[Samba] Samba, LDAP and replica
Andrew Bartlett
abartlet at samba.org
Wed Dec 26 14:33:55 MST 2012
On Wed, 2012-12-26 at 08:36 -0200, TI wrote:
> Hi Guys,
>
> I have six Linux Servers running Samba 3 as PDC of our domain, in
> different locations. They are integrated through LDAP (which is
> configured to replicate over our VPN) and all responds to the same
> domain. So, wherever the user is, he will log in the same domain
> name.
>
> Now I'am planning to migrate to Samba 4. As Samba 4 manages it´s LDAP
> internally, what is the best approach to keep the same design I have
> today?
Samba 4.0 can continue as-is, using your existing LDAP configuration, if
you wish to maintain a 'classic' domain. To upgrade to an AD domain,
you will need of course to use our internal LDAP. This is naturally
multi-master replicated, so it should 'just work'.
https://wiki.samba.org/index.php/Samba4/HOWTO#Migrating_an_Existing_Samba3_Domain_to_Samba4
https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC
The main thing to watch out is just as with Samba classic domains, the
[netlogon] share (and [sysvol] in the AD case) is not replicated by
Samba - you have to sync any changes around manually (eg rsync).
We do have some support for the concept of Sites, but it isn't totally
complete. So, you may wish to investigate closely to ensure it does
enough to avoid swamping your VPN links.
I wish you the very best with your upgrade. Feel free to come back with
any issues you may have.
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba
mailing list