Samba 3 to Samba 4 Migration.

[William E Jojo]

Hello all! 

Does the update_from_s3 migrate the users, passwords and SIDs from Samba3 into Samba 4 with LDB so that it is ready to be an active directory server? Or does it just become a Samba4 server that is NT 4 compatible? 

Our user database is in LDAP and we are testing migrating our users to AD and want to know if this is the right way to do it and the notes read: 

We have to recommend against upgrading production servers 
from Samba 3 to Samba 4 at this stage, because there may be the features 
on which you may rely that are not present, or the mapping of 
your configuration and user database may not be complete. 

Which is fine since we are testing. It's the "user database may not be complete" that has me puzzled. We are attempting to avoid trying to migrate with ADMT into 2008 forcing us to re-password 60,000 users. Besides, we would like to continue to use Samba and I'm happy to test a more complicated setup with 60K+ entries in LDAP. 

Could someone provide the gory details of what may happen on the upgrade path when the users are in LDAP? We do not need to stay with OpenLDAP as the backend, this is strictly an exercise in user/password/SID migration. 

Any additional technical details would be greatly appreciated such as: 

* can new schemas be put into LDB or is it preferred to use referrals to another tree with that data? 
* will nis.schema attributes by migrated/mapped to SFU-like attributes in Samba 4 ? 
* can we extend LDB with something like the FreeRADIUS schema? 
* can we dump the AD tree to a flat file for disaster recovery like we could with something like slapcat in OpenLDAP? 


As always, we really appreciate your hard work and effort on such a fine product. 

Cheers, 
Bill