[Samba] Migrating Samba NT4 Domain to Samba AD
Rowland penny
rpenny at samba.org
Mon Sep 16 20:01:42 UTC 2019
On 16/09/2019 20:39, Bartłomiej Solarz-Niesłuchowski via samba wrote:
>
> How many AD DC servers are recommended for network my size (600+
> workstations?) 2? 3? more?
At least two, but if you can afford it, more are better.
>
>>>
>>>
>
> linux workstation aren't samba domain member... they use ldap as
> source for passwd and authentication - thru e.g. nslcd
Then join them to the domain, that way you will not need nslcd, the
'getent' example I posted came from a Unix domain member aka Linux
workstation.
>
>
>
>> I am not 100% convinced you need to do anything like this.
>>
>> What do you use the openldap for ?
>>
>> A mailserver or something else ?
> mailserver, ssh, as source of authentication for users for e.g.
> apache, email aliases database for postfix
Louis, can you help here, this sounds right up your street ;-)
You should be able to do most, if not all, of this from AD, for a start
see here:
https://wiki.samba.org/index.php/Authenticating_other_services_against_Samba_AD
>>
>> You may be able to extend the AD schema with whatever it is you are
>> using openldap for.
>
> May I please ssome link how to extend AD schema (I made it on openldap
> but on samba ldap I have no idea how add custom schema)?
>
It is very similar to adding a schema to openldap, you just need the
schema in a format suitable for AD, having said that, you can use
kerberos for ssh without having to extend the schema, for the basics,
see here:
https://wiki.samba.org/index.php/Samba_AD_schema_extensions
Rowland
More information about the samba
mailing list