[Samba] Implement Samba4 AD

Michael Wood esiotrot at gmail.com
Wed Nov 23 08:15:50 MST 2011

On 23 November 2011 15:01, Andreas Moroder <andreas.moroder at sb-brixen.it> wrote:
> Am 23.11.2011 13:00, schrieb Daniel Müller:
>> Hello again,
>> why do you have to change to ADS?
> Because it is hard to manage 700 PCs without grpup policies.
>> And yes samba4 ADS is stable enough to do the job.
>> As to your needs you have to join your Samba3 machines to the new ads.
>> As far as I know there is meanwhile a tool in samba4 to vampire your
>> samba3
>> nt-domain to samba4.
>> With SOGo/Openchange/Samba4 as addition you can have even your own
>> Exchange
>> like server.
> we have many other applications ( imp/horde, MRBS, squid and many more )
> that authenticate against openLDAP.
> For us it is very importatn that that continues to work.

Samba4 does not support using OpenLDAP as the backend.  There was
experimental support in the past, but they removed it again because I
believe they needed tighter integration with the LDAP backend than
they could get with OpenLDAP.

It is possible to extend Samba4's LDAP schema, but I believe there are
some issues with that.

You might want to set up a test system and try getting everything to
work.  If you run into issues, you could ask here or on

If Samba4 doesn't work for you now, you will be able to install some
Windows domain controllers and later migrate to Samba4 when you decide
it is ready, because it supports replication to/from Windows DCs using
the native AD protocols.

Michael Wood <esiotrot at gmail.com>

More information about the samba mailing list