[Samba] the unusual way ldap -> AD

Dale Schroeder dale at BriannasSaladDressing.com
Tue Mar 24 19:19:10 GMT 2009

Matthias Grimm wrote:
> Hi,
> (this will be a long post)
> currently we got a working setup of one PDC in our HQ and five BDC in
> our branch offices, all backed by LDAP. PDC is LDAP master and all
> branch offices are configured as syncrepl. This setup was more a
> playfield for me, which 'suddenly' went into production by business
> needs, you know the deal... The setup does a fine job, but there is no
> failover of any kind, so if our main server kicks the bucket we're in
> trouble.
> We thought and played a bit with RHCS but it wasn't that highlight in my
> life ;). Now I'm playing with CTDB and everything is much more smooth
> than ever before. Since there are 4 citrix servers, backed by AD, which
> will start applications from samba, it's very 'interesting' to keep the
> users in sync (passwords). I've allready played with samba as AD-member
> which works like a charm, so the way will be to have all samba servers
> act as domain members and authenticate against AD. So far, so good..
> There are some points which can't be avoided, like rejoining every PC to
> the domain, correct UID/GID for homedir and profiles, but THAT could be
> done with some scripting.
> The main problem I'm thinking about: HOW to get the existing users,
> 'round 440, from LDAP into AD. Sure, we need to overlook every account,
> set Profile dirs right and stuff..
> Does anyone done this before? How could it be done? What about printing?
Numerous requirements, but see

> ATM we're thinking about setting up a new AD server, let the CTDB-samba
> join this doamin and move every user step by step.
> Sorry for this long and confused post ;)
> Matthias

More information about the samba mailing list