Are there any gotcha's..... I am currently using winbindd and very successfully integrating my Samba boxes with the NT4 domain structure. The admin who is doing the migration (A corporate person not used to Linux at all) is already nervous about the migration since it involves Linux. Usernames are not supposed to change..but, the authentication domain is going to be a completely new one. Any and all help is greatly appreciated. Thanks, Mike Barber WPTZ/WNNE
write abt ur needs.... sure, the solutions will be there.. it will be helpful.. if u can explain the corrent configuration.. regards jerrynikky. On 3/1/06, MJBarber@hearst.com <MJBarber@hearst.com> wrote:> Are there any gotcha's..... > > > I am currently using winbindd and very successfully integrating my Samba > boxes with the NT4 domain structure. The admin who is doing the migration > (A corporate person not used to Linux at all) is already nervous about the > migration since it involves Linux. > > Usernames are not supposed to change..but, the authentication domain is > going to be a completely new one. > > Any and all help is greatly appreciated. > > Thanks, > Mike Barber > WPTZ/WNNE > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba >
Frankly, I am not quite sure what those needs will be yet. I am not in control of the project, just the samba servers are mine. A few more details though. Wins will stay, 2 separate NT4 domains that previously had a trust configured will be merged, Usernames will stay the same (for the most part.. A few tweaks will be made but all of that will be finished before the actual migration starts), Computer names will stay the same (again except for a few ..), The AD domain already exists except I am not a part of it, nor am I an administrator within the new domain (at least not yet), ...will have to see if I can do some early testing on it. I will not be using cups. I will be mapping users home directories. There will be group based shares setup (accounting group is only group with access to \\server\accounting) What else should I add?... Many thanks, Mike Barber -----Original Message----- From: samba-bounces+mjbarber=hearst.com@lists.samba.org [mailto:samba-bounces+mjbarber=hearst.com@lists.samba.org] On Behalf Of updatemyself . Sent: Wednesday, March 01, 2006 5:30 PM To: Michael J Barber Cc: samba@lists.samba.org Subject: Re: [Samba] Migration from NT4 to W2K3 AD write abt ur needs.... sure, the solutions will be there.. it will be helpful.. if u can explain the corrent configuration.. regards jerrynikky. On 3/1/06, MJBarber@hearst.com <MJBarber@hearst.com> wrote:> Are there any gotcha's..... > > > I am currently using winbindd and very successfully integrating my > Samba boxes with the NT4 domain structure. The admin who is doing the > migration (A corporate person not used to Linux at all) is already > nervous about the migration since it involves Linux. > > Usernames are not supposed to change..but, the authentication domain > is going to be a completely new one. > > Any and all help is greatly appreciated. > > Thanks, > Mike Barber > WPTZ/WNNE > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba >-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
On 3/1/2006 7:09 AM, MJBarber@Hearst.com wrote:> Are there any gotcha's..... > > > I am currently using winbindd and very successfully integrating my Samba > boxes with the NT4 domain structure. The admin who is doing the migration > (A corporate person not used to Linux at all) is already nervous about the > migration since it involves Linux. > > Usernames are not supposed to change..but, the authentication domain is > going to be a completely new one. > > >If the domain is going to be a completely new one, let's hope that your admin is using the Active Directory Migration Tool from Microsoft, as that will make his job a whole lot easier. If the ADMT is used, it has the ability to "preserve SID history" (an exercise for the reader to find out what that means) which is helpful in some circumstances. Also, the ADMT provides tools for migrating Windows workstations; those tools migrate ACLs on shares and the filesystem, user rights, and move the workstation to the new domain. Now on to the Linux/Samba portion of things... There is an inherent issue in migrating to a new domain: SIDs. They WILL change. If you are using ACLs on your Linux filesystem, or if your Samba server caches user account information from the domain controller, you may run into issues there with the SID and with the user's logon domain being the old one. Nevertheless, you'll have to disjoin the old domain and rejoin the new one, updating your smb.conf, resolv.conf, hosts file, etc. to reflect the new environment. I have performed NT4/PDC-Win2k3/ADS migrations before (using ADMT), and even Samba/PDC-Win2k3/ADS migrations using ADMT, but none of those environments have included Samba/member servers, so this is uncharted territory for me. It's probably something I need to learn about. ~Jonathan Johnson Sutinen Consulting, Inc. www.sutinen.com