[Samba] Samba, LDAP and replica
lcaron at lncsa.com
Wed Jan 2 12:14:07 MST 2013
On 26/12/2012 22:33, Andrew Bartlett wrote:
> On Wed, 2012-12-26 at 08:36 -0200, TI wrote:
>> Hi Guys,
>> I have six Linux Servers running Samba 3 as PDC of our domain, in
>> different locations. They are integrated through LDAP (which is
>> configured to replicate over our VPN) and all responds to the same
>> domain. So, wherever the user is, he will log in the same domain
>> Now I'am planning to migrate to Samba 4. As Samba 4 manages it´s LDAP
>> internally, what is the best approach to keep the same design I have
> Samba 4.0 can continue as-is, using your existing LDAP configuration, if
> you wish to maintain a 'classic' domain. To upgrade to an AD domain,
> you will need of course to use our internal LDAP. This is naturally
> multi-master replicated, so it should 'just work'.
> The main thing to watch out is just as with Samba classic domains, the
> [netlogon] share (and [sysvol] in the AD case) is not replicated by
> Samba - you have to sync any changes around manually (eg rsync).
> We do have some support for the concept of Sites, but it isn't totally
> complete. So, you may wish to investigate closely to ensure it does
> enough to avoid swamping your VPN links.
> I wish you the very best with your upgrade. Feel free to come back with
> any issues you may have.
We use the same kind of setup.
We do extensively use ldap for sudo, automount, lemonldap, ... a bunch
Can we basically keep our LDAP directory without altering the schema and
still benefit of samba4 features ?
If this is completely ruled out, is there a smooth migration path to
keep all those info in a LDAP directory (wether samba internal or
More information about the samba