Hello Marc, I appreciate your response, as well as the other members. Reading your answer, I believe I found what I wanted. Option 3, the principle is what I need right now. I'll try to explain. Today in production, we have the samba3 + openldap. The samba3 is installed on a freebsd, but has some problems that we can not detect. My boss does not want to drop the openldap now. We have discussed about it, and he does not want. :D Let's get this straight. What you say under option 3, can I upgrade to Samba4 and continue using openldap the same way we are using now, ie samba3 + openldap. Then would be, Samba4 (without AD DC) + openldap. Would that be? On Sat, Dec 6, 2014 at 11:56 AM, Marc Muehlfeld <mmuehlfeld at samba.org> wrote:> Hello Elias, > > Am 06.12.2014 um 14:44 schrieb Elias Pereira: > > We already have a Openldap in production, with a samba3. What I am > wanting > > to do is install the Samba4, and still continue to use the "openldap" for > > authentication of users in various services that are operating. > > > > You think it's possible? > > Depends on what your exact plan on this is. You're still not very > detailed. ;-) > > > > 1.) If you do the classicupgrade to Samba AD then all your workstations > will use the Samba AD for authentication. You have to turn off your > Samba PDC service then. Of course, you can keep the openLDAP to > authenticate other services against. But this is a separate database and > passwords won't change in openLDAP, if users do in AD. > > This would be a way for a slower migration to Samba AD and hooking up > the other services to AD afterwards (with the disadvantage of e. g. the > passwort situation). > > > > 2.) If you're having other services, that should not contact DCs > directly (like hosts in DMZ), you can use the openLDAP proxy > documentation from the Wiki. > > > > 3.) If you don't want/need to move to Samba AD, then simply upgrade as > usual and continue running Samba as NT4 PDC. Samba 4 doesn't require to > migrate to AD: > > https://wiki.samba.org/index.php/Updating_Samba#Common_misconceptions_about_Samba_4 > > > > If this doesn't answer you question, then please give a comprehensive > overview about your current setup, the setup you plan to get and about > your environment. This would make it easier to help, instead of > guessing. ;-) > > > > > Regards, > Marc >-- Elias Pereira
Hello Elias, Am 06.12.2014 um 15:32 schrieb Elias Pereira:> Let's get this straight. What you say under option 3, can I upgrade to > Samba4 and continue using openldap the same way we are using now, ie samba3 > + openldap. Then would be, Samba4 (without AD DC) + openldap. Would that be?Samba 4.0 is just the version following 3.6 - with additional features (e. g. AD) - but contains everything that was inside in the past, too. So you can update to 4.1.14 in the same way, like you did in the past (3.x -> 3.y) without changing your environment to AD. There is no plan to remove the NT4 domain support. And when ever you want to switch to Samba AD, then follow the classicupgrade documentation in the Wiki. Depending on the age of your current Samba version, you should need to adapt your configs to changes that came up in the past, like the new Idmap config syntax in 3.6 (or was it 3.5?). It's always a good idea to read the release notes from the versions you will skip. :-) Regards, Marc
On 06/12/14 14:32, Elias Pereira wrote:> Hello Marc, > > I appreciate your response, as well as the other members. Reading your > answer, I believe I found what I wanted. Option 3, the principle is what I > need right now. I'll try to explain. > > Today in production, we have the samba3 + openldap. The samba3 is installed > on a freebsd, but has some problems that we can not detect. My boss does > not want to drop the openldap now. We have discussed about it, and he does > not want. :D > > Let's get this straight. What you say under option 3, can I upgrade to > Samba4 and continue using openldap the same way we are using now, ie samba3 > + openldap. Then would be, Samba4 (without AD DC) + openldap. Would that be? > > On Sat, Dec 6, 2014 at 11:56 AM, Marc Muehlfeld <mmuehlfeld at samba.org> > wrote: > >> Hello Elias, >> >> Am 06.12.2014 um 14:44 schrieb Elias Pereira: >>> We already have a Openldap in production, with a samba3. What I am >> wanting >>> to do is install the Samba4, and still continue to use the "openldap" for >>> authentication of users in various services that are operating. >>> >>> You think it's possible? >> Depends on what your exact plan on this is. You're still not very >> detailed. ;-) >> >> >> >> 1.) If you do the classicupgrade to Samba AD then all your workstations >> will use the Samba AD for authentication. You have to turn off your >> Samba PDC service then. Of course, you can keep the openLDAP to >> authenticate other services against. But this is a separate database and >> passwords won't change in openLDAP, if users do in AD. >> >> This would be a way for a slower migration to Samba AD and hooking up >> the other services to AD afterwards (with the