Guys, We have a Samba 4 PDC with TDB backend. We're now trying to a BDC so we need to migrate from TDB to LDAP . I've read the Samba documentation which says using tdb in both servers will cause issues. So the question is how do we migrate from TDB to LDAP in the PDC. The setup we are going for is each DC will have LDAP setup. The LDAP servers will then be replicated. Reading the official samba 3 document I found the existing /var/lib/samba needs to be cleaned before LDAP is setup. The following is what the document says. Delete all runtime les from prior Samba operation by executing root# rm /etc/samba/*tdb root# rm /var/lib/samba/*tdb root# rm /var/lib/samba/*dat root# rm /var/log/samba/* Now the obvious question is if we do the above, it will wipe all user data from TDB. So what do we do? Setup openldap, setup all the ssl, base ldifs. What is the next step? The options I have read is pdbedit -i tdbsam to -e ldapsam. But if TDB is wiped how will it populate? The other option is that export the /passwd and /group and convert them to ldif using the "migration tools" .i.e /smbldap-migrate . I think it is called the Idealix tools. Please help. Thank you, Rob
Why do you wan't to switch to NT-Domain with LDAP? Why not change to AD? It is much easier and better for the future Am 31.03.18 um 13:20 schrieb Rob Thoman via samba:> Guys, > > We have a Samba 4 PDC with TDB backend. We're now trying to a BDC so we > need to migrate from TDB to LDAP . I've read the Samba documentation which > says using tdb in both servers will cause issues. So the question is how do > we migrate from TDB to LDAP in the PDC. The setup we are going for is each > DC will have LDAP setup. The LDAP servers will then be replicated. Reading > the official samba 3 document I found the existing /var/lib/samba needs to > be cleaned before LDAP is setup. The following is what the document says. > > Delete all runtime les from prior Samba operation by executing > root# rm /etc/samba/*tdb > root# rm /var/lib/samba/*tdb > root# rm /var/lib/samba/*dat > root# rm /var/log/samba/* > > Now the obvious question is if we do the above, it will wipe all user data > from TDB. So what do we do? Setup openldap, setup all the ssl, base ldifs. > What is the next step? The options I have read is pdbedit -i tdbsam to -e > ldapsam. But if TDB is wiped how will it populate? The other option is > that export the /passwd and /group and convert them to ldif using the > "migration tools" .i.e /smbldap-migrate . I think it is called the Idealix > tools. > > Please help. > > Thank you, > Rob-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20180331/af789a64/signature.sig>
When I migrated from TBD to LDAP I had to write some perl scripts to reformat the data exported from TDB into the correct LDAP structure. The smbldap-migrate tool did not seem available with my distribution. Moving to Samba AD had not been an option because this was still Samba 3 (and AD server support in Samba 4 was still experimental), and I also need LDAP backend for non-samba services. Samba AD didn't support domain trusts (I still think it doesn't completely support them) which also was a deal breaker. On 03/31/18 14:30, Stefan Kania via samba wrote:> Why do you wan't to switch to NT-Domain with LDAP? Why not change to AD? > It is much easier and better for the future > > > Am 31.03.18 um 13:20 schrieb Rob Thoman via samba: >> Guys, >> >> We have a Samba 4 PDC with TDB backend. We're now trying to a BDC so we >> need to migrate from TDB to LDAP . I've read the Samba documentation which >> says using tdb in both servers will cause issues. So the question is how do >> we migrate from TDB to LDAP in the PDC. The setup we are going for is each >> DC will have LDAP setup. The LDAP servers will then be replicated. Reading >> the official samba 3 document I found the existing /var/lib/samba needs to >> be cleaned before LDAP is setup. The following is what the document says. >> >> Delete all runtime les from prior Samba operation by executing >> root# rm /etc/samba/*tdb >> root# rm /var/lib/samba/*tdb >> root# rm /var/lib/samba/*dat >> root# rm /var/log/samba/* >> >> Now the obvious question is if we do the above, it will wipe all user data >> from TDB. So what do we do? Setup openldap, setup all the ssl, base ldifs. >> What is the next step? The options I have read is pdbedit -i tdbsam to -e >> ldapsam. But if TDB is wiped how will it populate? The other option is >> that export the /passwd and /group and convert them to ldif using the >> "migration tools" .i.e /smbldap-migrate . I think it is called the Idealix >> tools. >> >> Please help. >> >> Thank you, >> Rob > > > >