Samba4 Questions

Home » General » Samba4 Questions
General 25 Comments

I’m a little new to Samba when used as more than just a simple place to mount a single user to a single share, but we’re now getting ready to replace our Netware servers with Samba, and I guess that means Active Directory DC.

As I read more and more about this beast, I keep finding pages that indicate the samba4 rpms supplied with the CentOS/RH distribution are not the full version and that I should get them from either samba.org or certain other sources that provide complete versions. These pages are a little dated, but not that old.

Can anyone provide insight into what they’ve done in this situation and whether the samba rpms are now full versions? Most of what I have found on the web is dated around when samba4 just came out of beta through a little later.

There doesn’t seem to be much documentation on this subject on the web or through Amazon, so half of my time is spent searching instead of reading. A good source for reading would be appreciated as well. I can find plenty examples, just not definitive manuals.

steve campbell

25 thoughts on - Samba4 Questions

  • The samba4 packages redhat provides has AD DC functionality disabled due to heimdal/MIT issues. They are also quite out of date.

    To get more recent working packages look to SerNet Samba.

  • Thanks very much. The SerNet stuff was what I was seeing using Google, but as I mentioned, the postings were rather old.

    Thanks James for the reply. steve

  • Am 18.04.2014 17:49, schrieb Steve Campbell:

    One question: why do you need samba 4? We’re running 3.6.9 (the current)
    on CentOS 6.5, in a moderately complex environment, and we connect to AD
    (and kerberos, I think – I don’t normally touch samba).

    mark

  • I’m not sure why I need that. As I stated, I’m a little new to Samba and AD. For some reason, my research suggests that to get AD, I need Samba 4.

    The person who manages our Netware, and who will be assuming the responsibility of managing all of this once installed wants to keep as much of the similarities between Samba and Netware as he/she can. We are replacing Netware with Samba as a file services device.

    steve

  • Please don’t top post.

    Steve Campbell wrote:

    Well, Let me assure you that, as I said, we’re running the version of samba that you get when you do yum install samba with CentOS 6.5, and we’ve been running for quite a number of years.

    mark “your federal tax dollars at work, here*”

    * I work for a federal contractor at a civilian sector US federal gov’t organization. I do not speak for my organization, my employer, or the view out my window (as if they’d give me a window).

  • Is that his/her same forward thinking that managed to keep you guys on netware for so long?

    His/her phone is ringing, its 1980, they want their technology back:)

  • Do you want to replace AD or just interoperate with a Microsoft AD?
    Samba 3 will do the latter.

  • I’ll tell you what we’ve got now, and how the new stuff will be used. I’m definitely not a windows type guy, and windows domains are confusing as H*** to me.

    With our current netware:

    We have 3 “domains”. They’re really not domains but we have 3 separate companies here. Based on the netware logins, you get certain volumes mapped to windows drives. The netware login scripts do the mapping. We have opted not to get a new Windows Server and whatever Netware is now.

    So I guess from the Samba standpoint, the volumes are shares. This netware guy wants the ability to add new users to a “domain” that will have common mappings, and all the other stuff like specific printers attached. When the new user/machine is configured, the Windows domain is specified as well for that user.

    Now understand, I don’t speak windows domains, and all I’ve researched about Samba and what he’s wanting to do sort of points to a Samba AD DC
    to accomplish this. I’ve only created individual shares using Samba and mounted those shares manually to a windows machine. That all works great
    (on Windows 7, XP requires a remount during every boot up).

    The best thing I can come up with for now is to install Samba on a machine and see how far I can get with a test Windows machine.

    My original post was about the Samba rpms that come with CentOS, and I
    think I got the answer that it’s not fully complete due to copyright infringements.

    Thanks for all the help. One day I hope it all makes sense.

    steve

  • Steve Campbell wrote:
    Samba

    I’m nowhere near a samba guru, but I’d think that the AD info – that’s a version of LDAP – could *say* what shares a given user mounts.

    Wait, as I think of it, this is percolating through: nahhh, what you do is have three workgroups, and what they user is on gets that workgroup’s shares.

    mark

  • But do the workgroups have their own login scripts on the server? That’s sort of been the difference between using workgroups and domains, at least from any readings I’ve done so far. We actually break the
    “workgroups/domains” down into departmental groups.

