Robert Moskowitz
2014-Dec-09 05:11 UTC
[Samba] A set of questions before building a new server
I have a Samba server here with 4 users and 4 XP systems. Kind of small, but it does the job. It is running as a PDC with roaming profiles. I should note that I left professionally supporting Windows networking around the time XP came out, so I have maintained an NTDomain through a number of incarnations (NT, Win2000, Samba2/3) and use of someone elses packaging. This time I want to use as direct-to-Samba as I can. All I want with this server is to be a Samba server to Windows (and maybe Linux) machines. I have new hardware, an armv7 board that I can run either Redsleeve 6 (Centos 6 arm port) that has Samba3 or Fedora 21 that has Samba4. I have new XP systems (updated with 'SP4' and right now standalone) ready to use this server. I will have to migrate 2 of the old systems. The new server can be on a new subnet with a new rfc1918 network address. I will also be serving gobal/static IPv6 addresses on this new network. At some point I may actually have a new Windows OS system, but there is no pressure here to do that. My family is so far content with Office 2003! So a set of questions come up: Do I migrate from NTDomain to AD, or stay with NTDomain for a few more years? Actually can be a total fresh build of AD. Does AD require Samba 4? I have looked at the Wiki, and have not seen this clearly stated, but that is probably my reading challenges. Does AD support roaming profiles? I like that AD has the LDAP built in. But do I still need an LDAP admin tool for AD? If I stay with NTDomain, what LDAP tool to use? As I start building, then rebuilding the new server, I know I will have more questions. Hopefully most will be on the Wiki, and I will be able to find them. thank you Now back to reading more on the Wiki and elsewhere
Robert Moskowitz
2014-Dec-09 05:37 UTC
[Samba] A set of questions before building a new server
On 12/08/2014 09:11 PM, Robert Moskowitz wrote:> I have a Samba server here with 4 users and 4 XP systems. Kind of > small, but it does the job. It is running as a PDC with roaming > profiles. I should note that I left professionally supporting Windows > networking around the time XP came out, so I have maintained an > NTDomain through a number of incarnations (NT, Win2000, Samba2/3) and > use of someone elses packaging. This time I want to use as > direct-to-Samba as I can. All I want with this server is to be a > Samba server to Windows (and maybe Linux) machines. > > I have new hardware, an armv7 board that I can run either Redsleeve 6 > (Centos 6 arm port) that has Samba3 or Fedora 21 that has Samba4. I > have new XP systems (updated with 'SP4' and right now standalone) > ready to use this server. I will have to migrate 2 of the old > systems. The new server can be on a new subnet with a new rfc1918 > network address. I will also be serving gobal/static IPv6 addresses > on this new network. At some point I may actually have a new Windows > OS system, but there is no pressure here to do that. My family is so > far content with Office 2003! > > So a set of questions come up: > > Do I migrate from NTDomain to AD, or stay with NTDomain for a few more > years? Actually can be a total fresh build of AD.As I read more, it seems to be prudent to run the AD controller separate from the file server. I do not want/need mulitple boxes here, now will I go into VMs for this. So it looks like staying with NTDomain for me. Plus stay with what I have some experience with.> Does AD require Samba 4? I have looked at the Wiki, and have not seen > this clearly stated, but that is probably my reading challenges. > Does AD support roaming profiles? > I like that AD has the LDAP built in. But do I still need an LDAP > admin tool for AD? > If I stay with NTDomain, what LDAP tool to use? > > As I start building, then rebuilding the new server, I know I will > have more questions. Hopefully most will be on the Wiki, and I will > be able to find them. > > thank you > Now back to reading more on the Wiki and elsewhere >
2014-12-09 6:37 GMT+01:00 Robert Moskowitz <rgm at htt-consult.com>:> > On 12/08/2014 09:11 PM, Robert Moskowitz wrote: >> >> I have a Samba server here with 4 users and 4 XP systems. Kind of small, >> but it does the job. It is running as a PDC with roaming profiles. I >> should note that I left professionally supporting Windows networking around >> the time XP came out, so I have maintained an NTDomain through a number of >> incarnations (NT, Win2000, Samba2/3) and use of someone elses packaging. >> This time I want to use as direct-to-Samba as I can. All I want with this >> server is to be a Samba server to Windows (and maybe Linux) machines. >> >> I have new hardware, an armv7 board that I can run either Redsleeve 6 >> (Centos 6 arm port) that has Samba3 or Fedora 21 that has Samba4. I have new >> XP systems (updated with 'SP4' and right now standalone) ready to use this >> server. I will have to migrate 2 of the old systems. The new server can be >> on a new subnet with a new rfc1918 network address. I will also be serving >> gobal/static IPv6 addresses on this new network. At some point