[Samba] Migrating to new domain

Gaiseric Vandal gaiseric.vandal at gmail.com
Wed Mar 28 10:29:54 MDT 2012 

I think the issue with two Samba/Win domains on the same LAN segment
(VLAN or physical) is that you may have two PDC's that each want to be
the master local browser.    If you are using a WINS server, most
browsing issues should go away.

I find domain trusts to be somewhat difficult to set up.   Each trusting
domain has to allocate unix uid and gid numbers  to the trusted users.  
This involves winbind and idmap.   In your situation, the users in each
domain will be the same, so as long as you keep the same unix uid, gid,
uid number and gid numbers in the new domain you can probably skip idmap
config.     Basically, the samba server in OLDDOMAIN will map
"NEWDOMAIN\dbrooks" to the same "dbrooks" unix account as the local
"dbrooks" windows user.   And vice versa with OLDDOMAIN users access the
stuff in the NEWDOMAIN.    You would need to skip "share" security on
samba shares and just rely on file level security.    (There may be some
smb.conf settings for to allow this mapping to work)






On 03/28/12 11:31, Donny Brooks wrote:
> Users will need to access the shares no matter which side of the migration they are on. I will look into the trusts and see how to do that. I just thought that you could not have multiple domains on the same vlans. We will be doing a clean install of OpenLDAP also so we can actually add the users as we go there too.
>
> I had thought about the NFS mount deal or keeping a 5-minute rsync going to keep files in sync. As for the profiles I am not too much concerned about users on either side of the migration since I would have to move all the users on a specific BDC once I move that BDC server to the new domain.
>
> As long as we can have multiple domains on the various vlan's at one time without issue then this just got alot simpler. It means I can test on a semi-live environment rather than a totally segregated one. Thanks for the input.
>  
>  
> On Wednesday, March 28, 2012 08:59 AM CDT, Gaiseric Vandal <gaiseric.vandal at gmail.com> wrote: 
>  
>> Do users need to share files with each other?  You could set up trusts
>> between the new and old domain, so that users on the new domain can
>> still access files on the old domain.
>>
>>
>>
>> You could also use NFS or autofs to share home directories  between
>> samba servers, then have the samba server reshare the nfs share.  This
>> means that if you move a user to the new domain, he will access his home
>> directory from a new server, but the new server is actually resharing an
>> nfs export from an old server.   But that may be complicating things. 
>> Alternately, you could configure a 2nd IP on the BDC's that you are
>> keeping and have two instances of samba running -  one for each domain. 
>> That way you can move file shares between domains with out actually
>> having to copy them between machines.
>>
>> Moving users to a new domain + copying their files to a server in the
>> domain seems simpler than trying to move users and a DC at the same
>> time.   The downside is the extra time in copying files between machines. 
>>
>>
>>
>>
>> On 03/28/12 08:14, Donny Brooks wrote:
>>> In the comming months we will be setting up a few new machines to replace our PDC and BDC that are currently running Fedora 11 with Samba 3.4.7 and OpenLDAP 2.4.15. We will be upgrading to the latest Fedora with samba/ldap. With this we will be recreating our domain fresh to get rid of alot of old junk not needed and add in new features. We do use roaming profiles also.
>>>
>>> My main concern is this: can I set up this new domain up along side of our current setup with no problems and then simply migrate a section of users at a time to it? We have roughly 10 BDC's that are setup as home servers for our end that house shares/roaming profiles/my documents for them. I know when we move a BDC to the new domain we will need to remove all of the end users connected to that machine and rejoin them to the new domain. I just don't want to have to rejoin all 200+ users at once.
>>>
>>> Another way I had thought was to setup the new domain with new BDC/home servers and then just migrate a user at a time. The new and old BDC's could share the same files so the users could still share files no matter if they were moved or not. Would it be beneficial to just create new roaming profiles on the new setup and just copy over their firefox/thunderbird profiles to the new setup or should I migrate profiles to the new system too?
>>>
>>> I am looking for any and all input on this. I just want it to go as smoothly as possible. Thanks in advance.
>>>
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list