    We’re a newspaper corporation. We have 3 distinct newspapers here (by law, the newspapers must be distinct). Then there’s the JOA that operates over the 3 newspapers that controls finance, production (press room and the like).

    Within each newspaper, there is sub-workgroups like copy desk, editors, etc that all get subsets of the mappings.

    Mark, thanks for the brain work. I’m not sure Samba 4 wouldn’t be the better choice. I’ve subscribed to SerNet and downloaded the rpms. The server isn’t loaded yet with the OS, so it’s still planning time. And redundancy of any type hasn’t been looked at yet, but I think Samba 4 is supposed to be more mature for that.

    I probably should join the samba list from here on. Just a matter of time before someone shouts OT, but the original post was not.

    steve

  • workgroups are just groupings of peer hosts for the ‘network neighborhood’ view. nothing more or less. most importantly, they don’t include any ‘server’ or centralized authentication, thats what Active Directory provides.

    In Microsoft’s Active Directory, you put users and systems in “OU”
    (Organizational Units), and each OU can have group policies and those policies can specify login scripts, these can do things like map network drives for users. Presumably, Samba’s implementation of AD offers a similar facility, but I don’t think the domain management tools in Samba are anywhere near as well integrated or full featured as what you get with a Windows Server system.

  • Another samba 4 advantage, I think:
    You can load and use Windows Remote Server Administration Tools (RSAT)
    to manage the domains. How completely? Time will tell.

    steve

  • I’d read the EULA on those tools carefully. I would not be at all surprised that their useage is tied to having Microsoft Servers. TANSTAAFL.

  • Windows had a concept of ‘domain controller’ before AD, and samba 3.x should be able to emulate that for one domain and run a logon script. It might be cheaper to run 3 CentOS instances (or VMs) than Netware or AD (or learn how to manage the AD emulation in samba 4).

    SME server used to be pretty good at that sort of thing (small business server). You could just add users and put them in groups with the web interface and set up file shares by group. The ClearOS
    version might be more up to date, though. The old lanman authentication wouldn’t be as secure as AD, though.

  • active directory is relevant if you have more than a couple users, logging into desktop Windows machines, who want to connect to your server.

    without that, you get to muck about with smbpasswd on a per user basis on the samba server, and their desktop passwords and smbpasswords are never in sync.

    with active directory, you can manage the user access from a central location, and potentially manage desktop policies (security policies, login scripts, etc etc), even push application software installs via GPO’s. note I said potentially as I don’t know how much GPO support Samba4’s AD implementation has.


    john r pierce 37N 122W
    somewhere on the middle of the left coast

  • I never actually used it that way, but I thought that you were supposed to be able to change your password from windows when using samba as a domain (not AD) controller. And there was some support for making that change your linux password to match.

    You could also use samba with LDAP accounts. ClearOS might make that work out of the box but otherwise it is painful to set up. But going forward, finding a packaged samba4 that works is probably the best approach.

  • yeah, you’re right, NT4 domains could do that. been quite a long time since I’ve used those.

    I’m not sure win7/8 professional are happy about joining a NT4 Domain, at least not without a bunch of tinkering with security policies.

  • management is to install MicroSoft’s Remote Server Administration Tools for Windows X package, where X is whatever version of MS-Windows you run as a domain member workstation client. Earlier forms of the software were called Windows Server Y Administrative Tools Pack where Y refers to the server version (2000, 2003, etc.)

  • +1 to Les’s comments.

    @ OP – if you are not averse to switching distributions, then give Zentyal (www.zentyal.org) a try; it has Samba 4.1.5 IIRC and based on Ubuntu 12.04.3 LTS.

    The Zentyal folks have done a good job on the Web UI so user/group and file share management is fairly straightforward.

    Recently, I migrated a 50 node setup, a mix of CentOS desktops, Linux Storage (Debian), Windows 7 Pro, OS X, from a openLDAP+Samba3 PDC
    setup to Samba4 AD/DC.

    Much as this group has helped you, you will have to do some homework
    (reading + experimentation) and bring yourself up to speed on Samba4. There is a lot of documentation <http://www.samba.org/samba/docs/> and wiki.samba.org.

    — Arun Khan