I may >> actually have a new Windows OS system, but there is no pressure here to do >> that. My family is so far content with Office 2003! >> >> So a set of questions come up: >> >> Do I migrate from NTDomain to AD, or stay with NTDomain for a few more >> years? Actually can be a total fresh build of AD. > > > As I read more, it seems to be prudent to run the AD controller separate > from the file server. I do not want/need mulitple boxes here, now will I go > into VMs for this. So it looks like staying with NTDomain for me. Plus > stay with what I have some experience with. > > >> Does AD require Samba 4? I have looked at the Wiki, and have not seen >> this clearly stated, but that is probably my reading challenges. >> Does AD support roaming profiles? >> I like that AD has the LDAP built in. But do I still need an LDAP admin >> tool for AD? >> If I stay with NTDomain, what LDAP tool to use? >> >> As I start building, then rebuilding the new server, I know I will have >> more questions. Hopefully most will be on the Wiki, and I will be able to >> find them. >> >> thank you >> Now back to reading more on the Wiki and elsewhere >> >If your hardware supports it, I think you should go with a virtual server for the AD DC and a separate file-/printserver. There are fine guides in the wiki about setting up both the AD DC and a file-/printserver. And *a lot* of material in the mail archives. If not, there is a guide that you can follow. But please be quick to copy it (PDFCreator is a good choice) because I am thinking of asking Marc to retract it or at least put it on the scrap-pile of historical (well...) documents. It works but has grown stale and I won't either update it or give any support as I don't think it is the proper way. The how-to is found here: wiki.samba.org/index.php/WIP/Beginner_HowTo_-_SOHO_business_server. Regards Davor> -- > To unsubscribe from this list go to the following URL and read the > instructions: lists.samba.org/mailman/options/samba
Gaiseric Vandal
2014-Dec-09 13:59 UTC
[Samba] A set of questions before building a new server
On 12/09/14 00:11, Robert Moskowitz wrote:> I have a Samba server here with 4 users and 4 XP systems. Kind of > small, but it does the job. It is running as a PDC with roaming > profiles. I should note that I left professionally supporting Windows > networking around the time XP came out, so I have maintained an > NTDomain through a number of incarnations (NT, Win2000, Samba2/3) and > use of someone elses packaging. This time I want to use as > direct-to-Samba as I can. All I want with this server is to be a > Samba server to Windows (and maybe Linux) machines. > > I have new hardware, an armv7 board that I can run either Redsleeve 6 > (Centos 6 arm port) that has Samba3 or Fedora 21 that has Samba4. I > have new XP systems (updated with 'SP4' and right now standalone) > ready to use this server. I will have to migrate 2 of the old > systems. The new server can be on a new subnet with a new rfc1918 > network address. I will also be serving gobal/static IPv6 addresses > on this new network. At some point I may actually have a new Windows > OS system, but there is no pressure here to do that. My family is so > far content with Office 2003! > > So a set of questions come up: > > Do I migrate from NTDomain to AD, or stay with NTDomain for a few more > years? Actually can be a total fresh build of AD. > Does AD require Samba 4? I have looked at the Wiki, and have not seen > this clearly stated, but that is probably my reading challenges. > Does AD support roaming profiles? > I like that AD has the LDAP built in. But do I still need an LDAP > admin tool for AD? > If I stay with NTDomain, what LDAP tool to use? > > As I start building, then rebuilding the new server, I know I will > have more questions. Hopefully most will be on the Wiki, and I will > be able to find them. > > thank you > Now back to reading more on the Wiki and elsewhere >With Samba 4, you can can configure a "classic domain" the same as with Samba 3. Recent versions of Fedora will include Samba 4 BUT they don't include all requirements to configure an Active Directory domain controller anyway. And for 4 users a classic domain should be sufficient. (The only reason I would consider an AD environment would be if you wanted to gain some experience .) Since this is a single server environment there should not be any need to use LDAP as a backend- you can use /etc/passwd for unix accounts and TDB backend for samba accounts. IF you wanted to gain some experience with samba and LDAP then you could install OpenLDAP or Oracle/Sun Directory Studio as an LDAP backend both services. I use apache directory studio for LDAP management. Samba 3 can be a member of an AD domain but not a domain controller. I am not aware of any SP4 for XP. You are no doubt aware that XP and Office 2003 have been EOL'd. I have not used IPv6 addresses with Linux or Samba yet. I don't know how well XP supports IPv6. You may want to hold off on IPv6 until you move to Win 7 or later. With Samba 3, I found roaming profiles to be more trouble than they were worth. The additional login and logout times were unacceptable.
