Re: [Samba] migrate several samba3+openldap pdc to samba3
- Date: Mon, 19 Feb 2018 16:44:48 +0100
- From: Marco Gaiarin via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] migrate several samba3+openldap pdc to samba3
Mandi! Guido Lorenzutti via samba
In chel di` si favelave...
> Hi there! I have one domain, shared between several samba3+openldap
> on different geographical locations. I want to migrate them to samba4.
'Same' domain, or every geographical location have different domains,
trusted each others?
I'm in the same phase, but i've different domains for every site.
> I was able to successfully migrate the domain in a
> test environment.
Consider, i'm doing now, not to migrate domains, but instead build the
new domain ''in parallel'' with the old.
As just stated:
+ 'classicmigration' works, but leave an IdMap ''dirty'', and with
problematic low ID
+ you still need to have, for every site, (at least) a domain controller
and (at least) a domain member: it is theoretically doable, but it
is preferrable to split DM/DC role in different box.
Corollary: consider to switch to virtualization, like Proxmox.
With old and new domain in place, you can switch users/PC from the old
to the new also ''one by one''.
If login and password are the same (see later) you can also access the
old server from the new domain.
> Any idea to gradually migrate
> every location without having the problem that since I made the first
> migration, there have probably been changes in passwords, creations of
> users, etc?
a) project and setup the new domain; test it. Start to use GPO and that
b) build a script su ''suck'' users from old OpenLDAP to new AD; i've
done one myself, i can contribute, but it is really a matter of some
c) build a wrapper around the 'samba-tool user syncpasswords' (for
samba AD) and the 'check password script' (for samba NT) to keep
password in sync.
I hope i was useful.
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
To unsubscribe from this list go to the following URL and read the