38.7 Migrating a Windows NT Server to Samba
Apart from the Samba and LDAP configuration, the migration of a Windows
NT server to a SUSE Linux Enterprise Server Samba server consists of two basic steps. First,
migrate profiles then migrate accounts.
38.7.1 Preparing the LDAP Server
The first step of your migration should be the configuration of the
LDAP server. You need to add base DN information and entries for accounts
of your software clients with passwords. Detailed information about LDAP
configuration is provided in Section 37.0,
LDAP—A Directory Service.
It is not necessary to configure it all manually. You can use scripts
from smbldap-tools. These scripts are part of the package samba-doc and, after installation of the
package, are available in
/usr/share/doc/packages/samba/examples/LDAP.
NOTE: LDAP and Security
The LDAP administration DN should be an account other than Root DN. To
make the network more secure, you can also use a secure connection with
TSL.
38.7.2 Preparing the Samba Server
Before you start migration, configure your Samba server.
Find configuration of profile,
netlogon, and home shares in the
tab of the YaST module. To do the default value, select the share and
click
.
To add LDAP configuration for your Samba server and the credentials of the LDAP
administrator, use the tab of the YaST
module. The LDAP administration DN (label
) and password are essential to add or
modify accounts stored in the LDAP directory.
38.7.3 Migrating the Windows Profiles
For every profile to migrate, complete these steps:
Migrating a Profile
-
On your NT4 domain controller, right-click then select . Select the
tab.
-
Select a user profile you to migrate and click
it.
-
Click .
-
In , add your new path,
for example, c:\temp\profiles.
-
Click in
.
-
Click . To close the box,
click .
-
To finish saving the profile, click
.
-
Copy saved profiles to the appropriate profile directories
on your Samba server.
38.7.4 Migrating the Windows Accounts
The Account Migration Process
-
Create a BDC account in the old NT4 domain for the Samba server
using NT Server Manager. Samba must not be running.
net rpc join -S NT4PDC -w DOMNAME -U Administrator%passwd net rpc vampire
-S NT4PDC -U administrator%passwd pdbedit -L
-
Assign each of the UNIX groups to NT groups:
Example 38-6
Example Script initGroups.sh
#!/bin/bash #### Keep this as a shell script for future re-use #
Known domain global groups net groupmap modify ntgroup="Domain Admins"
unixgroup=root net groupmap modify ntgroup="Domain Users"
unixgroup=users net groupmap modify ntgroup="Domain Guests"
unixgroup=nobody # Our domain global groups net groupmap add
ntgroup="Operation" unixgroup=operation type=d net groupmap add
ntgroup="Shipping" unixgroup=shipping type=d
-
Check that all groups are recognized:
net groupmap list