On Thu, 2012-12-13 at 16:54 +0100, andreas wrote: > Hello, > > we, a public hospital, would like to migrate to samba4 from our samba3.x > environment. According to the documentation samba4 does use a internal ldap > server. > > We use openLDAP as directory for > samba > horde > Oracle name resolution > zope user authentication, > Checkpoint Firewall authentication (only few users ), > squid proxy authentication, > logon authentication to our linux servers, > logon authentication to our enterasys switches via freeradius
This will be a long process, and one that will probably benefit from the extension of some of our scripts, or the writing of additional scripts. You can of course continue using the 'classic' domain you already have with Samba 4.0, but without the AD features, while you prepare the upgrade. Specifically, the 'samba-tool domain classicupgrade' tool does not currently pick up the additional attributes, and doesn't know how to import the additional schema that may be required in any case. You will have to convert the schema to AD format, load it and then add the attributes back on to the users/groups/hosts. Other attributes don't make sense in an AD environment, where things like the shadowExpires attributes are instead handled by Samba's internal account expiry code. I would like to work with you, not only if you do manage to improve our scripts, but also to share your experiences so that others in a similarly complex situation can get some guideance. I'm sorry this isn't as simple as we would prefer, but I'm sure we can work something out. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
