My network currently has the following server running Samba 3 as a standalone server to 50 client boxes: Linux a1 2.6.35.7 #3 SMP Samba Version 3.5.6. Currently, no true NT Domain Controller, in Windows speak - it's a Workgroup only.
I have another server that I want to configure to use Samba 4 as an Active Directory Domain Controller and file server: Linux a10 3.7.10-gentoo-r1 #1 SMP Samba Version 4.0.4. I only have one subnet and cannot disrupt the users, but have read the following concerns on the Samba wiki: Make sure you thoroughly test your conversion and how your clients react before you activate your new server in your production environment! Once a Windows client finds and connects to the new server, it is not possible to go back! Also, it is necessary to do testing on a separate network so that the old and new domain controllers don't clash. The issues with having both domains 'live' at the same time are: The databases are not syncronised after the initial migration Even if no changes are made to the DB, clients which see an AD DC will no longer honour NT4 system policies The new Samba4 PDC and the old DC will both claim to hold the #1b name as the netbios domain master The paths to certain files and directories for your Samba3 installation are often distribution specific (for example, /var/lib/samba vs. /etc/samba). Please be sure to verify and if necessary, modify paths used in examples appropriately. - - - - - - Has anyone dealt with only having one subnet upon which to configure and test a new Samba 4 server in the presence of a currently active Samba 3 server? I was thinking maybe the simplest way would be to make an iptables firewall on the Samba 4 server -- allowing connections from only one particular address on the subnet and use that one address for a client box to test on. Possible iptables rule (allowing one client address, blocking all others on subnet): iptables -t filter -A INPUT -i eth0 -s 192.168.1.200 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -t filter -A INPUT -i eth0 ! -s 192.168.1.200 -j DROP Would this be adequate to separate the Samba 4 server from others on the LAN? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba