[Samba] [samba] OpenLDAP proxy to samba4 AD

Marc Muehlfeld mmuehlfeld at samba.org
Sat Dec 6 06:56:44 MST 2014

Hello Elias,

Am 06.12.2014 um 14:44 schrieb Elias Pereira:
> We already have a Openldap in production, with a samba3. What I am wanting
> to do is install the Samba4, and still continue to use the "openldap" for
> authentication of users in various services that are operating.
> You think it's possible?

Depends on what your exact plan on this is. You're still not very
detailed. ;-)

1.) If you do the classicupgrade to Samba AD then all your workstations
will use the Samba AD for authentication. You have to turn off your
Samba PDC service then. Of course, you can keep the openLDAP to
authenticate other services against. But this is a separate database and
passwords won't change in openLDAP, if users do in AD.

This would be a way for a slower migration to Samba AD and hooking up
the other services to AD afterwards (with the disadvantage of e. g. the
passwort situation).

2.) If you're having other services, that should not contact DCs
directly (like hosts in DMZ), you can use the openLDAP proxy
documentation from the Wiki.

3.) If you don't want/need to move to Samba AD, then simply upgrade as
usual and continue running Samba as NT4 PDC. Samba 4 doesn't require to
migrate to AD:

If this doesn't answer you question, then please give a comprehensive
overview about your current setup, the setup you plan to get and about
your environment. This would make it easier to help, instead of
guessing. ;-)


More information about the samba mailing list