[Samba] Migration of 2 samba3 PDC+OpenLDAP in one new Samba4 AD
Marc Muehlfeld
mmuehlfeld at samba.org
Wed Apr 8 12:04:02 MDT 2015
Hello Pierre,
Am 08.04.2015 um 17:25 schrieb BRIEC, Pierre:
> On Site1, the machines accounts are specifics, same for the Users and
> Groups except 1 group that is common with Site2 (The Teachers).
> Today, each site is independant,
>
> Now, i would like a create a new domain Samba4 AD whith all machines and
> users from site1 and site2 together.
> Then, i would make a replication between the two sites, and add one RODC
> server on each site
RODC support isn't completely working yet. You shouldn't use it atm.
> How can i proceed? The migration tool from samba3 is working fine on each
> site (tested on isolated network)
> Can someone give me some hints about this. I would be happy if the
> migration could be transparent for the machines account, as 90% of the
> Users are deleted in July (i'm IT manager in a school)
AD trust are currently not fully implemented. If they were, then you
chould do the classicupgrade on both domains, create a trust, move
everything into one domain and demote the other.
Because you can't do it that way, you could upgrade the domain which has
more objects (user, machines, groups) and join the workstations from the
other site to it and recreate the users. You can write a script to
export the users on the second site and create them with samba-tool.
What kind of IDmapping are you using on the member servers in the
domains? If the member servers are pulling the UIDs/GIDs from LDAP and
the ID ranges don't overlap with the other domain, then you could really
recreate the users with a script running over an export. This prevents
you from loosing ownership on files.
For more details/ideas, you have to give some more information about the
two backends.
Regards,
Marc
More information about the samba
mailing list