samba - Oct 2015 - Best strategy to move/upgrade Samba 3 PDC to new Samba 4 server

And of course, the important related question: Keep it an NT4 domain, or upgrade
to AD?

We have a Samba 3.5.6 PDC with OpenLDAP, serving about 20 machines/users.
(Debian 6
"Squeeze")
OpenLDAP is also used for many other services: Unix user accounts and groups,
Mail
(Postfix/Dovecot), wiki, PostgreSQL, Calendar server, FTP, Apache, ...

The new machine is Debian 8 "Jessie", and has Samba 4.1.17.

- Classic upgrade to AD?

A lot of documentation concentrates on AD. But I'm not sure what benefit I
would get
from moving to AD. All we really need is file sharing to Windows (and a few 
Mac/Linux) machines, and running netlogon scripts for the Windows machines.

Is the complexity of AD worth the trouble? What happens to all the other
services
currently using OpenLDAP? I guess we would also need to configure our Bind 9 DNS
to
accommodate the needs of AD.

- Or NT4 BDC to PDC?

It seems much simpler and sufficient for our needs to configure the new server
as a
plain NT4 BDC, then promote it to PDC and remove the old server.

However, I have not done that before, and there doesn't seem to be much
recent
documentation about this. Is there so little documentation because it's so
simple and
doesn't need much help? Or is just nobody doing it this way? And if the
latter, why
not? What are the pitfalls to expect?


Thanks,

On Mon, Oct 5, 2015 at 10:00 AM, MI <mi.lists at alma.ch> wrote:
> And of course, the important related question: Keep it an NT4 domain, or
> upgrade to AD?

It's a good question, and I am struggling with it too. My network is about
twice as large as yours, but still small by most standards. We have samba
3.6 sernet packages on a CentOS 5 server.

Clearly it would be pretty simple to update to a new CentOS 7 server using
the distro samba 4.1 packages. They don't support AD, but I'm not sure I
care. The frequency of samba updates in the 4 series would make for a lot
of work if building our own packages or compiling from source were
required, so I'm inclined to just stick with the distro packages.

Reading this list and the wiki and looking at the seemingly endless number
of options for smb.conf makes the upgrade to AD seem pretty intimidating,
and like you, I don't see any real benefit for our organization. One
concern though, is that future Windows workstations will pretty much expect
to be part of AD domains, so problems will begin to appear on NT domains.
Already I see hints of issues with Windows 10, but I don't have any
experience with that yet.

Another possibility might be to fire up a new Windows server to do the AD
work and join our samba file server to the domain. I don't know if that
would be simpler or not.

-- 
Please update your records with my new email address.

>> And of course, the important related question: Keep it an NT4 domain,
or
>> upgrade to AD?
> Reading this list and the wiki and looking at the seemingly endless number
> of options for smb.conf makes the upgrade to AD seem pretty intimidating,
> and like you, I don't see any real benefit for our organization. One
> concern though, is that future Windows workstations will pretty much expect
> to be part of AD domains, so problems will begin to appear on NT domains.
> Already I see hints of issues with Windows 10, but I don't have any
> experience with that yet.
I am really tempted to just setup my new server as a BDC, and then promote it to
PDC
and remove the old server. But the scarcity and old age of documentation about
this
worries me.

And I do need to support Windows 10 for a few new Surface Pro 3 machines.

It would be nice if someone who has already done this would tell us how it went.