Hello everybody,

I want to Migrate Win2003 Domain Controller to Samba with All Settings
Current Setup: Working Win2003 Domain Controller (DC)with home directories, group policies, shared printer, disk quotas.
now please guide me by example, how to migrate all these settings to Samba Domain Controller. I have tried to search but didn't get detailed information.

Thank you for your time.
Have a Great Time.

In my opinion , its not possible to migrate group policies, shared printer and disk quota as it is in samba.
You need to reconfigure these settings on samba+ldap setup.
Might be other members have some better idea .

Have you looked on the SAMBA site? Their tutorials are very throe. What you are asking about takes allot of work even for someone who has done it before. As a note, AD is not fully supported yet although it has come along way. I haven't done this in almost 10 years so what I would have to offer is very dated information that may be irrelevant now. I however recently tried to help someone do this on one of the Linux forums. He was a pretty bright chap and was able to bring himself up to speed on things in a bit over a week. I don't do peoples homework for them so he had quite a bit of reading to do on his own and I mainly gave guidance where there were questions over something confusing and provided a few links to get him off and running with the right terms to search for. Aside from the SAMBA site it's self there are some good tutorials for Debian if you happen to be using that as your server. Don't confuse that with Ubuntu though, believe me, they are not the same thing and are not binary compatible even though Ubuntu is based on Debian source code. Anyway, probably irrelevant as it says your distro is Red Hat. Myself, although I have used Red Hat in the past and it was a good stable system have moved on to Debian.

If memory serves though Red Hat had some tools and a wizard or two that would help you get the basics going. The last version of it I used though was RHEL 5 so again my info would be a bit dated.

Where Win Server seems to kind of bundle all those services, this is not the case in Linux. Each thing is pretty much a service unto it's self that you will need to configure. Except of course the basic SAMBA services. It is important that you read the documentation as there are some choices that you will need to make based on your network and your needs. You won't be antiquity able to make those decisions with out that info and someone helping you will have trouble giving appropriate advice with out a working knowledge of what you network needs. For example, will you need to have auto configuration of new boxes on your network joining your domain? In order to know that you will need to understand the differences of the other choices you have and also the security benefits and risks. Some choices you make can limit your ability to configure things or add or remove services from your network later. You need a complete picture of what is available and which thing effects what in-order to make those decisions. As another example.. Will you need to migrate your existing domain or can you just create a new domain for your purpose? To migrate your current domain you will have to first setup SAMBA as secondary domain server and join it to your current domain, then once your PDC Windows server has been removed you can upgrade your SAMBA server to a Windows PDC. If you don't know how this will affect your network you need to do some reading to be prepared for things that will inevitably pop their heads up. By the looks of your post I am probably not the best person to help you but I hope I have given you some things to consider that will be a benefit to you.

Best of luck,
AM

Dear Absent Minded,
that's really encouraging, yes I'm reading the details @samba.org, my future setup is on Debian/Ubuntu...well I'll also dig about the difference between them. I agreed with you about the detailed network plan, precautions etc.

1. Please tell me if it works, when Samba joined the AD as BDC =
   [global]
   preferred master = no ( Change no to yes)

so the Samba will get user names and passwords from the X-PDC ?

Thank you for your time.

I have tried several times now to give you a decent response but LQ keeps timing out before I get finished. Anyway after rewriting things 4 times I am fed up for now. I will see about writing you out a response and just pasting it in later. I am glad you are making head way though. The SAMBA documentation you are reading should answer your question soon. Anyway, I am sorry but I am ticked and frustrated so I will have to post back a bit later.

Okay, trying this again but being a little smarter this time. There will be more replication services available to you if you are in a position to use the experimental AD support provided by SAMBA. I would however have to do what you are doing now (reading the latest SAMBA documentation) to tell you if that specific ability exists and is working in the latest release of SAMBA. Much of those questions are answered in the first few chapters of the SAMBA documentation. For example: what services are currently available, what they plan to have working in the near future and what has to be worked around. It is in the later chapters that it will explain how to actually work around things that are not fully supported yet. Yes, it is a huge amount of reading but only you are going to be able to know what specific things your network needs. Back when I had to do this AD was bran new and it was hardly supported at all. So I had to go with the old legacy NT4 DC setup. Much of the replication of data had to be done manually. Depending on your network, you may be stuck having to do the same. However, if you are in a position of being able to use SAMBA's experimental AD support some of your next few weeks could be made allot easier. While I haven't read any recent horror stories involving SAMBA's AD support, it is still advisable to understand it's benefits, drawbacks and what to expect. If things haven't changed recently, about the first thing you will need to decide is whether or not to set SAMBA up as an AD server or a legacy NT4 PDC. From what I remember one can not change their mind in the middle of setting things up with out starting over. So, you need to look at how that choice is going to affect things long term. If I had to do this today I would be using the experimental AD support. I however just run a small business and their are less than 20 workstations that I have to be concerned with. I am not sure what you are dealing with.

