[Samba] the unusual way ldap -> AD

Matthias Grimm eisofen at eisofen.de
Tue Mar 24 18:50:28 GMT 2009


(this will be a long post)

currently we got a working setup of one PDC in our HQ and five BDC in
our branch offices, all backed by LDAP. PDC is LDAP master and all
branch offices are configured as syncrepl. This setup was more a
playfield for me, which 'suddenly' went into production by business
needs, you know the deal... The setup does a fine job, but there is no
failover of any kind, so if our main server kicks the bucket we're in
We thought and played a bit with RHCS but it wasn't that highlight in my
life ;). Now I'm playing with CTDB and everything is much more smooth
than ever before. Since there are 4 citrix servers, backed by AD, which
will start applications from samba, it's very 'interesting' to keep the
users in sync (passwords). I've allready played with samba as AD-member
which works like a charm, so the way will be to have all samba servers
act as domain members and authenticate against AD. So far, so good..
There are some points which can't be avoided, like rejoining every PC to
the domain, correct UID/GID for homedir and profiles, but THAT could be
done with some scripting.
The main problem I'm thinking about: HOW to get the existing users,
'round 440, from LDAP into AD. Sure, we need to overlook every account,
set Profile dirs right and stuff..
Does anyone done this before? How could it be done? What about printing?

ATM we're thinking about setting up a new AD server, let the CTDB-samba
join this doamin and move every user step by step.

Sorry for this long and confused post ;)


More information about the samba mailing list