[Samba] Help in performing a Half-Migration from NT to samba3.

Fabio Muzzi liste at kurgan.org
Mon May 23 11:11:07 GMT 2005

I  am currently planning "half a migration" (and half a new configuration)
from  NT to Samba PDC, and I would like to have some help. I have read the
howto and I have understood something useful, but I also understood that I
don't  know  enough  of  Samba  domain  internals  to  be sure not to make
terrible mistakes.

I  currently  have  a  NT4  PDC that also shares files and printers. Since
groups  and  shares are a complete mess (not made by myself), I would like
to migrate to samba (with tdbsam) and, in the process, recreate groups and
shares (and access control to files) in a completely different way. I have
about  60  workstations and 60 users, with an awful lot of printers (30 or

I have started thinking about a migration plan, and have come up with some
very generic ideas, on which I ask for some advice.

-  I  should  migrate  printers to linux before everything else, while the
users  still use the nt4 server, because I need to go to every workstation
and change the printers settings individually, and I would like to do this
while  the network is still in use (planning to use one entire day or more
for  this  task).  Ideally users should print through samba and cups while
still  using  the  NT server for everyting else.

Question: is it better to use samba printing or to use LPD printing or IPP
printing, provided that the workstations (XP sp2 and win2000) can do it?

-  I  should  then  take  the network down, use net rpc vampire to get the
users,  groups  and  machine  accounts  from NT to Samba, then discard the
groups  information  and  create  my  own group structure. Move the shared
files  from  NT  to Samba, modify login scripts, and test access from some
workstations,  then  restart  the network (during a week long holiday when
the office is closed).

Question:  can  I  vampire  only  users and machine accounts and no groups
(since I want to change them completely)?

Question:  I have read in the samba howto (or was it "by example"?) that I
can  (and  should  in  some  cases)  run  vampire,  then  export tdbsam to
smbpasswd  to strip domain information, then go back to tdbsam. This seems
a  good  idea  to  strip  out  things like the home directory that must be
changed  for every user to the new server, but there is one aspect I don't
understand:  if I strip all domain information, doesn't the user's SID get
lost  and  then  recreated differently? What happens if I change the users
SID  numbers?  Doesn't this make an horrible mess on the workstations that
already know the domain users by the old SIDs?

Any  help  (even  in suggesting to read more of TFM, and possily a link to
the part of the manual that I have to read) is really appreciated.


  Fabio "Kurgan" Muzzi

More information about the samba mailing list