[Samba] [samba] OpenLDAP proxy to samba4 AD
Rowland Penny
rowlandpenny at googlemail.com
Sat Dec 6 09:23:27 MST 2014
On 06/12/14 16:12, Elias Pereira wrote:
> I greatly appreciate the answers. Are of great value to me and to
> others who like me do not have much experience.
>
> Another question. :D
>
> I believe that we will use debian as distribution for the new Samba4.
> What I need to copy from the old to the new distro?
>
> On Sat, Dec 6, 2014 at 12:49 PM, Rowland Penny
> <rowlandpenny at googlemail.com <mailto:rowlandpenny at googlemail.com>> wrote:
>
> On 06/12/14 14:32, Elias Pereira wrote:
>
> Hello Marc,
>
> I appreciate your response, as well as the other members.
> Reading your
> answer, I believe I found what I wanted. Option 3, the
> principle is what I
> need right now. I'll try to explain.
>
> Today in production, we have the samba3 + openldap. The samba3
> is installed
> on a freebsd, but has some problems that we can not detect. My
> boss does
> not want to drop the openldap now. We have discussed about it,
> and he does
> not want. :D
>
> Let's get this straight. What you say under option 3, can I
> upgrade to
> Samba4 and continue using openldap the same way we are using
> now, ie samba3
> + openldap. Then would be, Samba4 (without AD DC) + openldap.
> Would that be?
>
> On Sat, Dec 6, 2014 at 11:56 AM, Marc Muehlfeld
> <mmuehlfeld at samba.org <mailto:mmuehlfeld at samba.org>>
> wrote:
>
> Hello Elias,
>
> Am 06.12.2014 um 14:44 schrieb Elias Pereira:
>
> We already have a Openldap in production, with a
> samba3. What I am
>
> wanting
>
> to do is install the Samba4, and still continue to use
> the "openldap" for
> authentication of users in various services that are
> operating.
>
> You think it's possible?
>
> Depends on what your exact plan on this is. You're still
> not very
> detailed. ;-)
>
>
>
> 1.) If you do the classicupgrade to Samba AD then all your
> workstations
> will use the Samba AD for authentication. You have to turn
> off your
> Samba PDC service then. Of course, you can keep the
> openLDAP to
> authenticate other services against. But this is a
> separate database and
> passwords won't change in openLDAP, if users do in AD.
>
> This would be a way for a slower migration to Samba AD and
> hooking up
> the other services to AD afterwards (with the disadvantage
> of e. g. the
> passwort situation).
>
>
>
> 2.) If you're having other services, that should not
> contact DCs
> directly (like hosts in DMZ), you can use the openLDAP proxy
> documentation from the Wiki.
>
>
>
> 3.) If you don't want/need to move to Samba AD, then
> simply upgrade as
> usual and continue running Samba as NT4 PDC. Samba 4
> doesn't require to
> migrate to AD:
>
> https://wiki.samba.org/index.php/Updating_Samba#Common_misconceptions_about_Samba_4
>
>
>
> If this doesn't answer you question, then please give a
> comprehensive
> overview about your current setup, the setup you plan to
> get and about
> your environment. This would make it easier to help,
> instead of
> guessing. ;-)
>
>
>
>
> Regards,
> Marc
>
>
>
>
> Hi, it might help if you read this:
> https://wiki.samba.org/index.php/Samba_Readme_First
>
>
> Note to Marc, can we put a link to this on main wiki page ? the
> page seems to be protected.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
>
>
> --
> Elias Pereira
If you going to just update like for like on a new machine i.e. run
samba4 in classic mode with OpenLDAP, then you will only really need the
smb.conf (though this may require tweaking) and an ldif dump from your
old ldap. Set up your new machine, set up samba, set up OpenLDAP and
import your ldif and you should be good to go. However if your old
machine is a PDC, then you will probably be better setting your new
machine up as a BDC, then remove the PDC and make the BDC the PDC when
everything is running ok.
Rowland
More information about the samba
mailing list