[Samba] Classicupgrade FL 2012_R2 NTLM/Kerberos logon

Marco Gaiarin gaio at lilliput.linux.it
Fri Jun 21 06:48:07 UTC 2024

Mandi! Rowland Penny via samba
  In chel di` si favelave...

> It was just a comment, but from my understanding, you should use one or
> the other, not both.

I'm currentlu use *BOTH*, in production; Currently i use roaming profile,
with a mix of folder redirection and script to keep profile data as little
as possible.

> From experience, once a client has seen and connected to AD, it will
> never connect to an NT4-style domain again.

Forgot to say. Clearly i'm not speaking about the same domain (eg, same SID)
but you can safely build up the NEWDOMAIN alonside the OLDDOMAIN, on the
same network.

I've done, rougly, that:

1) bult up the new domain, with all the services (fileserver , printserver,
 ...); configure GPO to mount shares from the old domain (SMB1 enabled on
client, indeed).

2) for every (group of) client in ODLDOMAIN, i've simply dejoin OLDDOMAIN
 and join NEWDOMAIN; if NEWDOMAIN\someuser have the same password of
OLDDOMAIN\someuser, client can access shares on OLDDOMAIN.
Clearly i've done some manual work (profile migration, printers
reconfiguration, ...) BUT i've done this 'one client at a time'. Safely.

3) migrated all client to NEWDOMAIN, one weekend i've rsync-hed data from
 OLDDOMAIN filesrver to NEWDOMAIN fileserver, change policies to mount new
shares, shut down OLDOMAIN.

Et voilà.


More information about the samba mailing list