&author.jht; April 3, 2003 This is a rough guide to assist those wishing to migrate from NT4 domain control to Samba-3 based domain control. In the IT world there is often a saying that all problems are encountered because of poor planning. The corrollary to this saying is that not all problems can be anticpated and planned for. Then again, good planning will anticpate most show stopper type situations. Those wishing to migrate from MS Windows NT4 domain control to a Samba-3 domain control environment would do well to develop a detailed migration plan. So here are a few pointers to help migration get under way. The key objective for most organisations will be to make the migration from MS Windows NT4 to Samba-3 domain control as painless as possible. One of the challenges you may experience in your migration process may well be one of convincing management that the new environment should remain in place. Many who have introduced open source technologies have experienced pressure to return to a Microsoft based platform solution at the first sign of trouble. It is strongly advised that before attempting a migration to a Samba-3 controlled network that every possible effort be made to gain all-round commitment to the change. Firstly, you should know precisely why the change is important for the organisation. Possible motivations to make a change include: Improve network manageability Obtain better user level functionality Reduce network operating costs Reduce exposure caused by Microsoft withdrawal of NT4 support Avoid MS License 6 implications Reduce organisation's dependency on Microsoft It is vital that oit be well recognised that Samba-3 is NOT MS Windows NT4. Samba-3 offers an alternative solution that is both different from MS Windows NT4 and that offers some advantages compared with it. It should also be recognised that Samba-3 lacks many of the features that Microsoft has promoted as core values in migration from MS Windows NT4 to MS Windows 2000 and beyond (with or without Active Directory services). What are the features the Samba-3 can NOT provide? Active Directory Server Group Policy Objects (in Active Direcrtory) Machine Policy objects Logon Scripts in Active Directorty Software Application and Access Controls in Active Directory This is not a definitive ste-by-step process yet - just a place holder so the info is not lost. 1. You will have an NT4 PDC that has the users, groups, policies and profiles to be migrated 2. Samba-3 set up as a DC with netlogon share, profile share, etc. 3. Process: a. Create a BDC account for the samba server using NT Server Manager - Samba must NOT be running b. rpcclient NT4PDC -U Administrator%passwd lsaquery Note the SID returned by step b. c. net getsid -S NT4PDC -w DOMNAME -U Administrator%passwd Note the SID in step c. d. net getlocalsid Note the SID, now check that all three SIDS reported are the same! e. net rpc join -S NT4PDC -w DOMNAME -U Administrator%passwd f. net rpc vampire -S NT4PDC -U administrator%passwd g. pdbedit -l Note - did the users migrate? h. initGrps.sh DOMNAME i. smbgroupedit -v Now check that all groups are recognised j. net rpc campire -S NT4PDC -U administrator%passwd k. pdbedit -lv Note - check that all group membership has been migrated. Now it is time to migrate all the profiles, then migrate all policy files. Moe later. Lots of blah blah here.