Samba has traditionally been able to act as a Win NT PDC and there have always been ways to migrate from Win NT to Samba. But these
methods are manual and time consuming. Now, Samba 3 has introduced some new tools to automate these tasks.
This article will talk about how you can migrate existing Win NT users over to a Linux Box running Samba 3. To start with, you will need a PCQLinux box running a workstation installation, Samba 3 (on this month’s PCQEssential CD) and, of course, administrator rights on the Win NT PDC you want to migrate.
First, remove old Samba files from the worksation and install Samba 3 from this month’s CD. To do so run the following commands:
#rpm -e samba
#rpm -e samba-client
To install the new Samba,
#rpm -ivh samba-3.0.0-1.i386.rpm
First, you have to configure this machine as a BDC and join it to the NT Domain. For that either directly modify the smb.conf
file or use Webmin to do so.
The required settings are: Workgroup = your_nt_domain_name, Security = User, Preferred Master = Yes, Domain Logons = Yes and Domain Master = No. In the Global section of samba.conf. You have to add some extra lines also to make sure that your net rpc vampire command works correctly. This is a command in Samba for migrating NT accounts to Linux. We will see more about this later. For now, add the following lines at the bottom of the Global Section of the smb.conf file:
logon script = logon.cmd
logon path = \\%N\profiles\%u
add user script = /usr/sbin/useradd %u
delete user script = usr/sbin/userdel %u
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/bin/gpasswd -a %u %g
set primary group script = /usr/sbin/usermod -g %g %u
add machine script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u
Now create two new shares by adding the following entries at the bottom of your smb.conf file.
path = /opt/ntlog
read only = No
create mask = 0777
directory mask = 0777
guest ok = Yes
public = Yes
path = /opt/pro
read only = No
create mask = 0600
directory mask = 0700
guest ok = Yes
Public = Yes
Now create the folders used in the shares by running the commands
vNext stop your Samba server
#/etc/init.d/smb stop
And join it into your NT Domain with
#net rpc join -S NTSERVERNAME -w NTDOMAINNAME -U Administrator%password (replace password with your password)
Now go to your NT Domain controller and run the command srvmgr to open the Server Manager. Here you will see a new machine added as Windows NT BDC with the NetBiose name of your Linux server.
You are now ready to start the migration.
At your Linux machine, run
#net rpc vampire -w NTDOMAINNAME -U Administrator%password
It will automatically create all NT accounts, machines, users and groups on your Linux machine. But we are not through yet.
Now run the command pdbedit -L -v to check whether your accounts are created properly or not. You will see an output screen like this as the pics given below.
Now you have to map your local UNIX groups to the migrated NT groups. For that run the following commands:
#net groupmap modify ntgroup=”Domain Admins” unixgroup=root
#net groupmap modify ntgroup=”Domain Users” unixgroup=users
#net groupmap modify ntgroup=”Domain Guests” unixgroup=nobody
These commands will map all the in-built groups but if you have your own customized group then you can map them like this:
#net groupmap modify ntgroup=”your_custom_nt_group”
unixgroup=your_custom_unix_group
This is the time to migrate user profiles. For that, first copy the profile directory for all the users to the folder that we created and shared as profiles. In this case it is /opt/pro. The profiles should be saved in a directory which has the same name of the user and would be in /opt/pro path. For example the profiles for Administrator should be copied into /opt/pro/Administrator directory.
We are almost through, except for promoting your Linux machine as the PDC. To do this, open the /etc/samba/smb.conf file and change the entry Domain Master = No to Domain Master = Yes and remove your NT domain controller from the network.
Finally, restart the samba server by
#/etc/inie.d/smb restart
And your job is done.
Anindya Roy