[Samba] Migration to samba4 ad and sync to openldap.

Rowland Penny rpenny at samba.org
Thu Apr 4 20:18:53 UTC 2019

On Thu, 4 Apr 2019 14:09:18 -0500
John McMonagle via samba <samba at lists.samba.org> wrote:

> I managed to do migration using "classicupgrade".
> Doing tests with debian buster 2:4.9.4+dfsg-4.
> For the moment using samba internal dns and sub-domain of
> ad.advocap.org. Had issue forwarding dns if I used main domain.

Please define 'forwarding'. Your DC needs to be authoritative for its
dns domain, so all that it should forward is anything outside its own
dns domain.

> It did not migrate a lot of attributes that are in active directory.
> The most important one to us is "mail"
> Others by ldap account manager names:
> User name
> First Name
> Last Name
> I'm sure there are others.

The upgrade only migrates the attributes really required by AD, you
will have to script any others you require.
> Does the domain administrator account give me access to everything in
> ldap?


> Lam sort of works.
> I'm using the domain administrator account to authenticate.
> Is that the correct?

You can also use users that are members of 'Administrators', 'Domain
Admins' or any other group you have delegated privileges to.

> The lam site gives very little info on setup.

You need 'Windows (windowsUser)(*)' & 'Unix (posixAccount)' for users,
'Windows(windowsGroup)(*)' & Unix (windowsPosixGroup) for groups

on the Accounts type tab you need:

#sAMAccountName;#givenName;#sn;#uidNumber;#gidNumber for users

#cn;#gidNumber;#member;#description for groups


More information about the samba mailing list