Web lists-archives.com

[Samba] Migration to samba4 ad and sync to openldap.

We are currently running samba3 nt4 domain controllers using smb-ldap-tools.
We want to convert to samba4 ad so we can run new versions of windows server.

I know of:

But that would break us by moving all ldap to the ad ldap.
We have lot's of stuff in ldap.
Currently administer using ldap account manager.
We are in 5 cities and about 95% linux.
Have 7 openldap servers controlling everything.
Have just 3 nt4 domain controllers and only 3 windows servers on the domain.
We have no windows workstations on the domain.
All workstations are linux ltsp and all windows is done via rdp.

Getting rid of the openldap is too painful to contemplate.
Even if I was willing to more all the authentication and authorization stuff to ad would still need openldap.

Seen references to solutions to sync ad to openldap like:

Suspect there are other ways to attack the problem.
I'm willing to live with the issue of not being able to sync passwords from kerberos -> ldap.
May switch to kerberos for authentication at some point.

I have set up a lab environment to test migration.
I have not seen any cook book solutions.
Ready test migration but not sure what to do next.

Any suggestions are appreciated.


John McMonagle
IT Manager
Advocap Inc.

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba