Klebanov, Lev
2004-Dec-13 16:56 UTC
[Samba] Simple Samba connection question to new Active Directory
Hello all! I currently have a small Windows NT 4 domain (named OLD_NETWORK). All files are stored on a UNIX server (running Solaris) running Samba 2.2. Runs perfect. No problems. Samba's only job in my network is JUST TO STORE AND SERVE OUT FILES to PCs. Samba does not run as a PDC. Merely validates valid users to get their files off UNIX server. I believe this is the simplest possible Samba scenario! I am going to join a neighboring departement's new Active Directory (named NEW_NETWORK). I already merged one PC and one user into the new AD using Microsoft's Active Directory Migration Tool. The user and computer migrated perfectly. The user logs onto the new AD (NEW_NETWORK) and can get their files off UNIX server via Samba just as before. Perfect! It's like nothing has changed! But what will happen when I turn off the OLD_NETWORK NT 4 servers??? I assume the users I migrated will still be able to access their files right (I can just pull the network cables from OLD_NETWORK to test that out)? Also, with OLD_NETWORK turned off, how will I be able to add a new user and still have Samba let them in to read/write files on UNIX server? Right now Samba is currently validating users by looking at the PDC of OLD_NETWORK. Can I change how Samba validates users? Maybe I can list them out user by user for Samba? HELP! Thanks, Keith Rochester, NY
Spike Burkhardt
2004-Dec-14 16:32 UTC
[Samba] Re: Simple Samba connection question to new Active Directory
Lev,> > > Hello all! > I currently have a small Windows NT 4 domain (named OLD_NETWORK). > All files are stored on a UNIX server (running Solaris) running > Samba 2.2. Runs perfect. No problems. Samba's only job in my network is JUST > TO STORE AND SERVE OUT FILES to PCs. Samba does not run as a PDC. Merely > validates valid users to get their files off UNIX server. > I believe this is the simplest possible Samba scenario!Agreed!> > I am going to join a neighboring departement's new Active Directory > (named NEW_NETWORK). > I already merged one PC and one user into the new AD using > Microsoft's Active Directory Migration Tool. The user and computer migrated > perfectly. The user logs onto the new AD (NEW_NETWORK) and can get their > files off UNIX server via Samba just as before. Perfect! It's like nothing > has changed! > But what will happen when I turn off the OLD_NETWORK NT 4 servers??? > I assume the users I migrated will still be able to access their > files right (I can just pull the network cables from OLD_NETWORK to test > that out)?I'll make some assumptions here. 1. First is that the samba server is the same server in NEW_NETWORK as in OLD_NETWORK. 2. All accounts in OLD_NETWORK have been migrated to AD realm on NEW_NETWORK. 3. Authentication and authorization are currently done on the NT4 servers. 4. Authentication and authorization will be done on the AD servers. When you turn off the NT 4 servers, you will need to change the smb.conf file to reflect the new AD stuff. For instance, you'll need to point to the new password server; specify the AD realm (realm = xxx) and the workgroup the server is in.> > Also, with OLD_NETWORK turned off, how will I be able to add a new > user and still have Samba let them in to read/write files on UNIX server?Don't know. In our environment, a new user get's an account created on the AD server and then on the samba server. Both are manual processes.> > Right now Samba is currently validating users by looking at the PDC > of OLD_NETWORK. > Can I change how Samba validates users? Maybe I can list them out > user by user for Samba?See above. If validation will occur on the AD server, smb.conf will need to get modified. I have tested validating to a NT server on a AD network with no issues at all. Samba is simply amazing! HTH. spike> > HELP! > > Thanks, > Keith > Rochester, NY > > ------------------------------------------------------------------------