[Samba] LDAP/PDC migration to Samba4

Andrew Bartlett abartlet at samba.org
Sat Jul 19 23:25:00 MDT 2014 

On Sun, 2014-07-20 at 06:47 +0200, Davor Vusir wrote:
> Den 20 jul 2014 03:44 skrev "Marc Muehlfeld" <mmuehlfeld at samba.org>:
> >
> > Am 20.07.2014 03:05, schrieb Andrey Repin:
> > > Yes, I'm running over LDAP backend. (Made my life alot easier, allowing
> me
> > > transparent authentication in many places beside Samba!)
> > >
> > >> You could install a new machine with x86_64 and tell it to use your
> LDAP
> > >> again. If it was on the old 32-bit host, then export it (slapcat) and
> > >> import it on the new one (slapadd).
> > >
> > >> Depending on what else was in your 32-bit Samba installation, you maybe
> > >> don't have to do much more. The TDBs on the new host will be recreated.
> > >> If your old Samba server wasn't acting as a printserver with
> > >> preconfigured drivers, this shouldn't be a big problem. Because in that
> > >> case the settings are stored in the registry.tdb.
> > >
> > > So, what you suggest, is... dump LDAP database, import it on the new
> server,
> > > and just switch cases?
> > > That won't work, I'm afraid. The server constantly in use, including
> remote
> > > clients. I want the downtime to be as low as possible.
> >
> > You could do a two step switch:
> >
> > 1) Install Samba on the new 64-Bit server, copy your configs and change
> > them to use the LDAP on your old host. Stop Samba on the old host and
> > start on the new one. Samba hostname (netbios name) must be the same.
> > The real hostname and IP can differ. This should be a minimal downtime
> > (but of course has to be tested before).
> >
> >
> > 2) Prepare an LDAP server on the new host. Export on the old, import on
> > the new. Adapt the LDAP server IP in smb.conf. This should also be a
> > short downtime.
> >
> >
> 
> Or you could create a new Samba AD DC domain, exploit the trust
> capabilities, copy the user accounts SID to the corresponding accounts
> SID-history in the new domain. Create appropriate access groups and apply
> them on the resources.
> 
> When all is tested and set you migrate the computers.

With the only downside being that none of the above will work.

(sidHistory isn't supported in Samba, trusts are not supported, and
machines would have to be re-joined anyway).

Sorry,

Andrew Bartlett
-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list