samba - Mar 2021 - Running smbd 4 + nmbd 3?

On 11/03/2021 22:19, Lou via samba wrote:
> On Thu, Mar 11, 2021 at 09:56:39PM +0000, Rowland penny via samba wrote:
>> No, you must use the nmbd that comes with Samba 4, the problem is 
>> that you will have to use SMBv1 at both ends. This is not really a 
>> problem, it is just a bit insecure and you might not need to run 
>> nmbd. It might help if you can describe your setup in more detail and 
>> if you have anything that must use SMBv1 (something that will not 
>> work without SMBv1).
>
> Thanks for the reply.
>
> I have two servers:
>
> smbd-server -> provides file sharing and runs smbd 3.6.25
> nmbd-server -> it is the PDC and runs nmbd < 3.6.25
>
> At smbd-server, smb.conf has the following line:
>
> wins server = openldap.ufabc.int.br
>
> So, nmbd that runs in nmbd-server, so nmbd-server runs as a wins 
> server.? It
> uses LDAP as a backend.
>
> I need to enable latest protocols (SMB3+) for smbd-server
>
> Alternatives I thought about:
>
> 1. Upgrade everything to Samba 4 as an AD DC.? This is not a good 
> choice for
> now, because I'd have to change the whole organization structure.
>
> 2. Upgrade everything to Samba 4, but do not "enable AD".? Make
it use
> our LDAP
> backend, so the change would be invisible to the clients.
>
> 3. Upgrade only smbd to Samba 4 and make it use the old nmbd at 
> nmbd-server as
> a wins server.? I tried it but I had no success.
>
> I'd prefer go for 3, and then 2, and then 1, if it is possible. Any
> recommendations?
>
> Thanks.
>
Bite the bullet, classicupgrade to AD. ?

You are running Samba as an NT4-style domain with ldap, so you are 
possibly also using smbldap-tools, this is more than EOL, it is dead, 
there is absolutely nobody maintaining it.

Samba is working hard to remove SMBv1 and a lot of what an NT4-style 
domain relies on was deprecated at 4.13.0 . Windows 10 has SMBv1 turned 
off by default, so you have to manually turn it back on, Microsoft could 
decide to turn it off completely.

An NT4-style domain is yesterdays technology, AD is the way forward. If 
you must keep your domain running whilst you test the upgrade path, then 
use Samba 4 and run smbd, nmbd and winbind on the PDC etc.

Rowland

On Thu, Mar 11, 2021 at 10:41:12PM +0000, Rowland penny via samba
wrote:
>Bite the bullet, classicupgrade to AD. ?
classicupgrade seems great!  Although I've looked for some migration guides,
how
didn't I find classicupgrade before? :-)
>An NT4-style domain is yesterdays technology, AD is the way forward. 
>If you must keep your domain running whilst you test the upgrade path, 
>then use Samba 4 and run smbd, nmbd and winbind on the PDC etc.
Let me first understand this.  It seems that, with NT4, I cannot have two PDCs
running on the network.  AD supports this, but I was wondering if I can have
both old PDC and new one running at the same time for the migration.  Is it
possible?

Thank you again.