a journey from 170 samba3 nt4 domains to 1 unified samba
play

A journey from 170 Samba3-NT4 domains to 1 unified Samba-AD domain - PowerPoint PPT Presentation

Apr 29, 2023 •289 likes •601 views

A journey from 170 Samba3-NT4 domains to 1 unified Samba-AD domain with 8000 users Denis Cardon, 6th June 2016 They did not know it was impossible so they did it - Mark TWAIN T ranquil IT IT company in Nantes, France, since 2002

  1. A journey from 170 Samba3-NT4 domains to 1 unified Samba-AD domain with 8000 users Denis Cardon, 6th June 2016

  2. « They did not know it was impossible so they did it » - Mark TWAIN

  3. T ranquil IT ● IT company in Nantes, France, since 2002 ● Largest Samba-AD integrator in France ● Editor of Wapt software deployment solution ● Good beer drinkers

  4. Culture in France ● In France all is about culture – Wine, Cheese, Castles, Museum, Litterature, Philosophy, etc. ● So we have a Ministry in charge of that ! ● Not mission critical, but important anyway !

  6. Ministry of Culture Migration ● Working with regional branches for 12 years ● Collaboration with IT team to restructure whole identity management starting 2016 ● Architecture historically based on – Central LDAP for business applications – 170 domains for workstation authentication

  7. Why Samba ?

  8. Samba in France, French stereotype Some say French people are... ● chauvinistic ● greedy ● anti-English/American ● self indulgent ● arrogant, etc.

  10. Samba in France, a Fertile Ground ● What a better place for Samba to foursish! – free as in beer, free as in speech, anti Microsoft zealot – (General de Gaulle syndrom) ● Samba3-NT4 historically strong – administrations, schools, universities, research labs, hospitals, private companies, etc. ● Fertile ground for Samba-AD

  11. Ministry of Culture Migration ● state of affairs in 2013 : – mostly Samba3-NT4 domains – some Microsoft AD 2k3, 2k8 (and 1 NT4) – IT management mostly de-centralized – No strict specification for domain management

  12. Regional Initiative, 2013 ● Regional initiative in early 2013 ● migrating the « Pays de Loire » regional branch ● from Samba3-NT4 ● Samba-AD 4.0 – great minefield – In Samba team we trust !

  13. Regional initiative, 2014 ● Regional initiative, 2014 ● Migrating Limousin regional branch ● Aging Windows NT4 domain… ● same setup, works great !

  14. January 4th 2016 ● First incoming business call of the year 2016... ● « we want the same thing » ● regional initiative become a national one ● one big domain, all merged !

  15. Samba 4.3 Everywhere !

  16. Ministry of Culture Migration ● Samba 4.3 not ready for large domains ● intermediate step : 16 domains – 1 central administration – 15 regional branches ● IMHO, the best choice – from a technical perspective – from a human perspective –

  17. Ministry of Culture Migration ● Cyberspace landscape evolving rapidly – Many more threats everyday – Local Area Network / Endpoints are the new target ● Local Area Network security is Lame ! ● Same network → same security level

  18. Ministry of Culture Migration Phase1 ● Phase 1 : – Merge into 16 domains, cleanup, normalisation – 170 physical sites : France, Corsica, Martinique, Guadeloupe, Guyane, Réunion, etc. – a lot of travel, many souvenirs ! ● at the same time – normalise username and groups, linux distribution, virtualization, etc.

  19. Ministry of Culture Migration ● Server side migration automation – ansible playbook for creating / preconfiguring CentOS VM – ansible playbook for creating / join new DC – ansible playbook for normalizing SID on fileserver

  20. Ministry of Culture Migration, Phase 1 ● Client side migration automation – WAPT inventory – profile migration – WAPT scripting – Python rocks !

  21. Migration tools ● Scripting, scripting, scripting... – python-ldb – samdb ● set-nt-hash hack ● Wapt ● Talking, talking, talking… – human cannot yet be scripted :-)

  22. Ministry of Culture Migration, Phase 2 ● Phase 2 : – samba 4.7 ready for 8k users domain – Merge 16 domains into 1 domain – More cleanup, more normalization – Less travel (only going to main sites) – Automatic AD user management directly from HR system

  23. Ministry of Culture Migration, Phase 2 ● Almost finished ! – 166 sites merged, only 4 left – merging finished at the end of the month – One directory to rule them all !

  24. Ministry of Culture Migration, Security Hardening ● Security Hardening – disabling NetBIOS, SMB1, NTLMv1, etc. – more RODC – lesser right policy on AD objects ● more automation – Ansible for servers, decrease « time to patch » – Wapt for Clients

  25. Herding the Flock ● Many other already following suit – Ministry of Finance (1 domain, already 35k desktop migrated, 1k per week, aim at 150k desktops) – Ministry of Environment (46 domains, 25k desktops) – Ministry of Agriculture central administration (1 domain, 2k desktops) – French navy

  26. Herding the Flock ● And many other catching up ! – interministries regional branches (DDI) – Education ministry ● academic region of new Aquitaine, Britanny, Normady, Centre, etc.

