For many months I've been trying to replace a Samba 3.0 Domain Controller with a version that will support Windows 7. Despite advice on Samba HOWTO that all supported versions will support Windows 7 there seems to be an unstated caveat, namely that it must be configured as an Active Directory Domain Controller. Microsoft's own advice is that Windows 7 will not work with a Windows NT domain controller and is not intended to do so. By itself, that would not be an obstacle, but there another (stated) caveat that running AD and file sharing on the same computer is not recommended. That means that the single server configuration that has run trouble-free for ten years cannot be so simply replaced. Before I embark on a two-server configuration I'd welcome opinions on this matter. In theory I suppose I could run two Virtual Servers on one computer, but that looks like a high-risk approach.
Sure you can run it on 1 server, we just dont advice it. And yes, you can also make a Win7 login on a samba 3.6, but here again, samba 3.6 is EOL.. so not advices. So tell us whats the os you want to run? And what is exact your problem. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Frank Thynne > Verzonden: vrijdag 29 januari 2016 15:50 > Aan: samba at lists.samba.org > Onderwerp: [Samba] Replacing a Samba 3.0 Domain controller > > For many months I've been trying to replace a Samba 3.0 Domain Controller > with a version that will support Windows 7. > > Despite advice on Samba HOWTO that all supported versions will support > Windows 7 there seems to be an unstated caveat, namely that it must be > configured as an Active Directory Domain Controller. Microsoft's own > advice is that Windows 7 will not work with a Windows NT domain controller > and is not intended to do so. > > By itself, that would not be an obstacle, but there another (stated) > caveat that running AD and file sharing on the same computer is not > recommended. That means that the single server configuration that has run > trouble-free for ten years cannot be so simply replaced. > > Before I embark on a two-server configuration I'd welcome opinions on this > matter. In theory I suppose I could run two Virtual Servers on one > computer, but that looks like a high-risk approach. > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
On 29.01.2016 15:50, Frank Thynne wrote:> For many months I've been trying to replace a Samba 3.0 Domain Controller with a version that will support Windows 7. > > Despite advice on Samba HOWTO that all supported versions will support Windows 7 there seems to be an unstated caveat, namely that it must be configured as an Active Directory Domain Controller. Microsoft's own advice is that Windows 7 will not work with a Windows NT domain controller and is not intended to do so. > > By itself, that would not be an obstacle, but there another (stated) caveat that running AD and file sharing on the same computer is not recommended. That means that the single server configuration that has run trouble-free for ten years cannot be so simply replaced. > > Before I embark on a two-server configuration I'd welcome opinions on this matter. In theory I suppose I could run two Virtual Servers on one computer, but that looks like a high-risk approach.My 0.02$ on this: If you were not worried about running authentication services (DC) and file sharing on one server, why would you be worried about two virtual instances on the same server? If the server goes down, all goes down - in both cases. I don't see the bigger risk. On the opposite, if your server really should go down, a VM is so much easier and quicker to restore.
Am 29.01.2016 um 15:50 schrieb Frank Thynne:> Before I embark on a two-server configuration I'd welcome opinions on this matter. In theory I suppose I could run two Virtual Servers on one computer, but that looks like a high-risk approach.which risk? we run the whole infrastructure on two phyiscal hosts virtualized for years now where at every point in time one can take over the machines from the others -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20160129/af37e848/signature.sig>
On Fri, Jan 29, 2016 at 6:50 AM, Frank Thynne <fthynne at elmplace.co.uk> wrote:> Despite advice on Samba HOWTO that all supported versions will support > Windows 7 there seems to be an unstated caveat, namely that it must be > configured as an Active Directory Domain Controller. Microsoft's own advice > is that Windows 7 will not work with a Windows NT domain controller and is > not intended to do so.Windows 7 clients work just fine on samba NT-style domains. There is no need for Active Directory if you don't want it. On the Windows clients you have to make one registry change as described here: https://wiki.samba.org/index.php/Required_settings_for_NT4-style_domains
I've tried that fix. It didn't work. There is no problem accessing the
shares on the domain using a PC running Windows 7, but it cannot join the
domain.
The problem was reported in 2010 as bug 7837 still at status NEW - in other
words, nor resolved.
There is a statement in the web page
http://www.networksteve.com/windows/topic.php/Windows_7_joining_a_Windows_NT_Server/?TopicId=8940&Posts=6
from a Microsoft staff member (see post there dated August 25th, 2009 7:04pm)
that states that Windows 7 will not work with a Windows NT4 domain and is not
designed to do so. That doesn't rule out the possibility that Samba could
improve on Windows NT4 - but I haven't found it to be so.
----- Original Message -----
From: Mark Nienberg
To: Frank Thynne
Cc: Samba List
Sent: Saturday, January 30, 2016 1:47 AM
Subject: Re: [Samba] Replacing a Samba 3.0 Domain controller
On Fri, Jan 29, 2016 at 6:50 AM, Frank Thynne <fthynne at
elmplace.co.uk> wrote:
Despite advice on Samba HOWTO that all supported versions will support
Windows 7 there seems to be an unstated caveat, namely that it must be
configured as an Active Directory Domain Controller. Microsoft's own advice
is that Windows 7 will not work with a Windows NT domain controller and is not
intended to do so.
Windows 7 clients work just fine on samba NT-style domains. There is no need
for Active Directory if you don't want it.
