Luke Barone
2016-May-30 16:02 UTC
[Samba] Upgrading version 3.6 to 4.4 and Active Directory
First, background information. We are a large (geographically local) organization with 50 sites, including our HQ. Each site has a Debian Server running Samba in NT-Domain Controller mode. Each site is independent of the next, but are all named as a 3- or 4-character site code <http://example.com>. The workstations are connected, and working fine in our sites with the single servers. We had a recent network upgrade that now has every site with a 10.X.Y.Z address. X is the site code, so each site is in the same 10.0.0.0/8 subnet, and we can see the networks from each site. Now is the time to setup Active Directory, right? My goal is to create a forest, starting at the HQ (HQ.example.com) level, and working down to each site (SITEA.example, SITEB.example, etc). Our goal is to upgrade to Active Directory at each location, so as to not lose any of the user data (username/passwords, group memberships, etc), and then merge the AD Domains into a hierarchical forest, with each of the techs responsible for the domain at their sites. We are hoping that it will also allow us to have a user's primary DC (I know that term isn't use, but let's say it's the site's main one) down, but still authenticate to another trusted domain controller. Will Samba 4 allow us to do this? If so, is it simply a process of 1) Upgrade role to Active Directory Domain Controller, 2) Use Active Directory Sites and Services to link each of the 50 domains together? Or is there more to it that we need to work on first?
Luke Barone
2016-May-30 16:04 UTC
[Samba] Upgrading version 3.6 to 4.4 and Active Directory
Ignore - It was a repeat message with some URLs changed, as I thought I tripped the spam filter on the list (I couldn't find the message anywhere, even on the online board). Sorry for double posting -.- On Mon, May 30, 2016 at 9:02 AM, Luke Barone <lukebarone at gmail.com> wrote:> First, background information. We are a large (geographically local) > organization with 50 sites, including our HQ. Each site has a Debian Server > running Samba in NT-Domain Controller mode. Each site is independent of the > next, but are all named as a 3- or 4-character site code > <http://example.com>. The workstations are connected, and working fine in > our sites with the single servers. > > We had a recent network upgrade that now has every site with a 10.X.Y.Z > address. X is the site code, so each site is in the same 10.0.0.0/8 > subnet, and we can see the networks from each site. Now is the time to > setup Active Directory, right? > > My goal is to create a forest, starting at the HQ (HQ.example.com) level, > and working down to each site (SITEA.example, SITEB.example, etc). Our goal > is to upgrade to Active Directory at each location, so as to not lose any > of the user data (username/passwords, group memberships, etc), and then > merge the AD Domains into a hierarchical forest, with each of the techs > responsible for the domain at their sites. We are hoping that it will also > allow us to have a user's primary DC (I know that term isn't use, but let's > say it's the site's main one) down, but still authenticate to another > trusted domain controller. > > Will Samba 4 allow us to do this? If so, is it simply a process of 1) > Upgrade role to Active Directory Domain Controller, 2) Use Active Directory > Sites and Services to link each of the 50 domains together? Or is there > more to it that we need to work on first? >