[Samba] Replacement of a windows 2000 PDC with active directory by samba/LDAP

Andrew Bartlett abartlet at samba.org
Sun Jan 2 02:40:57 GMT 2005

On Fri, 2004-12-24 at 11:24 +0100, Olivier Navas wrote:
> Hi
> I'm currently working on a project aiming at replacing all windows
> servers (about 20) in my company by linux servers. Some of these windows
> servers are windows 2000 domain controlers (one PDC and few BDCs) with
> active directory. We have about 900 client windows 2000 workstations and
> about 2/3 of them are domain members.

Is this a native mode, or mixed mode domain?

> Our goal is to replace the windows servers that are domain controlers by
> samba servers, and of course, to avoid as much as possible a migration
> of the windows workstations because that would be a very long and human
> resource intensive task.


> Reading the samba documentation, I understand that samba 3 can act
> roughly like a windows NT 4 PDC, but not like an active directory
> server. My first conclusion is that our windows domain will probably
> have to "downgrade" to a "NT 4 like" domain, but I don't really know
> what impact this will have on windows 2000 workstations.
> So these are my questions:
> - Will we be able to achieve the replacement of the windows 2000 PDC et
> BDCs without any action on windows workstations ? Or should we prepare
> for bad days of workstations migration ?

This very much depends, native mode domains are very hard to work with,
but a mixed mode domain *should* be possible.

I've done some investigatory work recently that should allow us to
overcome the 'no passwords in vampire' problem, if that turns out to be
a blocker.  (I have shown in Samba4 how to get the passwords, but samba3
doesn't use this yet).  Otherwise, I would suggest just trying it.  If
you vampire into a distinct test network, then you can take aside a few
of your test machines (you have a test network, and test workstations,
right?) and see what works, what fails.

Andrew Bartlett

Andrew Bartlett                                 abartlet at samba.org
Authentication Developer, Samba Team            http://samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20050102/58e97615/attachment.bin

More information about the samba mailing list