30.2 Migration Options

Sites that wish to migrate from MS Windows NT4 Domain Control to a Samba-based solution generally fit into three basic categories. Table 30.1 shows the possibilities.

Table 30.1. The Three Major Site Types

Number of Users


< 50

Want simple conversion with no pain.

50 - 250

Want new features, can manage some in-house complexity.

> 250

Solution/Implementation must scale well, complex needs. Cross-departmental decision process. Local expertise in most areas.

30.2.1 Planning for Success

There are three basic choices for sites that intend to migrate from MS Windows NT4 to Samba-3:

  • Simple conversion (total replacement).

  • Upgraded conversion (could be one of integration).

  • Complete redesign (completely new solution).

Minimize down-stream problems by:

  • Taking sufficient time.

  • Avoiding Panic.

  • Testing all assumptions.

  • Testing the full roll-out program, including workstation deployment.

Table 30.2 lists the conversion choices given the type of migration being contemplated.

Table 30.2. Nature of the Conversion Choices




Make use of minimal OS specific features.

Translate NT4 features to new host OS features.


Move all accounts from NT4 into Samba-3

Copy and improve

Authentication regime (database location and access)

Make least number of operational changes

Make progressive improvements

Desktop management methods

Take least amount of time to migrate

Minimize user impact

Better control of Desktops/Users

Live versus isolated conversion

Maximize functionality

Identify Needs for: Manageability, Scalability, Security, Availability

Integrate Samba-3 then migrate while users are active, then change of control (swap out)

Take advantage of lower maintenance opportunity


30.2.2 Samba-3 Implementation Choices

Authentication Database/Backend ” Samba-3 can use an external authentication backend:

  • Winbind (external Samba or NT4/200x server).

  • External server could use Active Directory or NT4 Domain.

  • Can use pam_mkhomedir.so to auto-create home dirs.

  • Samba-3 can use a local authentication backend: smbpasswd , tdbsam , ldapsam , mysqlsam

Access Control Points ” Samba permits Access Control Points to be set:

  • On the share itself ” using Share ACLs.

  • On the file system ” using UNIX permissions on files and directories.

    Note: Can enable Posix ACLs in file system also.

  • Through Samba share parameters ” not recommended except as last resort.

Policies (migrate or create new ones) ” Exercise great caution when affecting registry changes, use the right tool and be aware that changes made through NT4-style NTConfig.POL files can leave permanent changes.

  • Using Group Policy Editor (NT4).

  • Watch out for Tattoo effect.

User and Group Profiles ” Platform-specific so use platform tool to change from a Local to a Roaming profile. Can use new profiles tool to change SIDs ( NTUser.DAT ).

Logon Scripts ” Know how they work.

User and Group Mapping to UNIX/Linux ” User and Group mapping code is new. Many problems have been experienced as network administrators who are familiar with Samba-2.2.x migrate to Samba-3. Carefully study the chapters that document the new password backend behavior and the new group mapping functionality.

  • The username map facility may be needed.

  • Use net groupmap to connect NT4 groups to UNIX groups.

  • Use pdbedit to set/change user configuration.

    When migrating to LDAP backend, it may be easier to dump the initial LDAP database to LDIF, edit, then reload into LDAP.

OS Specific Scripts/Programs may be Needed ” Every operating system has its peculiarities . These are the result of engineering decisions that were based on the experience of the designer, and may have side-effects that were not anticipated. Limitations that may bite the Windows network administrator include:

  • Add/Delete Users: Note OS limits on size of name (Linux 8 chars) NT4 up to 254 chars.

  • Add/Delete Machines: Applied only to Domain Members (Note: machine names may be limited to 16 characters ).

  • Use net groupmap to connect NT4 groups to UNIX groups.

  • Add/Delete Groups: Note OS limits on size and nature. Linux limit is 16 char, no spaces and no upper case chars ( groupadd ).

Migration Tools ” Domain Control (NT4 Style) Profiles, Policies, Access Controls, Security

  • Samba: net, rpcclient, smbpasswd, pdbedit, profiles.

  • Windows: NT4 Domain User Manager, Server Manager (NEXUS)

Official Samba-3 HOWTO and Reference Guide
The Official Samba-3 HOWTO and Reference Guide, 2nd Edition
ISBN: 0131882228
EAN: 2147483647
Year: 2005
Pages: 297

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net