L.P.H. van Belle
2014-Dec-09 14:14 UTC
[Samba] A set of questions before building a new server
Hai, If you dont need any guest access to the server/shares, then i suggest setup an AD. It gives so much more options for security settings for example. I use it at home ( 2 pc's , 1 laptop ) 3 users.. with things like protection against malware .. computerworld.com/article/2485214/microsoft-windows/cryptolocker-how-to-avoid-getting-infected-and-what-to-do-if-you-are.html and.. you will learn for the future.. ;-) Look at the wiki of Davor, the SOHO setup, thats a good starting point. wiki.samba.org/index.php/WIP/Beginner_HowTo_-_SOHO_business_server get it before it's gone.. And if you do need guest access to server/shares.. wel.. than a "classic" setup with ldap is imo the best. which tool for ldap setup.. i use ldapadmin and the old NT4 tools. Greetz, Louis>-----Oorspronkelijk bericht----- >Van: gaiseric.vandal at gmail.com >[mailto:samba-bounces at lists.samba.org] Namens Gaiseric Vandal >Verzonden: dinsdag 9 december 2014 14:59 >Aan: samba at lists.samba.org >Onderwerp: Re: [Samba] A set of questions before building a new server > >On 12/09/14 00:11, Robert Moskowitz wrote: >> I have a Samba server here with 4 users and 4 XP systems. Kind of >> small, but it does the job. It is running as a PDC with roaming >> profiles. I should note that I left professionally >supporting Windows >> networking around the time XP came out, so I have maintained an >> NTDomain through a number of incarnations (NT, Win2000, >Samba2/3) and >> use of someone elses packaging. This time I want to use as >> direct-to-Samba as I can. All I want with this server is to be a >> Samba server to Windows (and maybe Linux) machines. >> >> I have new hardware, an armv7 board that I can run either >Redsleeve 6 >> (Centos 6 arm port) that has Samba3 or Fedora 21 that has Samba4. I >> have new XP systems (updated with 'SP4' and right now standalone) >> ready to use this server. I will have to migrate 2 of the old >> systems. The new server can be on a new subnet with a new rfc1918 >> network address. I will also be serving gobal/static IPv6 addresses >> on this new network. At some point I may actually have a >new Windows >> OS system, but there is no pressure here to do that. My >family is so >> far content with Office 2003! >> >> So a set of questions come up: >> >> Do I migrate from NTDomain to AD, or stay with NTDomain for >a few more >> years? Actually can be a total fresh build of AD. >> Does AD require Samba 4? I have looked at the Wiki, and >have not seen >> this clearly stated, but that is probably my reading challenges. >> Does AD support roaming profiles? >> I like that AD has the LDAP built in. But do I still need an LDAP >> admin tool for AD? >> If I stay with NTDomain, what LDAP tool to use? >> >> As I start building, then rebuilding the new server, I know I will >> have more questions. Hopefully most will be on the Wiki, and I will >> be able to find them. >> >> thank you >> Now back to reading more on the Wiki and elsewhere >> > >With Samba 4, you can can configure a "classic domain" the >same as with >Samba 3. Recent versions of Fedora will include Samba 4 BUT they >don't include all requirements to configure an Active >Directory domain >controller anyway. And for 4 users a classic domain should be >sufficient. (The only reason I would consider an AD environment >would be if you wanted to gain some experience .) Since >this is a >single server environment there should not be any need to use >LDAP as a >backend- you can use /etc/passwd for unix accounts and TDB >backend for >samba accounts. IF you wanted to gain some experience with >samba and >LDAP then you could install OpenLDAP or Oracle/Sun Directory Studio as >an LDAP backend both services. I use apache directory studio for >LDAP management. > > >Samba 3 can be a member of an AD domain but not a domain controller. > > >I am not aware of any SP4 for XP. You are no doubt aware that XP >and Office 2003 have been EOL'd. > >I have not used IPv6 addresses with Linux or Samba yet. I don't know >how well XP supports IPv6. You may want to hold off on IPv6 until >you move to Win 7 or later. > >With Samba 3, I found roaming profiles to be more trouble than >they were >worth. The additional login and logout times were unacceptable. > >-- >To unsubscribe from this list go to the following URL and read the >instructions: lists.samba.org/mailman/options/samba > >
