|
Replacing a Windows Domain Controller with a Linux:OpenLDAP importing from Windows AD
I am trying to import Active Directory data from a Windows domain controller into an OpenLDAP server. The goal is to replace the Windows DC with a Linux server. I have searched around on the web and not found a blog/walkthru/cookbook post on how to do this. It seems like a common task. If OpenLDAP is not the right product, please tell me the right one and point me at a walkthru.
This needs to support 2K data (i.e. group policy), not just the NT 4 Domain controller functions. As an alternative, if there is a way to create group policy within a Linux based system Domain Controller, that would be sufficient for a proof of concept to the boss for getting Linux to replace Windows as a server. And I can manually recreate the group policies in the Linux environment. The critical thing is that it needs to work without installing new stuff on the client. Again, please point me at a walk thru for doing this (or post one as a reply) |
If I remember right Group policies are only vaild for Windows 2000 servers and windows 2003 server. Microsoft uses their on ldap modified software.
As for the transfer of users you may want to look into replicating information. It may be able to be done. Openldap will be your best bet though. try this it may help. http://enterprise.linux.com/article....id=101&tid=100 |
Quote:
|
Folks,
Thanks for the suggestions. Samba-4 is still too early in development to be useful. I haven't yet gotten OpenLDAP to be able to import a microsoft schema. There are a number of variances from the spec (some of which M$ documents) and thus the core.schema is not able to be used. No one seems to have successfully replicated AD with group policy with OpenLDAP. |
Man,
This is my opinion and strictly my opinion. If I were your boss I wouldn't feel comfortable with replacing such a critical part of my technology infrastructure with a technology that my staff doesn't feel comfortable supporting. I'm not sure how large your environment is, but that is a really risky migration, especially if you're not totally comfortable with it. NOW, with that said, I'll admit, when I read the opening post, I was very intrigued :) I've been sysadmin'ing Windows environments for a while now and just recently dived into the Linux swimming pool. The more I use it, the more I am amazed of what it can do (particularly the Samba technology!) Good luck with your project, definitely keep us posted on it |
After reading zer0hmz post I say that he made a rather good point. This is going to be done in a test environment first right. I personally never do things in a live environment before it is tested, retested and I am happy with the results.
|
Yes folks, test environment first. I have a small separate net that I am going to clone the Windows server on, remap machines in a slow progress to check scaling. Proof of Concept first, then cut over. Linux to Linux I understand, Linux to Windows Server is well documented, Windows to Windows works (but crashes far too often). But putting the Linux box in its proper role (IMHO) as the reliable invisible server has so far eluded me. Linux+Apache is far superior to Windows+IIS. Old Samba as a file server works well. Its the AD functions that elude me.
|
hello maybe this help you, but you have to pay...:twocents:
h??p://nitrobit.com |
Thank you so much for the pointer. It looks promising. It is not free, but sometimes pay solutions that leverage open source are the best option. It uses OpenLDAP on the back end.
|
Hey, any updates on this thread ?
I am trying to do the same thing and found something worth having a look OpenLDAP with Linux and Windows |
Actually, that's pretty old 'August 5th, 2002' & Samba TNG (precursor to v3) and ldapv1.2.
Still a good read though. This is Samba 3 http://www.linuxhomenetworking.com/w...nux,_and_Samba & LDAP v2 http://www.linuxhomenetworking.com/w...DAP_and_RADIUS |
This will help you just follow the instructions it works like a charm
http://www.howtoforge.com/centos-5.x...h-ldap-backend |
have you looked at Resara Server? its a free/open source Linux domain controller based on samba4, its been around for a year now and seems to be developing a following.
|
|
Quote:
|
| All times are GMT -5. The time now is 08:47 AM. |