[Samba] Samba, LDAP and replica

Laurent CARON lcaron at lncsa.com
Wed Jan 2 12:14:07 MST 2013

On 26/12/2012 22:33, Andrew Bartlett wrote:
> On Wed, 2012-12-26 at 08:36 -0200, TI wrote:
>> Hi Guys,
>> I have six Linux Servers running Samba 3 as PDC of our domain, in
>> different locations. They are integrated through LDAP (which is
>> configured to replicate over our VPN) and all responds to the same
>> domain. So, wherever the user is, he will log in the same domain
>> name.
>> Now I'am planning to migrate to Samba 4. As Samba 4 manages it´s LDAP
>> internally, what is the best approach to keep the same design I have
>> today?
> Samba 4.0 can continue as-is, using your existing LDAP configuration, if
> you wish to maintain a 'classic' domain.  To upgrade to an AD domain,
> you will need of course to use our internal LDAP.  This is naturally
> multi-master replicated, so it should 'just work'.
> https://wiki.samba.org/index.php/Samba4/HOWTO#Migrating_an_Existing_Samba3_Domain_to_Samba4
> https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC
> The main thing to watch out is just as with Samba classic domains, the
> [netlogon] share (and [sysvol] in the AD case) is not replicated by
> Samba - you have to sync any changes around manually (eg rsync).
> We do have some support for the concept of Sites, but it isn't totally
> complete.  So, you may wish to investigate closely to ensure it does
> enough to avoid swamping your VPN links.
> I wish you the very best with your upgrade.  Feel free to come back with
> any issues you may have.

Hi Andrew,

We use the same kind of setup.

We do extensively use ldap for sudo, automount, lemonldap, ... a bunch 
of services.

Can we basically keep our LDAP directory without altering the schema and 
still benefit of samba4 features ?

If this is completely ruled out, is there a smooth migration path to 
keep all those info in a LDAP directory (wether samba internal or 
external) ?


More information about the samba mailing list