[Samba] Active Directory to OpenLDAP+Kerberos on Linux

Andrew Bartlett abartlet at samba.org
Thu Oct 13 12:29:57 GMT 2005

On Thu, 2005-10-13 at 06:22 -0400, Gary Dale wrote:
> Akshay Guleria wrote:
> >Hi,
> >
> >I have been working on Windows NT PDC to OpenLDAP+Samba migration
> >project and all is going on well, thanks to idealx.
> >Now, I want to now do migrate MS Windows 2000/2003 based Active Directory
> >to Linux+Samba+OpenLDAP+Kerberos.
> >Somehow, the impression that I am getting having gone through many
> >docs, including those from samba.org is that its not possible till
> >probably version Samba 4 is out.
> >My questions to the list:
> >1. Is there some way to achieve this migration. Windows AD to
> >Lnux+Openldap....Can someone point me to the right kind of
> >documentation.
> >2. If its not possible, then is it on the list of features of Samba 4.
> >That is " is it going to be there any soon". how soon? :)
> >
> >Thanks
> >Akshay
> >  
> >
> My readings of the docs is that while Samba can't be a DC in an AD 
> domain, there is nothing to stop it from being a DC in an LDAP/Kerberos 
> domain. 

You can setup Samba3 to honour an MIT kerberos realm (getting the
clients to function is a different matter, but possible).  You can also
have Heimdal backed onto Samba3's LDAP database, which you can populate
with the vampire tools.  And yes,, the goal of Samba4 is to host an
AD-like domain, using the AD protocols.  

> That is, you can't currently mix Windows DCs and Samba DCs in a 
> domain hierarchy, but you can run one with just Samba.
> For migration, I believe you can export the Windows information to an 
> LDIF format and then import it into LDAP, but I've never tried it.

You would need to munge it, and get the passwords.

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20051013/1ac1b828/attachment.bin

More information about the samba mailing list