[Samba] Samba 3 domain to AD domain migration.

Rowland Penny rpenny at samba.org
Fri Jun 1 13:36:33 UTC 2018 

On Fri, 1 Jun 2018 08:56:18 -0400
Nathan Lager via samba <samba at lists.samba.org> wrote:

> Good Morning Samba list,
> 
> I know I don't post here often (or.. maybe ever) but i've been
> watching along for years.
> 
> We're in a situation where we have an aging samba 3 domain.  It acts
> like an old NT domain, samba folks should understand that.  Its just
> where the capabilities of samba3 landed us. 
> 
> For many reasons we want to get off of this domain, and on to
> something more modern, and we've decided that a true windows AD is
> the place to go.  We have a lot of the migration worked out, but
> we're down to one last caveat.  Passwords.  We don't want to force a
> password reset for all of our users.  At least not within the
> timeframe of this migration. So we're trying to find migration
> options that will take the existing samba passwords and migrate them
> over to AD.  The passwords are currently stored in NT4 hashes (one of
> the reasons we want to get off of this domain). 
> 
> So, all that background to ask my question.  Samba 3 to Samba4
> migration MIGHT be an option. 
> https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade> 
> 
> I'm an accomplished nix admin, so i'm not afraid to try that upgrade,
> we didnt want to take the time to do that step if we could avoid it. 
> However, since we're stuck on these passwords, i'm wondering if it's
> back on the table.  The problem is, the document doesn't seem to
> directly address passwords.  It doesn't say that it does convert the
> passwords, it also doesn't say that it doesn't.  At least not that
> i've found in the doc. 
> 
> My goal would be to use the samba4 migration as a go-between from
> smb3/nt to Windows AD.  Would migrating to samba4 migrate passwords,
> AND set me up such that I can then use a domain trust, or a windows DC
> joined to the samba4 domain, to replicate passwords over to Windows
> AD?
> 
> 
> Sorry for being long-winded, let me know if you need more info.
> Thanks!
> 

I will be brief:
Yes and Yes, but why migrate to a Windows DC, think of the cost of all
those CALS, not to mention the cost of the DCs, but it is your
decision.

Rowland

More information about the samba mailing list