  27. Samba Everywhere !

  28. What’s Next ? ● Financing model not easy ● Being as good as MS-AD not sufficient ● Need to find revenue stream – SaaS (Samba-AD as a Service?) – Packaged product with support ? – have more sensible defaults ?

  29. The end ! ● a big thank to – Samba team – Ministry of Culture team – Tranquil IT team – To you all, no tomatoes thown yet...

  30. ● Any question ? ● dcardon@tranquil.it ● #tranquil_it

Recommend

The Important Details Of Windows Authentication Stefan Metzmacher <metze@samba.org> Samba

The Important Details Of Windows Authentication Stefan Metzmacher <metze@samba.org> Samba

The Important Details Of Windows Authentication Stefan Metzmacher <metze@samba.org> Samba Team / SerNet 2017-05-04 https://samba.org/~metze/presentations/2017/SambaXP/ Topics Windows Domains, Forests and Trusts Netlogon Secure

497 views • 34 slides
One year with GitLab Catalysts Samba Team Our journey today Bootstrap GitHub

One year with GitLab Catalysts Samba Team Our journey today Bootstrap GitHub

One year with GitLab Catalysts Samba Team Our journey today Bootstrap GitHub GitLab Background and statjstjcs Your custom image here Has it been it too hard to contribute to Samba? Where did our new contributors go?

655 views • 42 slides
Samba in the Enterprise : Samba 3.0 and beyond By Jeremy Allison jra@samba.org

Samba in the Enterprise : Samba 3.0 and beyond By Jeremy Allison jra@samba.org

Samba in the Enterprise : Samba 3.0 and beyond By Jeremy Allison jra@samba.org jeremy.allison@hp.com Where we are now : Samba 2.2 The current Samba is a credible replacement for a Windows server providing file and

529 views • 19 slides
Finally Curing The Identity Crisis? (ID-Mapping Re-Re-Re-Visited) sambaXP 2011 Michael Adam

Finally Curing The Identity Crisis? (ID-Mapping Re-Re-Re-Visited) sambaXP 2011 Michael Adam

Finally Curing The Identity Crisis? (ID-Mapping Re-Re-Re-Visited) sambaXP 2011 Michael Adam obnox@samba.org Samba Team / SerNet 2011-05-10 Mini History of ID Mapping in Samba3 up to 3.0.24 simple single configuration idmap backend

623 views • 51 slides
Implementing the Witness protocol in Samba Gnther Deschner <gd@samba.org> (Red Hat /

Implementing the Witness protocol in Samba Gnther Deschner <gd@samba.org> (Red Hat /

Implementing the Witness protocol in Samba Gnther Deschner <gd@samba.org> (Red Hat / Samba Team) About Samba and RedHat Currently 7 Samba Team members inside RedHat Creators and users of Samba technology for authentication

836 views • 45 slides
Samba Witness Protection Programming Samuel Cabrero scabrero@suse.com David Disseldorp

Samba Witness Protection Programming Samuel Cabrero scabrero@suse.com David Disseldorp

Samba Witness Protection Programming Samuel Cabrero scabrero@suse.com David Disseldorp ddiss@samba.org Agenda Clustered Samba Witness Protocol Demo Outlook Clustered Samba Samba File and print server SMB / CIFS, SMB2

428 views • 40 slides
Samba and the road to Python3 Noel Power SUSE/Samba team noel.power@suse.com npower@samba.org

Samba and the road to Python3 Noel Power SUSE/Samba team noel.power@suse.com npower@samba.org

Samba and the road to Python3 Noel Power SUSE/Samba team noel.power@suse.com npower@samba.org Agenda Reasons to move to Python3 What is supported in what release Some history of the porting effort Challenges Lessons learned

815 views • 19 slides
SMB3 Multi-Channel in Samba ... Now Really! Michael Adam Red Hat / samba.org sambaXP -

SMB3 Multi-Channel in Samba ... Now Really! Michael Adam Red Hat / samba.org sambaXP -

SMB3 Multi-Channel in Samba ... Now Really! Michael Adam Red Hat / samba.org sambaXP - 2016-05-11 Introduction SMB - mini history SMB: created around 1983 by Barry Feigenbaum, IBM SMB in Lan Manager: around 1990 SMB in Windows for

1.29k views • 58 slides
Tools for the Vagabonding Samba Developer sambaXP 2015 Michael Adam Samba Team / Red Hat May

Tools for the Vagabonding Samba Developer sambaXP 2015 Michael Adam Samba Team / Red Hat May

Tools for the Vagabonding Samba Developer sambaXP 2015 Michael Adam Samba Team / Red Hat May 21, 2015 We use a lot of VMs and containers for testing and building Samba. The setup and maintenance of these machines requires a lot of work. How

351 views • 20 slides
Samba's AD DC: Samba 4.2 and Beyond Presented by Andrew Bartlett of Catalyst // 2014-09 About me

