Steps to integrate LDAP with Samba4

Rowland Penny repenny241155 at gmail.com
Wed Oct 8 06:10:06 MDT 2014


On 08/10/14 05:43, Vivek Patil wrote:
> Thanks for reply Marc.
>
> Look I have LDAP server that I was setup before two years. And 300 
> users are on LDAP server.
> Now I setup Samba4 AD DC. I want to import all users on LDAP server to 
> Samba AD DC. How I can do this?
>
> My purpose is, want to authenticate Windows, linux and mac system and 
> manage users centrally.
>
> Regards,
> Vivek
>
>
> On 10/7/2014 7:12 PM, Marc Muehlfeld wrote:
>> Hello Vivek,
>>
>> Am 07.10.2014 um 14:50 schrieb Vivek Patil:
>>> I have install Samba4 on Centos6.5 and tested. Working fine.
>> Samba as AD DC with internal LDAP or Samba as an NT4 PDC with openLDAP
>> backend?
>>
>>
>>
>>> But my another requirement is,
>>>
>>> 1. I had setup LDAP server for authentication and want to use LDAP 
>>> users
>>> to authenticate
>> I don't understand that requirement. You can authenticate AD users via
>> LDAP, like you can against other LDAP servers.
>>
>> If you mean if you can have an Samba AD DC with an external LDAP
>> backend: No, you can't (yet).
>>
>>
>>
>>> 2. How I can setup new LDAP server with new install system and import
>>> users from old LDAP server
>> If you mean how you can setup a Samba AD DC and migrate accounts from
>> your Samba NT4 domain, see
>>
>> https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO
>> https://wiki.samba.org/index.php/Samba_Classic_Upgrade_%28NT4-style_domain_to_AD%29 
>>
>>
>>
>>
>>> 3. Integrate LDAP users with samba4
>> Can you explain what you mean here?
>>
>>
>>
>>
>> If you give us more details about your environment and what your goals
>> are, it's easier to help. And if you ask such questions on the Samba
>> user mailing list, instead of the Samba developer list, you're having a
>> greater chance to get answers. ;-)
>>
>>
>> Regards,
>> Marc
>>
>
>
Hi, if your original LDAP server is being used by samba as an NT4-style 
PDC, then look here:

https://wiki.samba.org/index.php/Samba_Classic_Upgrade_%28NT4-style_domain_to_AD%29 


If it is just a standalone LDAP server, it gets a bit more involved, you 
will need to write a script to extract your users etc from LDAP and then 
use this list to add the users etc to AD, the big problem will be the 
passwords, unless your LDAP is storing plain passwords, it might be 
easier to create new passwords and then force the users to change them 
at next login.

Rowland


More information about the samba-technical mailing list