[Samba] Migration to samba4 ad and sync to openldap.

John McMonagle johnm at advocap.org
Tue Mar 19 16:03:12 UTC 2019

We are currently running samba3 nt4 domain controllers using smb-ldap-tools.
We want to convert to samba4 ad so we can run new versions of windows 

I know of:

But that would break us by moving all ldap to the ad ldap.
We have lot's of stuff in ldap.
Currently administer using ldap account manager.
We are in 5 cities and about 95% linux.
Have 7 openldap servers controlling everything.
Have just 3 nt4 domain controllers and only 3 windows servers on the domain.
We have no windows workstations on the domain.
All workstations are linux ltsp and all windows is done via rdp.

Getting rid of the openldap is too painful to contemplate.
Even if I was willing to more all the authentication and authorization 
stuff to ad would still need openldap.

Seen references to solutions to sync ad to openldap like:

Suspect there are other ways to attack the problem.
I'm willing to live with the issue of not being able to sync passwords 
from kerberos ->  ldap.
May switch to kerberos for authentication at some point.

I have set up a lab environment to test migration.
I have not seen any cook book solutions.
Ready test migration but not sure what to do next.

Any suggestions are appreciated.


John McMonagle
IT Manager
Advocap Inc.

More information about the samba mailing list