[Samba] Re: Simple Samba connection question to new Active Directory
burkhardt.richard at ssd.loral.com
Tue Dec 14 16:32:23 GMT 2004
> Hello all!
> I currently have a small Windows NT 4 domain (named OLD_NETWORK).
> All files are stored on a UNIX server (running Solaris) running
> Samba 2.2. Runs perfect. No problems. Samba's only job in my network is JUST
> TO STORE AND SERVE OUT FILES to PCs. Samba does not run as a PDC. Merely
> validates valid users to get their files off UNIX server.
> I believe this is the simplest possible Samba scenario!
> I am going to join a neighboring departement's new Active Directory
> (named NEW_NETWORK).
> I already merged one PC and one user into the new AD using
> Microsoft's Active Directory Migration Tool. The user and computer migrated
> perfectly. The user logs onto the new AD (NEW_NETWORK) and can get their
> files off UNIX server via Samba just as before. Perfect! It's like nothing
> has changed!
> But what will happen when I turn off the OLD_NETWORK NT 4 servers???
> I assume the users I migrated will still be able to access their
> files right (I can just pull the network cables from OLD_NETWORK to test
> that out)?
I'll make some assumptions here.
1. First is that the samba server is the same server in NEW_NETWORK as in OLD_NETWORK.
2. All accounts in OLD_NETWORK have been migrated to AD realm on NEW_NETWORK.
3. Authentication and authorization are currently done on the NT4 servers.
4. Authentication and authorization will be done on the AD servers.
When you turn off the NT 4 servers, you will need to change the smb.conf file to reflect the new AD stuff. For instance, you'll need to point to the new password server; specify the AD realm (realm = xxx) and the workgroup the server is in.
> Also, with OLD_NETWORK turned off, how will I be able to add a new
> user and still have Samba let them in to read/write files on UNIX server?
Don't know. In our environment, a new user get's an account created on the AD server and then on the samba server. Both are manual processes.
> Right now Samba is currently validating users by looking at the PDC
> of OLD_NETWORK.
> Can I change how Samba validates users? Maybe I can list them out
> user by user for Samba?
See above. If validation will occur on the AD server, smb.conf will need to get modified. I have tested validating to a NT server on a AD network with no issues at all. Samba is simply amazing!
> Rochester, NY
More information about the samba