[Samba] Samba As BDC

Goetz Rieger goetz.rieger at suse.de
Tue Jul 23 05:23:02 GMT 2002


On Mon, 22 Jul 2002 11:41:39 -0400
Irving Carrion <icarrion at allinterior.com> wrote:

> I'm trying to replace an existing NT4.0 domain controller with the
> latest version of samba.  My concern is that I would have to re-create
> all the users on the samba machine, change the domain name (From
> NT-Domain to SAMBA-Domain) on each Windows 2000 workstation, and
> re-configure every users email, settings etc....(We have about 500 users
> with only 2 Admins.)

you are talking about a very sensitive topic...take a look at the postings
between T.Allen and A.Bartlett (around 02/07/20).

> Is there a way to add a SAMBA BDC to an existing NT Domain, 

To my knowledge, no.

> have all user names / passwords transferred to the SAMBA BDC, and then
> promote the Samba BDC to a PDC, throw away the NT PDC, and standardize
> on SAMBA Domain Controllers?  


We just migrated a NT4.0 PDC to samba and it gave us a considerable amount
of pain. You can dump the user/passwords with pwdump and you can extract
the group memberships with rpcclient, at least we did. 

You can fetch the Domain SID and give it to the samba PDC. But you will
run into trouble with the user RID migration, because Samba calculates the
RID out of the Linux UID. So there is no clean way to get the same user
SID from Samba as the user had before on the NT PDC. And not to mention
the trust account passwords...mymy.

I have heard the only reasonable painless way for a migration is Samba
with the LDAP backend, so that you are able to massage the RIDs and trust
account passwords into the directory. But a really transparent NT-Samba
migration is another story.


More information about the samba mailing list