[Samba] Re: Simple Samba connection question to new Active Directory

Spike Burkhardt burkhardt.richard at ssd.loral.com
Tue Dec 14 16:32:23 GMT 2004


> Hello all!
>         I currently have a small Windows NT 4 domain (named OLD_NETWORK).
>         All files are stored on a UNIX server (running Solaris) running
> Samba 2.2. Runs perfect. No problems. Samba's only job in my network is JUST
> TO STORE AND SERVE OUT FILES to PCs. Samba does not run as a PDC. Merely
> validates valid users to get their files off UNIX server.
>         I believe this is the simplest possible Samba scenario!


>         I am going to join a neighboring departement's new Active Directory
> (named NEW_NETWORK).
>         I already merged one PC and one user into the new AD using
> Microsoft's Active Directory Migration Tool. The user and computer migrated
> perfectly. The user logs onto the new AD (NEW_NETWORK) and can get their
> files off UNIX server via Samba just as before. Perfect! It's like nothing
> has changed!
>         But what will happen when I turn off the OLD_NETWORK NT 4 servers???
>         I assume the users I migrated will still be able to access their
> files right (I can just pull the network cables from OLD_NETWORK to test
> that out)?

I'll make some assumptions here.
1.  First is that the samba server is the same server in NEW_NETWORK as in OLD_NETWORK.
2.   All accounts in OLD_NETWORK have been migrated to AD realm on NEW_NETWORK.
3.  Authentication and authorization are currently done on the NT4 servers.
4.  Authentication and authorization will be done on the AD servers.

When you turn off the NT 4 servers, you will need to change the smb.conf file to reflect the new AD stuff.  For instance, you'll need to point to the new password server; specify the AD realm (realm = xxx) and the workgroup the server is in.

>         Also, with OLD_NETWORK turned off, how will I be able to add a new
> user and still have Samba let them in to read/write files on UNIX server?

Don't know.  In our environment, a new user get's an account created on the AD server and then on the samba server.  Both are manual processes.

>         Right now Samba is currently validating users by looking at the PDC
>         Can I change how Samba validates users? Maybe I can list them out
> user by user for Samba?

See above.  If validation will occur on the AD server, smb.conf will need to get modified.  I have tested validating to a NT server on a AD network with no issues at all.  Samba is simply amazing!



>         HELP!
> Thanks,
> Keith
> Rochester, NY
>   ------------------------------------------------------------------------

More information about the samba mailing list