[Samba] [samba] OpenLDAP proxy to samba4 AD

Elias Pereira empbilly at gmail.com
Sat Dec 6 07:32:25 MST 2014 

Hello Marc,

I appreciate your response, as well as the other members. Reading your
answer, I believe I found what I wanted. Option 3, the principle is what I
need right now. I'll try to explain.

Today in production, we have the samba3 + openldap. The samba3 is installed
on a freebsd, but has some problems that we can not detect. My boss does
not want to drop the openldap now. We have discussed about it, and he does
not want. :D

Let's get this straight. What you say under option 3, can I upgrade to
Samba4 and continue using openldap the same way we are using now, ie samba3
+ openldap. Then would be, Samba4 (without AD DC) + openldap. Would that be?

On Sat, Dec 6, 2014 at 11:56 AM, Marc Muehlfeld <mmuehlfeld at samba.org>
wrote:

> Hello Elias,
>
> Am 06.12.2014 um 14:44 schrieb Elias Pereira:
> > We already have a Openldap in production, with a samba3. What I am
> wanting
> > to do is install the Samba4, and still continue to use the "openldap" for
> > authentication of users in various services that are operating.
> >
> > You think it's possible?
>
> Depends on what your exact plan on this is. You're still not very
> detailed. ;-)
>
>
>
> 1.) If you do the classicupgrade to Samba AD then all your workstations
> will use the Samba AD for authentication. You have to turn off your
> Samba PDC service then. Of course, you can keep the openLDAP to
> authenticate other services against. But this is a separate database and
> passwords won't change in openLDAP, if users do in AD.
>
> This would be a way for a slower migration to Samba AD and hooking up
> the other services to AD afterwards (with the disadvantage of e. g. the
> passwort situation).
>
>
>
> 2.) If you're having other services, that should not contact DCs
> directly (like hosts in DMZ), you can use the openLDAP proxy
> documentation from the Wiki.
>
>
>
> 3.) If you don't want/need to move to Samba AD, then simply upgrade as
> usual and continue running Samba as NT4 PDC. Samba 4 doesn't require to
> migrate to AD:
>
> https://wiki.samba.org/index.php/Updating_Samba#Common_misconceptions_about_Samba_4
>
>
>
> If this doesn't answer you question, then please give a comprehensive
> overview about your current setup, the setup you plan to get and about
> your environment. This would make it easier to help, instead of
> guessing. ;-)
>
>
>
>
> Regards,
> Marc
>



-- 
Elias Pereira

More information about the samba mailing list