Robert Moskowitz
2014-Dec-09 14:55 UTC
[Samba] A set of questions before building a new server
Thanks for responding On 12/09/2014 05:59 AM, Gaiseric Vandal wrote:> On 12/09/14 00:11, Robert Moskowitz wrote: >> I have a Samba server here with 4 users and 4 XP systems. Kind of >> small, but it does the job. It is running as a PDC with roaming >> profiles. I should note that I left professionally supporting >> Windows networking around the time XP came out, so I have maintained >> an NTDomain through a number of incarnations (NT, Win2000, Samba2/3) >> and use of someone elses packaging. This time I want to use as >> direct-to-Samba as I can. All I want with this server is to be a >> Samba server to Windows (and maybe Linux) machines. >> >> I have new hardware, an armv7 board that I can run either Redsleeve 6 >> (Centos 6 arm port) that has Samba3 or Fedora 21 that has Samba4. I >> have new XP systems (updated with 'SP4' and right now standalone) >> ready to use this server. I will have to migrate 2 of the old >> systems. The new server can be on a new subnet with a new rfc1918 >> network address. I will also be serving gobal/static IPv6 addresses >> on this new network. At some point I may actually have a new Windows >> OS system, but there is no pressure here to do that. My family is so >> far content with Office 2003! >> >> So a set of questions come up: >> >> Do I migrate from NTDomain to AD, or stay with NTDomain for a few >> more years? Actually can be a total fresh build of AD. >> Does AD require Samba 4? I have looked at the Wiki, and have not >> seen this clearly stated, but that is probably my reading challenges. >> Does AD support roaming profiles? >> I like that AD has the LDAP built in. But do I still need an LDAP >> admin tool for AD? >> If I stay with NTDomain, what LDAP tool to use? >> >> As I start building, then rebuilding the new server, I know I will >> have more questions. Hopefully most will be on the Wiki, and I will >> be able to find them. >> >> thank you >> Now back to reading more on the Wiki and elsewhere >> > > With Samba 4, you can can configure a "classic domain" the same as > with Samba 3. Recent versions of Fedora will include Samba 4 BUT > they don't include all requirements to configure an Active Directory > domain controller anyway.I want to do this over the next month... So what is Fedora missing? I want ARM over INTEL for the power savings (70w vs 2w).> And for 4 users a classic domain should be sufficient. (The only > reason I would consider an AD environment would be if you wanted to > gain some experience .)I may need that, as I am being laid off the 1st of the year. :(> Since this is a single server environment there should not be any need > to use LDAP as a backend- you can use /etc/passwd for unix accounts > and TDB backend for samba accounts. IF you wanted to gain some > experience with samba and LDAP then you could install OpenLDAP or > Oracle/Sun Directory Studio as an LDAP backend both services. I > use apache directory studio for LDAP management.I want to go the OpenLDAP route. Where do I find out about the apache directory studio?> Samba 3 can be a member of an AD domain but not a domain controller. > > I am not aware of any SP4 for XP. You are no doubt aware that XP > and Office 2003 have been EOL'd.Google it. Some fellow has put together all of the patches since SP3 in a reasonable package, including the little tool out there that sets the registry to say this is a POS that MS will be supporting with basic patches for a number more years yet. Good enough for the home systems.> I have not used IPv6 addresses with Linux or Samba yet. I don't know > how well XP supports IPv6. You may want to hold off on IPv6 until > you move to Win 7 or later.I have been using IPv6 with Linux for 3+ years. With XP there is/was a patch; testing called for. Not too important for the XP systems, other than I would have to run a 4-6 web proxy before I sundown the XP boxes.> With Samba 3, I found roaming profiles to be more trouble than they > were worth. The additional login and logout times were unacceptable. >I have been running roaming profiles on Samba 3 for 4+ years. Of course, I don't put data in the user profile, but else where on the systems, and get my users to really use their home directory on the server. Login/out times are for copying the profile. Work with your users (my wife!) to not save documents locally in their profile.