samba.20.andwin at spamgourmet.com
2014-Mar-20 09:01 UTC
[Samba] Running an NT4 PDC and an ADC side by side
Dear List, I'm planning to migrate an existing Samba 3.4.7 NT4-domain (our.site.com) to a Samba 4.1.6 AD-domain (ad.our.site.com) on another machine. Our site currently has about 30 clients and 50 user accounts. My plan is to setup the ADC on the other machine and to migrate the user accounts using the Samba4 classicupgrade tool. I would then newly setup groups, permissions, etc. on the new ADC. After an extensive test phase I would then join one client machine after the other to the new AD-domain. My main question before I start is: Is it possible to safely run an NT4 PDC for our.site.com and an ADC for ad.our.site.com in parallel on the same subnet (both on different machines) or are there problems to be expected? Thanks for your kind support and best regards Andreas
Hello Andreas, Am 20.03.2014 10:01, schrieb samba.20.andwin at spamgourmet.com:> I'm planning to migrate an existing Samba 3.4.7 NT4-domain > (our.site.com) to a Samba 4.1.6 AD-domain (ad.our.site.com) on another > machine. Our site currently has about 30 clients and 50 user accounts. > My plan is to setup the ADC on the other machine and to migrate the > user accounts using the Samba4 classicupgrade tool. I would then newly > setup groups, permissions, etc. on the new ADC. After an extensive > test phase I would then join one client machine after the other to the > new AD-domain. > My main question before I start is: Is it possible to safely run an > NT4 PDC for our.site.com and an ADC for ad.our.site.com in parallel on > the same subnet (both on different machines) or are there problems to > be expected?You can do this. But you can't have a trust between. So when users can't simply access resources on the other domain. And maybe users won't reach servers, if you have different DNS search domains and not all records in both DNS zones. But why you want to have it side by side and not simply migrate? Do you have many other tools authenticating against your openLDAP backend or storing additional stuff in there other applications use? Regards, Marc
On Thu, 2014-03-20 at 10:01 +0100, samba.20.andwin at spamgourmet.com wrote:> Dear List, > > I'm planning to migrate an existing Samba 3.4.7 NT4-domain > (our.site.com) to a Samba 4.1.6 AD-domain (ad.our.site.com) on another > machine. Our site currently has about 30 clients and 50 user accounts. > My plan is to setup the ADC on the other machine and to migrate the > user accounts using the Samba4 classicupgrade tool. I would then newly > setup groups, permissions, etc. on the new ADC. After an extensive > test phase I would then join one client machine after the other to the > new AD-domain. > My main question before I start is: Is it possible to safely run an > NT4 PDC for our.site.com and an ADC for ad.our.site.com in parallel on > the same subnet (both on different machines) or are there problems to > be expected?You can't run them on the same subnet, they will fight over the ownership of the netbios domain name. Run them isolated. We would like to make it easier to bring password changes (only) between the two domains, but that isn't trivial right now. (A script looking at the last change time is what I imagine). The best suggestion is to re-run the upgrade once you are happy with your tests, with current data, and to then do any improvements once the simple transition is over. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba