[Samba] [samba] OpenLDAP proxy to samba4 AD

Elias Pereira empbilly at gmail.com
Sat Dec 6 09:44:54 MST 2014


Rowland,

The *openldap* will be the same that is already working on our campus
(technological courses).

I have samba3 on a freebsd, but the samba4 I will switch to Debian.

I believe that in addition to the *smb.conf*, I have to also copy the
following folders:

*/etc/samba/*
*/var/lib/samba/*

Proceeds?

On Sat, Dec 6, 2014 at 2:23 PM, Rowland Penny <rowlandpenny at googlemail.com>
wrote:

>  On 06/12/14 16:12, Elias Pereira wrote:
>
>  I greatly appreciate the answers. Are of great value to me and to others
> who like me do not have much experience.
>
>  Another question. :D
>
>  I believe that we will use debian as distribution for the new Samba4.
> What I need to copy from the old to the new distro?
>
> On Sat, Dec 6, 2014 at 12:49 PM, Rowland Penny <
> rowlandpenny at googlemail.com> wrote:
>
>>  On 06/12/14 14:32, Elias Pereira wrote:
>>
>>> Hello Marc,
>>>
>>> I appreciate your response, as well as the other members. Reading your
>>> answer, I believe I found what I wanted. Option 3, the principle is what
>>> I
>>> need right now. I'll try to explain.
>>>
>>> Today in production, we have the samba3 + openldap. The samba3 is
>>> installed
>>> on a freebsd, but has some problems that we can not detect. My boss does
>>> not want to drop the openldap now. We have discussed about it, and he
>>> does
>>> not want. :D
>>>
>>> Let's get this straight. What you say under option 3, can I upgrade to
>>> Samba4 and continue using openldap the same way we are using now, ie
>>> samba3
>>> + openldap. Then would be, Samba4 (without AD DC) + openldap. Would that
>>> be?
>>>
>>> On Sat, Dec 6, 2014 at 11:56 AM, Marc Muehlfeld <mmuehlfeld at samba.org>
>>> wrote:
>>>
>>>  Hello Elias,
>>>>
>>>> Am 06.12.2014 um 14:44 schrieb Elias Pereira:
>>>>
>>>>> We already have a Openldap in production, with a samba3. What I am
>>>>>
>>>> wanting
>>>>
>>>>> to do is install the Samba4, and still continue to use the "openldap"
>>>>> for
>>>>> authentication of users in various services that are operating.
>>>>>
>>>>> You think it's possible?
>>>>>
>>>> Depends on what your exact plan on this is. You're still not very
>>>> detailed. ;-)
>>>>
>>>>
>>>>
>>>> 1.) If you do the classicupgrade to Samba AD then all your workstations
>>>> will use the Samba AD for authentication. You have to turn off your
>>>> Samba PDC service then. Of course, you can keep the openLDAP to
>>>> authenticate other services against. But this is a separate database and
>>>> passwords won't change in openLDAP, if users do in AD.
>>>>
>>>> This would be a way for a slower migration to Samba AD and hooking up
>>>> the other services to AD afterwards (with the disadvantage of e. g. the
>>>> passwort situation).
>>>>
>>>>
>>>>
>>>> 2.) If you're having other services, that should not contact DCs
>>>> directly (like hosts in DMZ), you can use the openLDAP proxy
>>>> documentation from the Wiki.
>>>>
>>>>
>>>>
>>>> 3.) If you don't want/need to move to Samba AD, then simply upgrade as
>>>> usual and continue running Samba as NT4 PDC. Samba 4 doesn't require to
>>>> migrate to AD:
>>>>
>>>>
>>>> https://wiki.samba.org/index.php/Updating_Samba#Common_misconceptions_about_Samba_4
>>>>
>>>>
>>>>
>>>> If this doesn't answer you question, then please give a comprehensive
>>>> overview about your current setup, the setup you plan to get and about
>>>> your environment. This would make it easier to help, instead of
>>>> guessing. ;-)
>>>>
>>>>
>>>>
>>>>
>>>> Regards,
>>>> Marc
>>>>
>>>>
>>>
>>>
>>  Hi, it might help if you read this:
>> https://wiki.samba.org/index.php/Samba_Readme_First
>>
>>
>> Note to Marc, can we put a link to this on main wiki page ? the page
>> seems to be protected.
>>
>> Rowland
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>
>
>
>  --
> Elias Pereira
>
>
> If you going to just update like for like on a new machine i.e. run samba4
> in classic mode with OpenLDAP, then you will only really need the smb.conf
> (though this may require tweaking) and an ldif dump from your old ldap. Set
> up your new machine, set up samba, set up OpenLDAP and import your ldif and
> you should be good to go. However if your old machine is a PDC, then you
> will probably be better setting your new machine up as a BDC, then remove
> the PDC and make the BDC the PDC when everything is running ok.
>
> Rowland
>



-- 
Elias Pereira


More information about the samba mailing list