[Samba] Migration to samba4 ad and sync to openldap.
John McMonagle
johnm at advocap.org
Tue Mar 19 16:03:12 UTC 2019
We are currently running samba3 nt4 domain controllers using smb-ldap-tools.
We want to convert to samba4 ad so we can run new versions of windows
server.
I know of:
https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade)
But that would break us by moving all ldap to the ad ldap.
We have lot's of stuff in ldap.
Currently administer using ldap account manager.
We are in 5 cities and about 95% linux.
Have 7 openldap servers controlling everything.
Have just 3 nt4 domain controllers and only 3 windows servers on the domain.
We have no windows workstations on the domain.
All workstations are linux ltsp and all windows is done via rdp.
Getting rid of the openldap is too painful to contemplate.
Even if I was willing to more all the authentication and authorization
stuff to ad would still need openldap.
Seen references to solutions to sync ad to openldap like:
https://lsc-project.org/documentation/howto/activedirectory
Suspect there are other ways to attack the problem.
I'm willing to live with the issue of not being able to sync passwords
from kerberos -> ldap.
May switch to kerberos for authentication at some point.
I have set up a lab environment to test migration.
I have not seen any cook book solutions.
Ready test migration but not sure what to do next.
Any suggestions are appreciated.
John
--
John McMonagle
IT Manager
Advocap Inc.
More information about the samba
mailing list