[Samba] Migrating W2K AD to Samba?

jra at dp.samba.org jra at dp.samba.org
Tue Dec 10 15:51:07 GMT 2002

On Tue, Dec 10, 2002 at 01:58:22PM +0100, Jonas Oberg wrote:
> After a frightening experience with W2K Active Directory, we've been
> considering an "emergency migration" to Samba. I've been looking at
> both 2.2.7 and the latest 3.0 alpha, but have found little information
> about migrating from W2K. Most information seems to be about Windows
> What I've tried is to pull the information from the AD tree with
> pwdump3 and put it in the smbpasswd file, with some small
> conversions. I've taken the domain SID and put it in DOMAIN.SID and
> created all the corresponding UNIX accounts for the computers.

This won't work. You'll need to re-add all the clients to the
Samba domain. The user passwords should still be valid, it's
the machine accounts you'll need to re-create.

Don't use the same SID. The clients will get confused as
AD-PDC features will appear to have gone from the PDC. Treat
it as a new domain with the same user passwords.

> Unfortunately, the clients are still experiencing problems when
> logging into the moved domain. Even a level 10 log doesn't tell me
> anything specific about what's going on; it keeps repeating that the
> user authenticated correctly. But on the W2K client, the users only
> get the information that their password/username was incorrect.

Once the clients are using AD, they'll expect to see all the
features of an AD PDC. You need to re-add them to the Samba
domain as a "downlevel" ie. NT4.x domain.

Let us know how this goes.


More information about the samba mailing list