disadvantage of e. g. the >> passwort situation). >> >> >> >> 2.) If you're having other services, that should not contact DCs >> directly (like hosts in DMZ), you can use the openLDAP proxy >> documentation from the Wiki. >> >> >> >> 3.) If you don't want/need to move to Samba AD, then simply upgrade as >> usual and continue running Samba as NT4 PDC. Samba 4 doesn't require to >> migrate to AD: >> >> https://wiki.samba.org/index.php/Updating_Samba#Common_misconceptions_about_Samba_4 >> >> >> >> If this doesn't answer you question, then please give a comprehensive >> overview about your current setup, the setup you plan to get and about >> your environment. This would make it easier to help, instead of >> guessing. ;-) >> >> >> >> >> Regards, >> Marc >> > >Hi, it might help if you read this: https://wiki.samba.org/index.php/Samba_Readme_First Note to Marc, can we put a link to this on main wiki page ? the page seems to be protected. Rowland
Marc Muehlfeld
2014-Dec-06 15:07 UTC
[Samba] Wiki Samba Readme First [was: OpenLDAP proxy to samba4 AD]
Hello Rowland, Am 06.12.2014 um 15:49 schrieb Rowland Penny:> Note to Marc, can we put a link to this on main wiki page ? the page > seems to be protected.Yes. I think, this is reasonable. I haven't read in detail yet, but maybe some minor changes should be done. What do you think? * Title "Samba 4.x Readme First" is more suitable * "Samba 4 is work in progress, use only the very latest version." This might sound like "unstable" or "not ready for production use", to some users. We should more clarify what was ment. * vfs objects section: Is this a general behaviour or just something, that came up with Samba 4 or Samba4 on a DC/Member/PDC and was different on 3x? I think, we should review and refresh he page a bit and then link it to the front page. Let me have a look at it during the next days. Regards, Marc
I greatly appreciate the answers. Are of great value to me and to others who like me do not have much experience. Another question. :D I believe that we will use debian as distribution for the new Samba4. What I need to copy from the old to the new distro? On Sat, Dec 6, 2014 at 12:49 PM, Rowland Penny <rowlandpenny at googlemail.com> wrote:> On 06/12/14 14:32, Elias Pereira wrote: > >> Hello Marc, >> >> I appreciate your response, as well as the other members. Reading your >> answer, I believe I found what I wanted. Option 3, the principle is what I >> need right now. I'll try to explain. >> >> Today in production, we have the samba3 + openldap. The samba3 is >> installed >> on a freebsd, but has some problems that we can not detect. My boss does >> not want to drop the openldap now. We have discussed about it, and he does >> not want. :D >> >> Let's get this straight. What you say under option 3, can I upgrade to >> Samba4 and continue using openldap the same way we are using now, ie >> samba3 >> + openldap. Then would be, Samba4 (without AD DC) + openldap. Would that >> be? >> >> On Sat, Dec 6, 2014 at 11:56 AM, Marc Muehlfeld <mmuehlfeld at samba.org> >> wrote: >> >> Hello Elias, >>> >>> Am 06.12.2014 um 14:44 schrieb Elias Pereira: >>> >>>> We already have a Openldap in production, with a samba3. What I am >>>> >>> wanting >>> >>>> to do is install the Samba4, and still continue to use the "openldap" >>>> for >>>> authentication of users in various services that are operating. >>>> >>>> You think it's possible? >>>> >>> Depends on what your exact plan on this is. You're still not very >>> detailed. ;-) >>> >>> >>> >>> 1.) If you do the classicupgrade to Samba AD then all your workstations >>> will use the Samba AD for authentication. You have to turn off your >>> Samba PDC service then. Of course, you can keep the openLDAP to >>> authenticate other services against. But this is a separate database and >>> passwords won't change in openLDAP, if users do in AD. >>> >>> This would be a way for a slower migration to Samba AD and hooking up >>> the other services to AD afterwards (with the disadvantage of e. g. the >>> passwort situation). >>> >>> >>> >>> 2.) If you're having other services, that should not contact DCs >>> directly (like hosts in DMZ), you can use the openLDAP proxy >>> documentation from the Wiki. >>> >>> >>> >>> 3.) If you don't want/need to move to Samba AD, then simply upgrade as >>> usual and continue running Samba as NT4 PDC. Samba 4 doesn't require to >>> migrate to AD: >>> >>> https://wiki.samba.org/index.php/Updating_Samba#Common_ >>> misconceptions_about_Samba_4 >>> >>> >>> >>> If this doesn't answer you question, then please give a comprehensive >>> overview about your current setup, the setup you plan to get and about >>> your environment. This would make it easier to help, instead of >>> guessing. ;-) >>> >>> >>> >>> >>> Regards, >>> Marc >>> >>> >> >> > Hi, it might help if you read this: https://wiki.samba.org/index. > php/Samba_Readme_First > > > Note to Marc, can we put a link to this on main wiki page ? the page seems > to be protected. > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- Elias Pereira