[Samba] LDAP/PDC migration to Samba4

Andrey Repin anrdaemon at yandex.ru
Sat Jul 19 19:05:55 MDT 2014

Greetings, Marc Muehlfeld!

> Installing an additional Samba NT4-style BDC is some work. But there is
> many documentation about that on the internet. Some you can find here
> (don't know if it's outdated meanwhile):
> https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html

Bookmarked :) thanks.

> But maybe the following can be an easier way to bring your Samba to
> 64-bit: When I remember right, then a PDC-BDC installation requires
> LDAP. If you already having an LDAP backend, then most of your data is
> already in a good place for a 32-/64-bit migration.

Yes, I'm running over LDAP backend. (Made my life alot easier, allowing me
transparent authentication in many places beside Samba!)

> You could install a new machine with x86_64 and tell it to use your LDAP
> again. If it was on the old 32-bit host, then export it (slapcat) and
> import it on the new one (slapadd).

> Depending on what else was in your 32-bit Samba installation, you maybe
> don't have to do much more. The TDBs on the new host will be recreated.
> If your old Samba server wasn't acting as a printserver with
> preconfigured drivers, this shouldn't be a big problem. Because in that
> case the settings are stored in the registry.tdb.

So, what you suggest, is... dump LDAP database, import it on the new server,
and just switch cases?
That won't work, I'm afraid. The server constantly in use, including remote
clients. I want the downtime to be as low as possible.

>> When all that done, I want to enable AD support. Ultimate goal is to have
>> selectable roaming user profiles and full support for Win7 in domain
>> environment.

> You can't simply "enable" AD support. You have to do a classicupgrade
> and migrate your NT4-style domain to an AD domain.

Thanks, that makes sense.

> But before you do all that work with a BDC and later a migration to
> Samba AD: Do you have the change to directly migrate to Samba AD? You could
> prepare everything on a new 64-bit host, copy everything you need and do the
> migration. 

> Of course this needs intensive testing and maybe adapting other services
> as well. But your BDC way also does.

> So maybe it's worth copying your 40 GB HDD to a larger disk to play for
> time and then do the step to AD next. It will allow managing Win7
> clients with GPO and bring you many other benefits.

I already have a test copy of the network in VM's, so I'm prepared... kind of.
As I said, the server is in use most of the time, and when I need to
experiment, making changes on live server is not an option. :)
All preliminary testing is done in isolated environment.

> BTW: What Samba version do you run on your old host?

# smbd --version
Version 3.0.28a

....it's REALLY old system.

Andrey Repin (anrdaemon at yandex.ru) 20.07.2014, <04:56>

Sorry for my terrible english...

More information about the samba mailing list