[Samba] Classicupgrade FL 2012_R2 NTLM/Kerberos logon
contactdarin at posteo.net
contactdarin at posteo.net
Wed Jun 5 15:34:58 UTC 2024
Hello Havany,
I am just going to jump into this discussion.
> We try 2 scenarios : - A "Big bang" migration to an new domain made from scratch : but we need to migrate all users, computers, laptops, filers without loosing profiles, files server access... In a short time (1-2 weeks maximum) - A "classicupgrade" migration, but it need several steps to improve security. And at the same time, and we are afraid to import "silently" many misconfiguration from our old NT4 Domain that could have an impact in the future.
I would strongly avoid your "Big Bang" approach. What your describing is
going to most certainly backfire. It sounds like a fail forward vs fail
backward. When something goes wrong you need to be able to go back to a
working configuration. So I suppose the best option is to do a slow
migration with the ability to quickly do and undo changes.
> around 400 Windows computers and 1500 active users.
Your deployment is not small or trivial. I would be very careful doing
anything as you could create a significant IT trainwreck.
To help you I need some more information. Are you migrating from a
Windows Server environment? If so, what version. I think a 2008_R2
domain level should not be much of an issue. From a security aspect you
can do a few things like only using SMB3 and strong encryption.
https://wiki.samba.org/index.php/Hardening_Samba_as_an_AD_DC
Darin
More information about the samba
mailing list