Olivier Navas
2004-Dec-24 10:25 UTC
[Samba] Replacement of a windows 2000 PDC with active directory by samba/LDAP
Hi I'm currently working on a project aiming at replacing all windows servers (about 20) in my company by linux servers. Some of these windows servers are windows 2000 domain controlers (one PDC and few BDCs) with active directory. We have about 900 client windows 2000 workstations and about 2/3 of them are domain members. Our goal is to replace the windows servers that are domain controlers by samba servers, and of course, to avoid as much as possible a migration of the windows workstations because that would be a very long and human resource intensive task. Reading the samba documentation, I understand that samba 3 can act roughly like a windows NT 4 PDC, but not like an active directory server. My first conclusion is that our windows domain will probably have to "downgrade" to a "NT 4 like" domain, but I don't really know what impact this will have on windows 2000 workstations. So these are my questions: - Will we be able to achieve the replacement of the windows 2000 PDC et BDCs without any action on windows workstations ? Or should we prepare for bad days of workstations migration ? - Does anybody have a similar experience ? Thanks for your help. -- Olivier Navas Groupement Informatique et T?l?communications SDIS 33
Andrew Bartlett
2005-Jan-02 02:41 UTC
[Samba] Replacement of a windows 2000 PDC with active directory by samba/LDAP
On Fri, 2004-12-24 at 11:24 +0100, Olivier Navas wrote:> Hi > > I'm currently working on a project aiming at replacing all windows > servers (about 20) in my company by linux servers. Some of these windows > servers are windows 2000 domain controlers (one PDC and few BDCs) with > active directory. We have about 900 client windows 2000 workstations and > about 2/3 of them are domain members.Is this a native mode, or mixed mode domain?> Our goal is to replace the windows servers that are domain controlers by > samba servers, and of course, to avoid as much as possible a migration > of the windows workstations because that would be a very long and human > resource intensive task.Indeed!> Reading the samba documentation, I understand that samba 3 can act > roughly like a windows NT 4 PDC, but not like an active directory > server. My first conclusion is that our windows domain will probably > have to "downgrade" to a "NT 4 like" domain, but I don't really know > what impact this will have on windows 2000 workstations. > > So these are my questions: > - Will we be able to achieve the replacement of the windows 2000 PDC et > BDCs without any action on windows workstations ? Or should we prepare > for bad days of workstations migration ?This very much depends, native mode domains are very hard to work with, but a mixed mode domain *should* be possible. I've done some investigatory work recently that should allow us to overcome the 'no passwords in vampire' problem, if that turns out to be a blocker. (I have shown in Samba4 how to get the passwords, but samba3 doesn't use this yet). Otherwise, I would suggest just trying it. If you vampire into a distinct test network, then you can take aside a few of your test machines (you have a test network, and test workstations, right?) and see what works, what fails. Andrew Bartlett -- Andrew Bartlett abartlet@samba.org Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20050102/58e97615/attachment.bin