Samba/Samba 4 Migration

This guide introduces the migration of Samba3 to Samba4 with LDAP on Gentoo boxes.

Pre-requisite

 * A working samba 3 NT PDC (Must be PDC as it will be Promote to AD)
 * Samba AD DNS Planing
 * LDAP Auth Backend Database (Optional)
 * Python 2.7 as ABI

Samba DNS Planing

 * Moving from samba3 to samba AD is not easy due to the fact that the idea wasn't the same.
 * Samba AD required you to have a resolvable DNS.
 * MS suggest to use a FQDN as an AD Server as it is easily scalable in future.
 * There are some suggestion to use suffixes of .local, .lan .corp but these are bad idea, very bad idea indeed. As we have no understanding what suffixes ICANN will use in future. And having a DNS with that suffix will conflict with the external DNS.

Thus we would hope that you use the following suggestion.

FQDN subdomain DNS setup
Example you own "company.com" and it is hosting by your web hosting company.

Samba AD and internal subdomain DNS setup

in the above example, NETBIOS NAME: HEADOFFICE

So the most important setup.

hostname = samba4-1.headoffice.company.com

AD = headoffice.company.com

REALM = HEADOFFICE.COMPANY.COM

DOMAINNAME ( NT Style ) COMPANY

Benefit
 * 1) A clear cut on internal and external DNS.
 * 2) There will not be any conflict between internal and also external DNS.
 * 3) In case if there are Branch Site, the Branch AD FQDN can be another subdomain: samba4-2.branch_CA.company.com.
 * 4) We can also make the subdomain public if need and that make this design future proof.

Getting Samba4
Samba4 is already in portage, however it is still mask and there are some bugs related to it.

A few of them are affecting us. Make the patch in and run your ebuild.
 * 1)  Mit-krb5 conflict with hemidal issue, resolve using internal hemidal library.
 * 2)  LDAP Schema Missing after Samba4 install. (Fixed)

The 1st bugs are very important if you cannot remove the dependency of having mit-Krb5 (in most case)

Please apply the patch and make your own ebuild.

2nd patch is optional as you can still copy the samba.schema somewhere over the internet. Fixed

For more on samba4 bugs please have a look on the bugs tracker below.

Samba4 unmask bugs tracker.