[Samba] Samba As BDC
icarrion at allinterior.com
Tue Jul 23 07:01:01 GMT 2002
I'm sorry, I forgot to ask,
>you are talking about a very sensitive topic...take a look at the postings
>between T.Allen and A.Bartlett (around 02/07/20).
I can't find anything relating to my question. Do you have at least the
subject of the thread? Is there a way to search these archives? I'm going
to http://lists.samba.org/pipermail/samba/ but don't see any option of
searching through these archives. I know I'm overlooking something.
Anyway any suggestions much appreciated. Thanks!
From: Goetz Rieger [mailto:goetz.rieger at suse.de]
Sent: Tuesday, July 23, 2002 8:21 AM
To: Irving Carrion
Cc: samba at lists.samba.org
Subject: Re: [Samba] Samba As BDC
On Mon, 22 Jul 2002 11:41:39 -0400
Irving Carrion <icarrion at allinterior.com> wrote:
> I'm trying to replace an existing NT4.0 domain controller with the
> latest version of samba. My concern is that I would have to re-create
> all the users on the samba machine, change the domain name (From
> NT-Domain to SAMBA-Domain) on each Windows 2000 workstation, and
> re-configure every users email, settings etc....(We have about 500 users
> with only 2 Admins.)
you are talking about a very sensitive topic...take a look at the postings
between T.Allen and A.Bartlett (around 02/07/20).
> Is there a way to add a SAMBA BDC to an existing NT Domain,
To my knowledge, no.
> have all user names / passwords transferred to the SAMBA BDC, and then
> promote the Samba BDC to a PDC, throw away the NT PDC, and standardize
> on SAMBA Domain Controllers?
We just migrated a NT4.0 PDC to samba and it gave us a considerable amount
of pain. You can dump the user/passwords with pwdump and you can extract
the group memberships with rpcclient, at least we did.
You can fetch the Domain SID and give it to the samba PDC. But you will
run into trouble with the user RID migration, because Samba calculates the
RID out of the Linux UID. So there is no clean way to get the same user
SID from Samba as the user had before on the NT PDC. And not to mention
the trust account passwords...mymy.
I have heard the only reasonable painless way for a migration is Samba
with the LDAP backend, so that you are able to massage the RIDs and trust
account passwords into the directory. But a really transparent NT-Samba
migration is another story.
To unsubscribe from this list go to the following URL and read the
More information about the samba