I haven't actually used an Ubuntu Server setup so I can't give you any real advice on it. I have used the regular Ubuntu designed for workstations and I personally found I can't rely on it so Debian is used for everything here. Maybe the Ubuntu server is better than the regular install. One can hope anyway. I hear the new Ubuntu is pretty stable though. I just won't use it because of their track record. I want to be able to get the next upgrade to my systems when it comes out and not have to worry if it is going to be a stable release or not. With Debian, I don't have to spend the first 3 months after a new release fixing things. I guess others have better luck with it that I do but from my perspective on stability I might as well be using Windows and rebooting every 3 days to maintain system stability. Granted, I only needed to reboot my Win Servers about once a week. Many of my systems here haven't been rebooted in 6 months since Linux has pretty good APM support these days so no real need to shut them down to conserve power. Sorry, got off track there a bit. Anyway, I not trying to pick on anything just telling you what my experience with them has been. I am not some big time network admin with hundreds of workstations and servers to look after. Just a small business owner that uses what works best for me. I also help some other organizations with their networks but nothing substantial in size.

From an administrative point of view, I find Debian is just as easy to administrate as any other distro based on Debian. If I needed setup wizards to help me set things up I would need to move back to an RPM distro as none of the Debian based distros have them. Yes, there are some administrative tools that help setup and maintain a Debian based system but really nothing any better than Webmin in my humble opinion. Where some RPM distros have wizards that walk you threw setting up things like D/DNS, SAMBA, NFS, NIS, extra hardware and internet connection sharing (routing, caching and firewall services), there are none of those for a Debian based system. So to me I might as well use the mother distro as it is usually just as easy. However, if one can't setup any proprietary firmware/drivers on their Linux system, maybe it would be best for them to use a knock-off more suited to their needs. That is more often than not a workstation setup thing than a server setup problem (ie. not too many servers need fancy proprietary drivers for video).

Anyway, I hope this post was of some use to you. I know it doesn't really answer your question. Instead it just gives you more stuff to consider and think about.

AM

sure, it's really thought-provoking post, well I'm trying to read/test samba DOCs.

1. network size is increasing day by day, now about 250---300 users, maximum UP time is the big issue.! I need enterprise level solution with fast, secure and reliable features.
2. yep there is Samba 4.0.0alpha13 available, however it is still in testing mode and not recommended for production use. well it's great idea to test before deployment, however time is critical factor. I'll try to test, but not sure, because of tight deadlines.
3. My personal experience regarding the use of Debian, is OKAY, and in my opinion I find Debian more stable than RPM Distros.
4. Ubuntu is getting mature day by day, and now 10.4.1 server release is quite stable, fast and easy to manage.
5. So the requested solution is Easy to Mange, Stable in Highly demanded environments, Secure (No or minimum Virus, Worm, Exploits, etc issues)
6. Thank you for your time and feedback, please "Press Any Key to Continue."

