On 3/1/2006 7:09 AM, [EMAIL PROTECTED] wrote: > Are there any gotcha's..... > > > I am currently using winbindd and very successfully integrating my Samba > boxes with the NT4 domain structure. The admin who is doing the migration > (A corporate person not used to Linux at all) is already nervous about the > migration since it involves Linux. > > Usernames are not supposed to change..but, the authentication domain is > going to be a completely new one. > > > If the domain is going to be a completely new one, let's hope that your admin is using the Active Directory Migration Tool from Microsoft, as that will make his job a whole lot easier. If the ADMT is used, it has the ability to "preserve SID history" (an exercise for the reader to find out what that means) which is helpful in some circumstances. Also, the ADMT provides tools for migrating Windows workstations; those tools migrate ACLs on shares and the filesystem, user rights, and move the workstation to the new domain. Now on to the Linux/Samba portion of things...
There is an inherent issue in migrating to a new domain: SIDs. They WILL change. If you are using ACLs on your Linux filesystem, or if your Samba server caches user account information from the domain controller, you may run into issues there with the SID and with the user's logon domain being the old one. Nevertheless, you'll have to disjoin the old domain and rejoin the new one, updating your smb.conf, resolv.conf, hosts file, etc. to reflect the new environment. I have performed NT4/PDC-Win2k3/ADS migrations before (using ADMT), and even Samba/PDC-Win2k3/ADS migrations using ADMT, but none of those environments have included Samba/member servers, so this is uncharted territory for me. It's probably something I need to learn about. ~Jonathan Johnson Sutinen Consulting, Inc. www.sutinen.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
