[Samba] Migration to samba4 ad and sync to openldap.
Rowland Penny
rpenny at samba.org
Thu Apr 4 20:18:53 UTC 2019
On Thu, 4 Apr 2019 14:09:18 -0500
John McMonagle via samba <samba at lists.samba.org> wrote:
> I managed to do migration using "classicupgrade".
> Doing tests with debian buster 2:4.9.4+dfsg-4.
> For the moment using samba internal dns and sub-domain of
> ad.advocap.org. Had issue forwarding dns if I used main domain.
Please define 'forwarding'. Your DC needs to be authoritative for its
dns domain, so all that it should forward is anything outside its own
dns domain.
> It did not migrate a lot of attributes that are in active directory.
> The most important one to us is "mail"
> Others by ldap account manager names:
> User name
> First Name
> Last Name
> I'm sure there are others.
The upgrade only migrates the attributes really required by AD, you
will have to script any others you require.
> Does the domain administrator account give me access to everything in
> ldap?
Yes
> Lam sort of works.
> I'm using the domain administrator account to authenticate.
> Is that the correct?
You can also use users that are members of 'Administrators', 'Domain
Admins' or any other group you have delegated privileges to.
>
> The lam site gives very little info on setup.
You need 'Windows (windowsUser)(*)' & 'Unix (posixAccount)' for users,
'Windows(windowsGroup)(*)' & Unix (windowsPosixGroup) for groups
on the Accounts type tab you need:
#sAMAccountName;#givenName;#sn;#uidNumber;#gidNumber for users
#cn;#gidNumber;#member;#description for groups
Rowland
More information about the samba
mailing list