Once Debian and SAMBA have been setup I believe you will have everything that you have mentioned you need, want and expect out of things. I know my network is conciderably smaller than yours but our uptime here has never been better. I am also free most of the time to actually get business taken care of instead of having to rework something again on the local net. Unless a power outage out lasts my UPSs these machines never are down. I use Debian's stable branch on them. My own personal system uses Debian's testing branch. Which I tend to find as stable a most other distros final releases. There is however a rare occational hichup and for that reason it is only me personal systems that get to use Debian testing. It is rare that I need an update to what is on Debian stable but when I do, I have been able to get whatever was needed from Debian Backports. I bring that up as I know it has concerned some. I am going to guess that a server handling 300+ workstations is going to be run headless with no X-server. I have a fried that makes use of Debian testing on the network he is in charge of, I think it is roughly about your size. All packages in Debian (any branch) are taken from upstream stable release code. If you are not going to use a GUI then realistically testing would be a viable option for you as all of the services needed to be run on a server are very mature, well maintained and heavily debugged before it is put into Debian. Anyway, my buddy has very good luck with it. So if that is part of your concern that will be good info for you to know. I would say if you are administering 300 users that are running Windows, you are about maxed out and it is no wonder you are looking for a better solution if you are taking care of all that on your own. I can tell you in all honesty that moving all my systems to Debian Linux from Windows has made it so I only have to spend about one third of the time that I use to doing network administration. For me, that is a great boon as I have so much other stuff that needs my attention. By the way, SAMBA and the additional services needed to replicate a Windows Domain should have little problem handling that work load. It is just the needed work and effort that you will have to go through initially that I see as your worst problem. Once it is setup, things should leave you alone so you can get your other important things done. To bad that installing one Linux server doesn't cure the problems of 300 Windows workstations but it should go a long way in helping you have more time to take care of those workstation related problems instead of having to fight with something serverside as well.

Thank you for your continued feedback, please tell howto:

1. Import/migrate users and passwords from windows 2003 domain controller.
2. What specific settings are required in Samb > smb.conf to promote BDC to PDC.
3. Howto Setup GPOs (Group Policies)
4. Disk Quota, (Assign to Group or Per User Basis.?)
5. Samba Users Administration--> GUI/Web-based.

Thank you for your time.
Have a Great Time.
Regards.

Are you reading this documentation?
http://www.samba.org/samba/docs/man/...TO-Collection/

That pretty well covers questions 1-3 and probably 4

For managing SAMBA you can use S.W.A.T. or Webmin from any web browser.

SWAT also provides extensive documentation. Also see "man samba" in your Linux terminal of choice after installing samba.

#4 if I am not mistaken is controlled by Linux/Unix group and user policies.

okay, I'm reading SAMBA-HOWTOs, not regularly (due to workload), but I'll explore them in details in the weekend.
Now please tell me howto do that:
I'll try to test, please note that I'll be away till the Monday.
Thank you very much for your all help.

As I mentioned, I may not be the best person to help you.. I don't do the homework of others. My time is just a valuable as others. So far the info you have asked for is included in the documentation, something you need to be reading anyway to make the right choices for your particular setup. It is not that at the moment you are trying to trouble shoot some particular problem you are having. When the info is in the documentation, I expect others to read it just like I have had to do to set things up. While I enjoy helping and giving people a "hand up", I am not much for just giving "hand-outs" to those who seem to think they are "owed" something. "Give a man a fish, he eats for a day. Teach a man to fish, he eats for life." I, like most forum members am not paid to be here to help and I expect that one respects my time just as they respect their own time. While some GNU/Linux distros are not well documented, Debian is heavily documented and gives very intense, accurate and in-depth instructions on how to do things in their distribution. I can't say as much for Ubuntu but what does one expect from a leaching knock-off that doesn't even give much support to the upstream projects they "use" or leach off of? SAMBA, like the Debian project, is also heavily and completely documented. Now if you are having trouble with some of the documentation and understanding it, lets talk about that and maybe I can help you come to grips with that so you understand it better. Also, if you are fallowing the instructions and get stumped by something you don't understand or that doesn't seem to work, then lets talk about that as well. But, I am not going to configure your network "for" you unless your are going to pay me to come and do it. Me typing out config files for you to just paste into things is different than me being there and doing your job for you in what way? If you want to actually "learn how" I am here for you. If you want me to just "do it for you" I am not interested unless you are paying.

[/rant]

Okay, having said that. I will offer you some help. A search for "setting Linux disk quotas" in your favorite search engine can be very helpful. Also, here is a link to a reputable site that discusses the issue:

http://linuxhelp.blogspot.com/2005/1...explained.html

Thanx a lot for your help and Advices!!!

Also I don't like spoon-feeding, however just ask you to share your own experience. After all Sharing is Learning. Anyway thanx again for compliments.

It would seem I owe you a bit of an apology as apparently I misunderstood what you had said (or at least the meaning you had intended). My intent here is to help you learn the formula and reason for it so you can create your own answers. My last response has not helped you do that and I feel a bit bad that I blew a gasket. I don't have much to say on my behalf except I misunderstood you and I was already at the end of a day I do not wish to repeat.

