Changing from a Samba classic domain to Samba 4

Upgrade or Wait

Article from Issue 191/2016
Author(s):

Samba 4 has been around for more than three years, but some users still shy from it. If you are still sitting on the fence, this tour through some of the new features and capabilities might help you decide whether it is finally time to upgrade.

Samba [1] is the tool of choice for providing Windows-like file and print sharing services on a Linux server. If you only need basic file and print services, switching to Samba 4 it not worth the effort because the new Samba is not so much different. Samba 4 still contains the smbd, nmbd, and winbindd components, although it also has the samba service on-board, which Samba needs for the new features. You will also find some limitations. For instance, Samba 4 reduces access to TDBs (trivial databases) to a minimum.

But, if you use Samba in a classic Windows NT4 domain setting, and if you are willing to delve more deeply into the Windows world, some of the new Samba 4 features might come in handy.

What's New?

The main feature of Samba 4 is the possibility of using a Samba server as a full-fledged replacement for a Windows AD domain controller. Samba 4 supports Windows environments as of Windows 2000.

An LDAP server developed for Samba and integrated into the solution itself assumes the Active Directory role. Samba 4 relies on the built-in Kerberos KDC (Kerberos Key Distribution Center) to support Kerberos authentication via its usual ticket system.

DNS still plays a central role in a Windows AD domain, and you can set up Samba 4 with two possible DNS server roles. The Samba 4 binary includes a DNS server that is part of Samba 4. If necessary, admins can call on the DLZ (dynamically loadable zones) module to implement a Bind server. Both solutions support the typical maintenance of DNS records that is familiar to Windows administrators. The official recommendation is to use the built-in DNS and only change to Bind if necessary.

The correct system time is also important for Windows domains. For example, Kerberos relies on correct timestamps to avoid replay attacks. Samba 4 keeps time by accessing the well-known NTP daemon. (Btw: Windows 2000 clients do not behave as an NTP server would expect, so Samba 4 cannot act as an AD domain controller for Windows 2000 systems.)

Management

Windows admins can customize the entire configuration using the Microsoft Management Console (MMC). MMC is the standard tool for managing a Windows AD domain controller (see Figure 1). On the Linux side, admins manage current Samba versions with the help of the new samba-tool [2]. With samba-tool, you can create or delete users and groups or trigger a classicupgrade from version 3 to 4. Table 1 shows the options.

Table 1

samba-tool Commands

Command

Function

dbcheck

Check the local AD database for errors

delegation

Manage delegations

dns

Manage the domain name service (DNS)

domain

Manage domains

drs

Manage the directory replication service (DRS)

dsacl

Manage access control lists (ACL) for domain services

fsmo

Edit roles for flexible single master operations (FSMO)

gpo

Manage Group Policy objects

group

Manage groups

ldapcmp

Compare two LDAP databases

ntacl

Manage NT ACLs

processes

List processes (for debugging on systems without setproctitle)

rodc

Manage the read-only domain controller (RODC)

sites

Site management

spn

Manipulate identifiers of service instances (service principal names)

testparm

Check config file for syntax errors

time

Retrieve the timestamp on the server

user

User management

vampire

Synchronize a remote AD domain with the local server

Figure 1: The Windows admin still uses the MMC process user data even if Samba 4 is in use.

Samba 4 has a programming interface for Python. Admins and system integrators use this interface to seamlessly customize the software for their environments. Many Samba 4 tools (including samba-tool ) use Python and rely on this interface.

Versions

Major and minor versions of Samba 4 appear regularly. Major changes end up in major versions with numbers such as 4.0, 4.1, 4.2, and so on. Minor changes are incorporated in the minor versions, with version numbers like 4.1.1, 4.1.2, 4.2.1, or 4.2.2. The latest stable release is version 4.4.3 [3].

The major releases 4.1, 4.2, 4.3, and 4.4 improve performance and substantially expand the feature list. Since version 4.1, for example, the client tools now also work with the SMB 2 and 3 protocols. In addition, Samba 4.1 enables server-side copy actions.

Release 4.2 saw the CTDB (Cluster Trivial Database) enter the Samba tree. The CTDB lets you run Samba file servers in the form of clusters. A new tool called Samba Registry Editor lets you crawl the Samba registry.

The 4.3 and 4.4 releases improve existing features and add enhancements to some of the tools. Version 4.4 impresses with better performance, especially with asynchronous flush requests. When clients ask the server to write unsecured content to disk, this write operation is done in an asynchronous manner. The operation therefore blocks any other processes. Support for SMB-3-multichannel is still considered experimental, however. This feature allows the client to build multiple transport connections in an authenticated SMB session, which improves both fault tolerance and data throughput because the file can be transferred in parallel over multiple network connections.

Last but not least, some of the changes relate to the configuration in the /etc/samba/smb.conf file. The developers have removed 14 parameters, changed the default setting for seven, and added 37 new parameters [4].For those who like more detail, have a look at the release notes for the major releases 4.1 [5], 4.2 [6], 4.3 [7], and 4.4 [8].

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Samba 4

    Since the release of the final version, Samba 4 has become increasingly significant in IT practice; now it has found its way into Jessie, the next Debian release. We take a look at the new features.

  • Samba 4.0 Released

    The Samba team announces Samba 4.0 – the latest version of the free software file, print, and authentication server suite designed for compatibility with Windows networks.

  • Next Alpha Version of Samba 4

    The developers of the Samba 4 version have released the second alpha version three months after the initial alpha.

  • Samba 4

    A technical preview version of Samba 4 became available at the end of January. We took a look at what’s coming in the next version of the Samba file and print service suite.

  • Samba 3.2 With IPv6, Clustering and GPLv3

    The free Samba project has just released version 3.2 of the file and printer server for Microsoft Windows clients. The team will be moving to the GPL v3 license as of this version.

comments powered by Disqus