[Samba] Upgrading version 3.6 to 4.4 and Active Directory

Luke Barone lukebarone at gmail.com
Mon May 30 16:02:11 UTC 2016

First, background information. We are a large (geographically local)
organization with 50 sites, including our HQ. Each site has a Debian Server
running Samba in NT-Domain Controller mode. Each site is independent of the
next, but are all named as a 3- or 4-character site code
<http://example.com>. The workstations are connected, and working fine in
our sites with the single servers.

We had a recent network upgrade that now has every site with a 10.X.Y.Z
address. X is the site code, so each site is in the same subnet,
and we can see the networks from each site. Now is the time to setup Active
Directory, right?

My goal is to create a forest, starting at the HQ (HQ.example.com) level,
and working down to each site (SITEA.example, SITEB.example, etc). Our goal
is to upgrade to Active Directory at each location, so as to not lose any
of the user data (username/passwords, group memberships, etc), and then
merge the AD Domains into a hierarchical forest, with each of the techs
responsible for the domain at their sites. We are hoping that it will also
allow us to have a user's primary DC (I know that term isn't use, but let's
say it's the site's main one) down, but still authenticate to another
trusted domain controller.

Will Samba 4 allow us to do this? If so, is it simply a process of 1)
Upgrade role to Active Directory Domain Controller, 2) Use Active Directory
Sites and Services to link each of the 50 domains together? Or is there
more to it that we need to work on first?

More information about the samba mailing list