows and unix workstations.

questions:
1. if i go with Samba4 AD scenario migration - is SSSD Linux daemon able 
to authenticate users against LDAP server bundled with Samba?

2. is it possible to update Samba3 - Samba4 while retain 'classic' NTv4 
like domain architecture? (the internet search didn't turn with examples 
of ppl doing this - everyone goes 'crazy' for Samba4 AD from SAmba 3).

This is actually my main question - because if this is possible, this 
would give me (correct me if wrong)
- the access to new SMB protocols, while not breaking current setup 
architecture (hard-worked out after 2month of sleepless nights)
- achieve higher LAN transfer speeds in 'faster' time horizon
- give to time to rethink over/test the migration process to AD (if i 
decide i need it)
- gain time to wait for new HW planned for RHEL 7.x servers
- because again, if i decide to switch to AD i'd like to do this on new 
RHEL 7.x servers and not on 6x (distro lifetime cycle is getting near 
end) and this means wait until RHEL gets to version 7.2 and is stable 
and bug free enough

3. this question follows previos - if i go with Samba4 'classic' domain,
is it doable (hard / easy?) to switch it to AD afterwards?

4. should i go for some MS windows course to get better understanding of 
AD in case i decide to 'go for it'?


So basically you see, i need to gain some time for study and test Samba 
4 AD, yet, i'd like to get benefit of new samba protocols faster for 
better LAN speed transfers..


Thank you guys for reading this far :]

Karel Lang


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba