[Samba] Samba3 to Samba4 migration: Databases and backend.
beauclaira at lexum.com
Fri Mar 7 12:08:40 MST 2014
Sorry for the last reponse, I have been quite busy.
>What in the
>https://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO page made you feel line importing from OpenLDAP wasn't supported? It seems pretty clear to me, so I'm at a loss how >to improve it.
I meant that the HOWTO page actually led me to believe it WAS supported, but the other 3 links did not, hence my confusion. Thanks for the clarification.
>Figure out how to have slapd installed on your new system, or point the
>smb.conf to your old LDAP server over ldaps://
I will try do so, thank you!
----- Original Message -----
From: "Andrew Bartlett" <abartlet at samba.org>
To: "Alexandre Beauclair" <beauclaira at lexum.com>
Cc: samba at lists.samba.org
Sent: Tuesday, March 4, 2014 10:31:48 PM
Subject: Re: [Samba] Samba3 to Samba4 migration: Databases and backend.
On Tue, 2014-03-04 at 10:53 -0500, Alexandre Beauclair wrote:
> Hi Andrew,
> Thank you for the reply!
> >The tool is 'samba-tool domain classicupgrade'. See
> >This handles users, groups and passwords. We would like to see this
> >tool extended to handle other attributes often set in LDAP, either by
> >somehow invoking the samba3sam ldb module (it is a mapping module we
> >have already written), or (perhaps more flexibly) invoking a easily
> >modified mapping function on the python script.
> Upon reading this, I found out I forgot to mention that our Samba4 installation will be on another new server.
> If my understanding is correct, this tool is only used when doing an "in-place" upgrade?
> Can it be used when trying to migrate the data to a new server as well?
Yes. This is trivial for tdb-based installations, and harder for LDAP
based installs, because you have to get to LDAP.
> What we are currently trying to do, is install Samba4 on a new server
> (we are using the SerNet packages), and then try to import all the
> necessary data from OpenLDAP, Kerberos and our DNS on it.
> The thing is, we first installed the Sernet packages, and then would
> appear there is a conflict when trying to install OpenLDAP, and it
> would not let us install it. It seems like sernet-samba-ad and
> openldap are mutually exclusive.
That is a packaging bug, or a need to understand installing but not
configuration a debian package. I was surprised too when installing
slapd started it, but don't know my debian well enough to prevent
While if both running they would choose the same port, the way you want
to invoke slapd in this case is to run that before Samba starts for the
first time, preferably only on a unix domain socket.
> >Can you give me the links you found to be confusing? I would like to
> >clarify them.
> Sure thing!
> Back when I started reading on the migration process, this is the
> first page I ran into. It mentionned a way to migrate from an OpenLDAP
> backend, and I thought it was supported since it was in the Samba
> Wiki. Then when I wasn't able to install
> OpenLDAP after getting the Sernet Packages, I wondered how it would be
> possible to slapadd the backup.ldif file (since OpenLDAP wasn't there,
> hence no slapadd).
> I then read in these links that using an OpenLDAP is not recommended.
> This is when we decided to stick Samba4's builtin database, and
> wondered if importing the data from OpenLDAP would be possible. Now I
> realize some of this information might be out of date, but I'm not
> sure where to start to validate which is still valid or not.
What in the
https://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO page made you feel line importing from OpenLDAP wasn't supported? It seems pretty clear to me, so I'm at a loss how to improve it.
> What would then be the recommended way for us to proceed? We would simply want to consolidate everything under Samba4 on a new server while preserving the current data we have.
Figure out how to have slapd installed on your new system, or point the
smb.conf to your old LDAP server over ldaps://
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba