[Samba] FW: LDAP getent issues
Rowland Penny
rpenny at samba.org
Sun Apr 8 11:06:58 UTC 2018
On Sun, 8 Apr 2018 10:39:41 +0000
Praveen Ghimire <PGhimire at sundata.com.au> wrote:
> Hi Rowland,
>
> If we need to shut the NT4 PDC down after the migration it makes a
> lot of sense to separate the roles of the existing NT4 PDC. Hence why
> we are adding a new Samba box with a view that it becomes the PDC and
> the existing PDC become a member server. The main reasons is that it
> has a lot of files which cannot be moved easily.
There you go, I said don't refer to an AD DC as a PDC and the first
thing you do, call an AD DC a PDC.
A PDC and an AD DC are TOTALLY different things, what you have at the
moment is a PDC, what you will end up with, after the classicupgrade,
is an AD DC. If you then add another DC to the AD domain, you will not
have a PDC and a BDC, you will have TWO DCs. All DCs are equal EXCEPT
for the FSMO roles (there are 7 of these) and these can be shared out
amongst your DCs. You could have seven DCs, each holding a FSMO role
and whilst one of the roles is the 'PDC emulator role', NONE of the DCs
would be a PDC, they would all just be DCs.
>
> So the question is with the new PDC we stick with TDB? Separate the
> roles, migrate to AD and shut the PDC down. Then join the member
> server to AD.
>
Not a problem. I take it your users and groups have uidNumbers &
gidNumbers, so set up the old PDC as a Unix domain member using the
winbind 'ad' backend.
Rowland
More information about the samba
mailing list