[Samba] NT + Samba (trusted domains) changing to AD + Samba

Andi gmane at faerun.fsnet.co.uk
Fri Dec 2 01:15:43 GMT 2005

Hi all,

I need to start looking into the problems/solutions of migrating from an 
NT4 Domain to Active Directory, where the NT Server is already in a 
2-way trust with a Samba PDC.

Hopefully, I'll have test NT, AD and Samba servers setup next week to 
start playing with, but in the mean time, I have some questions.

1	When a WinNT server gets migrated to Active directory, and that
	NT server was in a 2-way trusted domain with a Samba PDC, what
	options are there to join the Samba server (NT domain) to the AD
	network? Which would be considered the 'better' way?

2	Are there any problems or issues that I should look out for?
3	Besides the Samba docs, does anyone know of any documention that
	deals with this scenario?

Any help will be appreciated.




Samba Server Setup:

	SuSE Linux 9.3 Pro
	Samba 3.0.20b
	LDAP backend
	Running as DNS/DHCP server also.

Some background:

	I am the admin for a Samba3 PDC for a domain which is in a two 		way 
trust with a domain on a (real) WinNT4 PDC. The two domains are located 
at different geographic locations, connected via VPN.

Thre are file servers on each site (NetApps Filer on the NT end, 
Linux/Samba the other), and users from either domain require access to 
data on both sites. The trusted domain setup has worked nicely since it 
was set up.

However, the admin team for the WinNT PDC have decided that they are 
going to install an Active Directory server (not sure which Windoze 
version, yet), and retire their failing NT4 server.

As no-one in the admin team has had any real experience with AD, they 
are calling in a firm to assist with the install/set-up/migration of 
the AD server. The firm has indicated that they do not have very much 
(if any!) experience of Samba, and that it would be down to us (i.e. 
me!) to integrate Samba in the new set-up - they will handle any 
configuration thats needed on the Windows server.

I've been informed that the AD server is planned to be installed (ready 
for the migration) by around mid-January, so I've basically got about a 
month to work out the best way to keep the "same" functionality between 
the two sites.

More information about the samba mailing list