[Samba] [samba] OpenLDAP proxy to samba4 AD

Elias Pereira empbilly at gmail.com
Sat Dec 6 09:12:17 MST 2014 

I greatly appreciate the answers. Are of great value to me and to others
who like me do not have much experience.

Another question. :D

I believe that we will use debian as distribution for the new Samba4. What
I need to copy from the old to the new distro?

On Sat, Dec 6, 2014 at 12:49 PM, Rowland Penny <rowlandpenny at googlemail.com>
wrote:

> On 06/12/14 14:32, Elias Pereira wrote:
>
>> Hello Marc,
>>
>> I appreciate your response, as well as the other members. Reading your
>> answer, I believe I found what I wanted. Option 3, the principle is what I
>> need right now. I'll try to explain.
>>
>> Today in production, we have the samba3 + openldap. The samba3 is
>> installed
>> on a freebsd, but has some problems that we can not detect. My boss does
>> not want to drop the openldap now. We have discussed about it, and he does
>> not want. :D
>>
>> Let's get this straight. What you say under option 3, can I upgrade to
>> Samba4 and continue using openldap the same way we are using now, ie
>> samba3
>> + openldap. Then would be, Samba4 (without AD DC) + openldap. Would that
>> be?
>>
>> On Sat, Dec 6, 2014 at 11:56 AM, Marc Muehlfeld <mmuehlfeld at samba.org>
>> wrote:
>>
>>  Hello Elias,
>>>
>>> Am 06.12.2014 um 14:44 schrieb Elias Pereira:
>>>
>>>> We already have a Openldap in production, with a samba3. What I am
>>>>
>>> wanting
>>>
>>>> to do is install the Samba4, and still continue to use the "openldap"
>>>> for
>>>> authentication of users in various services that are operating.
>>>>
>>>> You think it's possible?
>>>>
>>> Depends on what your exact plan on this is. You're still not very
>>> detailed. ;-)
>>>
>>>
>>>
>>> 1.) If you do the classicupgrade to Samba AD then all your workstations
>>> will use the Samba AD for authentication. You have to turn off your
>>> Samba PDC service then. Of course, you can keep the openLDAP to
>>> authenticate other services against. But this is a separate database and
>>> passwords won't change in openLDAP, if users do in AD.
>>>
>>> This would be a way for a slower migration to Samba AD and hooking up
>>> the other services to AD afterwards (with the disadvantage of e. g. the
>>> passwort situation).
>>>
>>>
>>>
>>> 2.) If you're having other services, that should not contact DCs
>>> directly (like hosts in DMZ), you can use the openLDAP proxy
>>> documentation from the Wiki.
>>>
>>>
>>>
>>> 3.) If you don't want/need to move to Samba AD, then simply upgrade as
>>> usual and continue running Samba as NT4 PDC. Samba 4 doesn't require to
>>> migrate to AD:
>>>
>>> https://wiki.samba.org/index.php/Updating_Samba#Common_
>>> misconceptions_about_Samba_4
>>>
>>>
>>>
>>> If this doesn't answer you question, then please give a comprehensive
>>> overview about your current setup, the setup you plan to get and about
>>> your environment. This would make it easier to help, instead of
>>> guessing. ;-)
>>>
>>>
>>>
>>>
>>> Regards,
>>> Marc
>>>
>>>
>>
>>
> Hi, it might help if you read this: https://wiki.samba.org/index.
> php/Samba_Readme_First
>
>
> Note to Marc, can we put a link to this on main wiki page ? the page seems
> to be protected.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>



-- 
Elias Pereira

More information about the samba mailing list