samba - Oct 2015 - Old Samba 3.x server as a Samba 4 AD member.

Hi everyone,

we plan on setting up a Samba 4.x based AD. We have a couple of ancient
to old systems running samba 3.0.24 to 3.5.7 and 3.6.24. Is there any
problem to integrate those old systems as member of a Samba 4-driven AD?

-- 
------------------------------------------------------------------------
Emmanuel Florac     |   Direction technique
                    |   Intellique
                    |	<eflorac at intellique.com>
                    |   +33 1 78 94 84 02
------------------------------------------------------------------------

What are the role of these old Samba? File servers or domain controllers?

If they are file servers plugging them into AD domain should only change
their user database.  You should think to upgrade your Samba version on
these systems too, I'd say, as Samba4 can do everything Samba3 was doing.

2015-10-05 12:22 GMT+02:00 Emmanuel Florac <eflorac at intellique.com>:
> Hi everyone,
>
> we plan on setting up a Samba 4.x based AD. We have a couple of ancient
> to old systems running samba 3.0.24 to 3.5.7 and 3.6.24. Is there any
> problem to integrate those old systems as member of a Samba 4-driven AD?
>
> --
> ------------------------------------------------------------------------
> Emmanuel Florac     |   Direction technique
>                     |   Intellique
>                     |   <eflorac at intellique.com>
>                     |   +33 1 78 94 84 02
> ------------------------------------------------------------------------
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

Le Mon, 5 Oct 2015 13:37:09 +0200
mathias dufresne <infractory at gmail.com> écrivait:
> If they are file servers plugging them into AD domain should only
> change their user database.  You should think to upgrade your Samba
> version on these systems too, I'd say, as Samba4 can do everything
> Samba3 was doing.
> 
Upgrading samba involves upgrading the complete distribution, which
isn't possible at the moment. Thus the original question.

-- 
------------------------------------------------------------------------
Emmanuel Florac     |   Direction technique
                    |   Intellique
                    |	<eflorac at intellique.com>
                    |   +33 1 78 94 84 02
------------------------------------------------------------------------

On Mon, 5 Oct 2015, Emmanuel Florac wrote:
> we plan on setting up a Samba 4.x based AD. We have a couple of ancient
> to old systems running samba 3.0.24 to 3.5.7 and 3.6.24. Is there any
> problem to integrate those old systems as member of a Samba 4-driven AD?
Theoretically, it should work.  I believe Samba 3.0 was the first version 
with AD domain support.  However, you may run into bugs and limitations in 
older version of samba.  I would try it and see how it works.

Worst case, you can always use sssd or nslcd to handle the authentication 
instead of winbind.  They don't even require you be joined to the domain, 
as they can use username/password or a pre-created kerberos key for access 
to LDAP.

To my knowledge, the only thing the "join" really does is creates the 
computer and kerberos keys in LDAP (and on the local system).  So if 
you're not using winbind, the only thing you really need the join for is 
dynamic kerberos key management, so that e.g. users can log in using 
kerberos credentials instead of passwords or pass kerberos credentials to 
other machines for file shares and such.