[Samba] Migrating Samba NT4 Domain to Samba AD
Bartłomiej Solarz-Niesłuchowski
Bartlomiej.Solarz-Niesluchowski at wit.edu.pl
Sun Sep 15 15:44:09 UTC 2019
W dniu 2019-09-12 o 22:17, Rowland penny via samba-technical pisze:
> On 12/09/2019 20:37, Bartłomiej Solarz-Niesłuchowski via
> samba-technical wrote:
>> Dear List,
> Sorry but this is the wrong list, it should have been the samba
> mailing list, not samba-technical, I have cc'ed the samba list, please
> reply there.
>>
>> I need to migrate my Samba NT4 domain (5000+ users, 600+ workstation,
>> 50+ printers) urgently.
>>
>>
> You migrate your NT4-style domain to AD and then just join additional
> DCs and replication is done for you, see here:
>
> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory
>
Done with some problems:
1. bugs reported here:
https://bugzilla.altlinux.org/show_bug.cgi?id=36496
and here
https://bugzilla.samba.org/show_bug.cgi?id=13060
involved me - but and make workarounds and migration was done.
Basically AD samba works.
I have some questions:
I not currently understood - bind9 connected to AD server must be used
by the LAN workstations - or only via AD server?
currently workstations are pointed to the another DNS server than AD -
how must be it done correctly?
>
>> Migration will be try to done at this sunday so i am in hurry......
>
> I will be round on Monday to sweep up the pieces ;-)
So i have, current open problems:
1. share:
[private]
path = %H
does not work:
smbd[42055]: make_connection_snum: canonicalize_connect_path failed
for service private, path /%H
on console cd ~user works correctly
2. How to connect internal AD LDAP server?
I tried with:
oceanic:/etc/pki/ca-trust/extracted/pem# ldbsearch -H
ldaps://oceanic.wsisiz.edu.pl
search error - 00002020: Operation unavailable without authentication
I want to add necessary attributes e.g.:
uidNumber: 10000
gidNumber: 10000
when creating the account.
3. How about password aging - i need it not only on Windows part but on
unix part it is needed too (unix have acounts/password/etc. via ldap)?
I will be grateful for any help
Best Regards
More information about the samba
mailing list