Jonathan Johnson
2007-Jun-07 22:00 UTC
[Samba] Migrating from NT4 PDC to Windows 2003 ADS; Samba as member server
Here's the situation. We've got an old NT4 domain (not a Samba domain in NT 4 mode) which we'll call CRUSTY. There is of course an NT4 PDC and several NT4 BDCs. We have some Linux/Samba file servers (Samba 3.0.1) that are member servers (security = domain) of the NT4 domain. We also have several NT4 BDCs and about 200 workstations of varying vintage (2000, XP) in several facilities around the world on a WAN. We are *migrating* to a new Active Directory 2003 domain called SHINY (I am assuming this will imply security = ADS). We don't wish to *upgrade* the NT4 domain. We would like to do the migration a little at a time rather than all at once in order to preserve our sanity. How can we establish a domain trust so that a Samba server that is joined to the CRUSTY domain will allow access for users that are authenticated against the SHINY domain? Is there a better way? (I can RTFM, but I need to know where to look.) -Jonathan Johnson Sutinen Consulting, Inc. www.sutinen.com
Mike Rushton
2007-Jun-08 01:52 UTC
[Samba] Migrating from NT4 PDC to Windows 2003 ADS; Samba as member server
I want to do something simmlar but I don't know how - we have a Win NT 4.0 PDC and a Win NT 4.0 BDC. We got a server - I can not get Linux / Samba to work, and we may use windoze 2k3, but anyway, we have an old domain NT 4.0. Call it OLDDOMAIN . I want to start a new Domain, either Windoze 2K3 or Linux / Samba and slowly move people over. I think my problems stem from not joining the new Linux / Samba Domain properly. I want to start a new Domain on the nework, call it CORPORATE. I want to move the users over to the new domain and of course the data to that server. When I get everyone moved over, I want to shut off the OLDDOMAIN PDC. Is this a viable plan or am I barking up the wrong tree ??? We have a simple environment - under 100 PC's and we never did anyting with Active Directory. All our users are screwed up on the NT machine - when people would leave the company they would just disable the account, so we don't want to bring over these dead accounts -we want to create the good ones on the new machine. In NT if you retire a use you could never use it again, so when John Jones left the company and we retired the account, when we hired Tom Jones, we could not create another user named jones. All screwed up but I want to fix it. Jonathan Johnson wrote: Here's the situation. We've got an old NT4 domain (not a Samba domain in NT 4 mode) which we'll call CRUSTY. There is of course an NT4 PDC and several NT4 BDCs. We have some Linux/Samba file servers (Samba 3.0.1) that are member servers (security = domain) of the NT4 domain. We also have several NT4 BDCs and about 200 workstations of varying vintage (2000, XP) in several facilities around the world on a WAN. We are *migrating* to a new Active Directory 2003 domain called SHINY (I am assuming this will imply security = ADS). We don't wish to *upgrade* the NT4 domain. We would like to do the migration a little at a time rather than all at once in order to preserve our sanity. How can we establish a domain trust so that a Samba server that is joined to the CRUSTY domain will allow access for users that are authenticated against the SHINY domain? Is there a better way? (I can RTFM, but I need to know where to look.) -Jonathan Johnson Sutinen Consulting, Inc. www.sutinen.com
Apparently Analagous Threads
- Domain member, security = ADS|domain and trusts with NT4
- NT4 machine trust breaks on a Samba-BDC
- BUG? 'valid users' doesn't allow groups from trusted domains
- Inclusion of libnss_wins in vendor distros?
- HOW TO: Migrating users' locally-stored profiles from one domain or workgroup to a new domain