With out using the experimental SAMBA AD support, the best way I can think of to import your windows users to Linux and SAMBA is to write a script that will use a list of names as an input source. The script should do the fallowing: Grab each name from your name-list-source and run the command that adds the user to both the Linux user list and SAMBA. It should also set the default groups and a password for each user. I am not good at writing bash (or any other) shell scripts so you will have to look-up on how to do that or maybe start a new thread here to ask for specifics on doing that. I know "some" domain replication is possible. I just am not sure these days how much and to what extent. For that reading the SAMBA documentation is necessary. I am "hoping" that the machine domain accounts will be able to be replicated to SAMBA. When I did this though, I had to manually set those up. Since it has been nearly 10 years since I have done that though, I don't remember much of what specifically I had to do in that regard. I no longer have my notes either.

If you go with Debian instead of Ubuntu (recommended as there is better documentation and from what I can tell it is more scalable and stable than Ubuntu (aside from my ethical reasons for choosing Debian)), you can look on the Debian wiki and Debian's own website for extensive howtos and other documentation.

While SAMBA is setup as the BDC you can have it authenticate users threw the Win PDC. However, making use of LDAP or another authentication tool SAMBA can authenticate users it's self. I wish I could be of more help on that but it has been so long that I would have to re-read all the SAMBA documentation again. As I am sure you are aware of by now, that is very lengthy and while it would be an interesting read, I don't have allot of free-time to be able to devote to it.

It is my hope that some others come by to help out in a few of these areas. As my user name implies, I have some real issues remembering things at times. SAMBA is only but a part of my computer knowledge and since I haven't needed to use it in this capacity for about 6 years, I haven't retained all the necessary info. Having said that, I still make use of SAMBA on my network. I use it as a file-server in a workgroup setting for the times where I am repairing someone elses' computer and need access to some files on my main server. I also use it to store backup info for my clients. Needless to say, neither of which require me to maintain a Windows type PDC these days.

If it is any consolation to what you are currently having to deal with and go threw, I can tell you that using the Linux-SAMBA combination in place of my WinNT4 Server greatly improved the amount of time I had to focusing on other things I needed to do. Having helped admin Win2000 and Win2003 servers I can also say that, in my opinion, one can also expect to receive the same types of benefits as I received by using the Linux-SAMBA solution. It was just a "task and a half" to get setup and I truly feel for someone going threw this type of migration. As I said though, I truly believe that the extra hassle, extra learning and extra work are well worth it in terms of the benefits gained in up-time and hassle of administering a solely Windows Domain. If setup correctly, the entire network can benefit. Linux can be told to scan all incoming and out going traffic for Windows virus. To add to this all mail handled locally can be scanned for Windows virus on a system that is near immune to any virus. A windows Trojan or virus will not run on Linux unless you install wine... and why would one do that on their server feeding 300 workstations? Not to mention, even if one did make use of wine to run a virus it would only affect the user account and possibly the "group" it was associated with. So unless it was run by the root user, clean-up is pretty much a breeze compared to using a Windows box in the same scenario.

It is also my belief that run headless (no GUI), there is no usability improvement in using Ubuntu over Debian. The very few usability improvements I have seen on an Ubuntu system have only been to enhance what one is able to do from the GUI and not the CLI. Since Ubuntu is heavier by default than a default Debian install, I can't see the benefits to using it over Debian. Then again, it is just my experience that I am going from. In view of the things I mentioned though, I can see no real point to Ubuntu's existence. If Ubuntu cleaned up their act, started supporting the community they leach off of and produced a system that was truly reliable over each release, then I think they could be of benefit to the community as a whole. Right now all their advertizing $$ are not doing anything to promote Linux or open-source as the only thing I can say their version of Linux offers over Windows is the lack of viral or malware infection. From my perspective, all of their money spent on advertizing Linux is hurting the community as new users try Ubuntu first and find it not any more reliable than what they had at best and if the user was already using a Unix system like Solaris or OSX (from Apple) they would have an even worse impression of Linux then ones coming from Windows. System stability must be paramount and quality code is indispensable. Foregoing all of those things to meet the almighty release date like Windows continually does is hurting them and the rest of the community because they are so "high-profile". Just some things to think about.