On the Windows clients you have to make one registry change as described here:
https://wiki.samba.org/index.php/Required_settings_for_NT4-style_domains
Frank, I have had Windows 7 machines joined to a samba 3.x NT style domain for years and they work just fine. You do need to make a few registry entries which you can easily find with google. As for moving to AD style domain -- this is well worth the effort. If you are using linux, there is an option to run linux containers and place separate samba processes in these containers. I'm currently running samba 4.x this way. The samba AD domain control is running in a container while the samba file server is running in the linux host. This seems to work just fine. Linux containers seem stable and mature. I think there are others running samba in this fashion. Learning how to manage the linux container system is worth it in order to be able to run samba as 'recommended' by the samba team. On Fri, Jan 29, 2016 at 7:50 AM, Frank Thynne <fthynne at elmplace.co.uk> wrote:> For many months I've been trying to replace a Samba 3.0 Domain Controller > with a version that will support Windows 7. > > Despite advice on Samba HOWTO that all supported versions will support > Windows 7 there seems to be an unstated caveat, namely that it must be > configured as an Active Directory Domain Controller. Microsoft's own advice > is that Windows 7 will not work with a Windows NT domain controller and is > not intended to do so. > > By itself, that would not be an obstacle, but there another (stated) > caveat that running AD and file sharing on the same computer is not > recommended. That means that the single server configuration that has run > trouble-free for ten years cannot be so simply replaced. > > Before I embark on a two-server configuration I'd welcome opinions on this > matter. In theory I suppose I could run two Virtual Servers on one > computer, but that looks like a high-risk approach. > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- David Bear mobile: (602) 903-6476
And if you are going the FreeBSD route, jails work provided you turn off
nbt. I have two DC's and a member server (AKA file server), running on the
same metal. HAProxy is load-balancing FreeBSD LDAPS queries against those
two DC's.
# jls
JID IP Address Hostname Path
2 10.1.1.7 jenkins
/usr/local/Jail/jenkins
96 10.1.201.100 PgSQL94.in.test.org
/usr/local/Jail/full-PgSQL94
277 - rca
/usr/local/Jail/full-rca
1000 10.1.200.99 dc-root.ad.test.org
/usr/local/Jail-AD/dc-root
1001 10.1.200.98 dc-lodge.ad.test.org
/usr/local/Jail-AD/dc-lodge
1002 10.1.200.101 fs-lodge.ad.test.org
/usr/local/Jail-AD/fs-lodge
1003 10.1.1.3 ldap-proxy.in.test.org
/usr/local/Jail-AD/ldap-proxy
2143 10.1.201.101 Bacula.in.test.org
/usr/local/Jail/full-bacula
On Sat, Jan 30, 2016 at 3:53 PM, David Bear <dwbear75 at gmail.com> wrote:
> Frank, I have had Windows 7 machines joined to a samba 3.x NT style domain
> for years and they work just fine.
>
> You do need to make a few registry entries which you can easily find with
> google.
>
> As for moving to AD style domain -- this is well worth the effort. If you
> are using linux, there is an option to run linux containers and place
> separate samba processes in these containers. I'm currently running
samba
> 4.x this way. The samba AD domain control is running in a container while
> the samba file server is running in the linux host. This seems to work
> just fine.
>
> Linux containers seem stable and mature. I think there are others running
> samba in this fashion. Learning how to manage the linux container system is
> worth it in order to be able to run samba as 'recommended' by the
samba
> team.
>
>
>
> On Fri, Jan 29, 2016 at 7:50 AM, Frank Thynne <fthynne at
elmplace.co.uk>
> wrote:
>
> > For many months I've been trying to replace a Samba 3.0 Domain
Controller
> > with a version that will support Windows 7.
> >
> > Despite advice on Samba HOWTO that all supported versions will support
> > Windows 7 there seems to be an unstated caveat, namely that it must be
> > configured as an Active Directory Domain Controller. Microsoft's
own
> advice
> > is that Windows 7 will not work with a Windows NT domain controller
and
> is
> > not intended to do so.
> >
> > By itself, that would not be an obstacle, but there another (stated)
> > caveat that running AD and file sharing on the same computer is not
> > recommended. That means that the single server configuration that has
run
> > trouble-free for ten years cannot be so simply replaced.
> >
> > Before I embark on a two-server configuration I'd welcome opinions
on
> this
> > matter. In theory I suppose I could run two Virtual Servers on one
> > computer, but that looks like a high-risk approach.
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
>
>
>
> --
> David Bear
> mobile: (602) 903-6476
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
Hallo, Frank, Du meintest am 29.01.16:> For many months I've been trying to replace a Samba 3.0 Domain > Controller with a version that will support Windows 7.> Despite advice on Samba HOWTO that all supported versions will > support Windows 7 there seems to be an unstated caveat, namely that > it must be configured as an Active Directory Domain Controller. > Microsoft's own advice is that Windows 7 will not work with a Windows > NT domain controller and is not intended to do so.I've just tried ... It works with Samba 4.2 "out of the box", with Windows XP, Windows 7 and Windows 10. Samba 4.3 and 4.4 should work too - in my installation there is a problem with "smbclient", but that's another problem. max protocol = NT1 is the default in the "smb.conf", and it does the job. My Samba server uses the Samba-3 configuration, with the "old" smb.conf and the "old" start-stop-scripts. Viele Gruesse! Helmut