[Samba] Running an NT4 PDC and an ADC side by side message 18 of 20)

samba.20.andwin at spamgourmet.com samba.20.andwin at spamgourmet.com
Sun Mar 23 14:45:12 MDT 2014 

On Thu, Mar 20, 2014 at 8:18 PM, Marc Muehlfeld -
samba at marc-muehlfeld.de
<samba.andwin.7dc2ca1a4a.samba#marc-muehlfeld.de at ob.0sg.net> wrote:
> Hello Andreas,
>
> Am 20.03.2014 10:01, schrieb samba.20.andwin at spamgourmet.com:
>>
>> I'm planning to migrate an existing Samba 3.4.7 NT4-domain
>> (our.site.com) to a Samba 4.1.6 AD-domain (ad.our.site.com) on another
>> machine. Our site currently has about 30 clients and 50 user accounts.
>> My plan is to setup the ADC on the other machine and to migrate the
>> user accounts using the Samba4 classicupgrade tool. I would then newly
>> setup groups, permissions, etc. on the new ADC. After an extensive
>> test phase I would then join one client machine after the other to the
>> new AD-domain.
>> My main question before I start is: Is it possible to safely run an
>> NT4 PDC for our.site.com and an ADC for ad.our.site.com in parallel on
>> the same subnet (both on different machines) or are there problems to
>> be expected?
>
>
> You can do this. But you can't have a trust between. So when users can't
> simply access resources on the other domain. And maybe users won't reach
> servers, if you have different DNS search domains and not all records in
> both DNS zones.
>
> But why you want to have it side by side and not simply migrate? Do you have
> many other tools authenticating against your openLDAP backend or storing
> additional stuff in there other applications use?

Hello Marc,

many thanks for your reply! I think I should give so more input on my situation.
The current Samba NT4 domain has not been set up by myself. The
current domain name our.site.com is also the URL of our website. The
wiki clearly states that it is not recommended to use the website URL
as the name for the AD domain. That's why I want to change it to
ad.our.site.com. Would there be a problem with still using
our.site.com instead of ad.our.site.com?

The other point is that we have a new machine where I want to set up
the Samba4 AD DC and we will discontinue the old machine. So, I will
have to copy the data from the old machine to the new one in any case.
Moreover, I plan to organize groups in another way as it has been done
til now. My main concern is to migrate the user accounts, which I've
already successfully tested in a virtual machine. I also think that I
will be able to handle the problem with different DNS search domains.

Please note that the current Samba3 NT4 domain uses the tdbsam
backend, there is no LDAP at all. I'm not quite sure what you mean by
'simply migrate', could you elaborate this a bit more? I'd appreciate
any further suggestions on how to do migration better.

Best regards,
Andreas

More information about the samba mailing list