[Samba] [samba] OpenLDAP proxy to samba4 AD
Rowland Penny
rowlandpenny at googlemail.com
Sat Dec 6 07:49:36 MST 2014
On 06/12/14 14:32, Elias Pereira wrote:
> Hello Marc,
>
> I appreciate your response, as well as the other members. Reading your
> answer, I believe I found what I wanted. Option 3, the principle is what I
> need right now. I'll try to explain.
>
> Today in production, we have the samba3 + openldap. The samba3 is installed
> on a freebsd, but has some problems that we can not detect. My boss does
> not want to drop the openldap now. We have discussed about it, and he does
> not want. :D
>
> Let's get this straight. What you say under option 3, can I upgrade to
> Samba4 and continue using openldap the same way we are using now, ie samba3
> + openldap. Then would be, Samba4 (without AD DC) + openldap. Would that be?
>
> On Sat, Dec 6, 2014 at 11:56 AM, Marc Muehlfeld <mmuehlfeld at samba.org>
> wrote:
>
>> Hello Elias,
>>
>> Am 06.12.2014 um 14:44 schrieb Elias Pereira:
>>> We already have a Openldap in production, with a samba3. What I am
>> wanting
>>> to do is install the Samba4, and still continue to use the "openldap" for
>>> authentication of users in various services that are operating.
>>>
>>> You think it's possible?
>> Depends on what your exact plan on this is. You're still not very
>> detailed. ;-)
>>
>>
>>
>> 1.) If you do the classicupgrade to Samba AD then all your workstations
>> will use the Samba AD for authentication. You have to turn off your
>> Samba PDC service then. Of course, you can keep the openLDAP to
>> authenticate other services against. But this is a separate database and
>> passwords won't change in openLDAP, if users do in AD.
>>
>> This would be a way for a slower migration to Samba AD and hooking up
>> the other services to AD afterwards (with the disadvantage of e. g. the
>> passwort situation).
>>
>>
>>
>> 2.) If you're having other services, that should not contact DCs
>> directly (like hosts in DMZ), you can use the openLDAP proxy
>> documentation from the Wiki.
>>
>>
>>
>> 3.) If you don't want/need to move to Samba AD, then simply upgrade as
>> usual and continue running Samba as NT4 PDC. Samba 4 doesn't require to
>> migrate to AD:
>>
>> https://wiki.samba.org/index.php/Updating_Samba#Common_misconceptions_about_Samba_4
>>
>>
>>
>> If this doesn't answer you question, then please give a comprehensive
>> overview about your current setup, the setup you plan to get and about
>> your environment. This would make it easier to help, instead of
>> guessing. ;-)
>>
>>
>>
>>
>> Regards,
>> Marc
>>
>
>
Hi, it might help if you read this:
https://wiki.samba.org/index.php/Samba_Readme_First
Note to Marc, can we put a link to this on main wiki page ? the page
seems to be protected.
Rowland
More information about the samba
mailing list