[Samba] Accessing external LDAP for classicupgrade
Robert Moskowitz
rgm at htt-consult.com
Fri Sep 18 12:36:32 UTC 2015
On 09/18/2015 05:19 AM, Andrew Bartlett wrote:
> On Thu, 2015-09-17 at 17:02 -0400, Robert Moskowitz wrote:
>> I am reading the LDAP portion of:
>>
>> https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_domain_to_a_Sa
>> mba_AD_domain_%28classic_upgrade%29
>>
>> The second route may not work for me. When I ran slapcat on the
>> ClearOS
>> system I got:
>>
>> # slapcat > ldap.backup.ldif
>> 55fb2665 The first database does not allow slapcat; using the first
>> available one (2)
>>
>> and very little in the backup file.
>>
>> So since the LDAP backend on the old server is only used for the
>> classicupgrade, this looks interesting, but...
>>
>> What ldap.conf and smb.conf to I set up to retreive the information
>> from
>> the old LDAP backend host? That is not clear. I would have to start
>> afresh (going to anyway) to see what a fresh system looks like with
>> these two files. On the ClearOS system, the ldap.conf says:
>>
>> # cat smb.ldap.conf
>> # Please do not edit - this file is automatically generated.
>>
>> passdb backend = ldapsam:ldap://127.0.0.1
>> ldap admin dn = cn=manager,ou=Internal,dc=home,dc=htt
>> ldap group suffix = ou=Groups,ou=Accounts
>> ldap idmap suffix = ou=Idmap
>> ldap machine suffix = ou=Computers,ou=Accounts
>> ldap passwd sync = No
>> ldap suffix = dc=home,dc=htt
>> ldap user suffix = ou=Users,ou=Accounts
>> ldap connection timeout = 8
>> ldap ssl = Off
>>
>> On my new AD, I would use the IP address of the old server (they have
>> the same fqdn, but different DNS servers in different networks, but
>> IP
>> reachable). Plus make sure the ldap port is open; it should be
>> already.
> Just change the 'passdb backend' line in the smb.conf to point to your
> old server. In general we will only read it, but the backup process is
> there to make sure.
So you are saying that on my Samba4 AD system, I setup ITS
/etc/ldap/ldap.conf to be the same as my ClearOS, at least for the
classicupdate, but to point the 'passdb backend' to it. I will give
that a test by deleteing (per the wiki) what the prior run of
classicupdate did and try with this then report back. Save the total
rebuild after I learn how to also get the machines over. Profiles is
'just' a matter of rsyncing a LOT of files.
More information about the samba
mailing list