I have been doing research on the internet for several days but I have not
yet found the best way to proceed to meet these specific needs:
I work in a company with about 1000 employees where my predecessor unix
system administrator had configured samba 3 in the best way to meet the
needs of the company at that time without Active Directory, but now
unfortunately or fortunately , the management of the network is on my
hands, alone. I never managed Active Directory, samba was enough at that
time.
The current installed Samba 3 uses the simple smbpasswd as passwd backend,
nis (without openldap and without kerberos), automount (to mount homes and
folder group from other linux) and to manage the users and group folders it
uses the simple standard posix managed by chmod behind samba (not ACL
through setfacl).
But recently we have to connect to a AD root domain in a forest and it's
mandatory by company policy, so I have to introduce Active Directory too.
Straight up, the ideal target is to add AD as a single sign-on, users will
join to the AD domain and mount the shared linux resources from samba 4
keeping the actual directory structure shared (home users, directory
groups), this is because we want to migrate to the two domains gradually
and not in one shot. I know users have to be recreated on AD :(
The online documentations that I found say howto join from linux to AD
using winbind and sssd, but it's not clear how to map gid to the existing
uid on linux (keeping the linux current users), and even if possible how to
override the access posix behind samba (I mean chmod/chown on files not on
smb.conf)?
My idea is to install a new linux server like centos 7.2, setup samba4 and
mount through autofs the resources, join samba4 to AD, remap folders from
gpo and continue to use samba 3 for the old domain and samba4+AD for the
new domain on the two but same samba's shared resources....is it possible!?
Users save on the same map network folder keeping the same data. What is
the best way to combine samba to AD keeping the same shared resources
structure managed on samba3?
I would appreciate your advice on approach! Thank you.
--
Vincenzo De Sanctis