Samba's AD DC: Samba 4.2 and Beyond Presented by Andrew Bartlett of Catalyst // 2014-09 About me

Samba's AD DC: Samba 4.2 and Beyond Presented by Andrew Bartlett of Catalyst // 2014-09 About me Andrew Bartlett Samba T eam member since 2001 Working on the AD DC since 2006 These views are my own, but I do with to thank:

856 views • 36 slides
Faking a Failover Over the Top With Samba Clusters Christopher R. Hertel Samba Team May 2017

Faking a Failover Over the Top With Samba Clusters Christopher R. Hertel Samba Team May 2017

Faking a Failover Over the Top With Samba Clusters Christopher R. Hertel Samba Team May 2017 Introductions Introductor a t i o n a r y e s q u e n e s s e si s m Me: Samba Team Elder SMB Wizard with: The opinions expressed are my

874 views • 21 slides
Status of SMB2 and SMB3 development in Samba SDC 2012 Michael Adam obnox@samba.org Samba Team /

Status of SMB2 and SMB3 development in Samba SDC 2012 Michael Adam obnox@samba.org Samba Team /

Status of SMB2 and SMB3 development in Samba SDC 2012 Michael Adam obnox@samba.org Samba Team / SerNet 2012-09-17 Hi there! Oh ... ... please interrupt with questions! Michael Adam SMB2+ in Samba (3 / 20) SMB2 in Samba Only SMB 2.0

1.35k views • 75 slides
Samba and the road to 100,000 users Presented by Andrew Bartlet Samba Team - Catalyst / / SambaXP

Samba and the road to 100,000 users Presented by Andrew Bartlet Samba Team - Catalyst / / SambaXP

Samba and the road to 100,000 users Presented by Andrew Bartlet Samba Team - Catalyst / / SambaXP 2017 Andrew Bartlet Samba developer since 2001 Working on the AD DC since soon afuer the start of the 4.0 branch, since 2004! Driven to

664 views • 44 slides
A Few things happened on the way to LMDB Presented by Andrew Bartlet Samba Team - Catalyst / /

A Few things happened on the way to LMDB Presented by Andrew Bartlet Samba Team - Catalyst / /

A Few things happened on the way to LMDB Presented by Andrew Bartlet Samba Team - Catalyst / / June 2018 Samba is a member project of the Sofuware Freedom Conseraancy Andrew Bartlet and Catalysts Samba Team Samba Deaeloper since 2001

436 views • 30 slides
Using the Samba Testsuite Andrew Tridgell Samba Team tridge@osdl.org Torture yourself! The

Using the Samba Testsuite Andrew Tridgell Samba Team tridge@osdl.org Torture yourself! The

Using the Samba Testsuite Andrew Tridgell Samba Team tridge@osdl.org Torture yourself! The Samba4 torture suite is an extensive, general purpose CIFS test suite. It is not Samba specific. All CIFS vendors should take advantage of it to

377 views • 21 slides
MIT KDC integration Andreas Schneider <asn@samba.org> G unther Deschner

MIT KDC integration Andreas Schneider <asn@samba.org> G unther Deschner

MIT KDB Design Ongoing development Remaining bits Heimdal sacrifices MIT KDC integration Andreas Schneider <asn@samba.org> G unther Deschner <gd@samba.org> Red Hat May 21th, 2015 Andreas Schneider <asn@samba.org> G

1.17k views • 29 slides
New printing protocols in Samba Gnther Deschner <gd@samba.org> Agenda MS16-087

New printing protocols in Samba Gnther Deschner <gd@samba.org> Agenda MS16-087

New printing protocols in Samba Gnther Deschner <gd@samba.org> Agenda MS16-087 RPRN and PAR PAR support detection Print Driver Packages Driver Signing Core Printer Drivers Current state of PAR in

579 views • 45 slides
THE SELFTEST SUITE Testing Samba May 21th, 2015 Andreas Schneider Red Hat Inc. Samba Team Who

THE SELFTEST SUITE Testing Samba May 21th, 2015 Andreas Schneider Red Hat Inc. Samba Team Who

THE SELFTEST SUITE Testing Samba May 21th, 2015 Andreas Schneider Red Hat Inc. Samba Team Who am I? The Selftest Suite Running tests Writing tests ABOUT ME I'm a Free and Open Source Software developer working on: Samba - The domain

383 views • 25 slides
Samba, Quo Vadis? Experimenting with languages the Cool Kids use Kai Blin Samba Team SambaXP

Samba, Quo Vadis? Experimenting with languages the Cool Kids use Kai Blin Samba Team SambaXP

Samba, Quo Vadis? Experimenting with languages the Cool Kids use Kai Blin Samba Team SambaXP 2017 2017-05-03 Intro M.Sc. in Computational Biology Ph.D. in Microbiology Samba Team member 2/45 Overview Programming

776 views • 45 slides
Speeding up Samba by backing up Experiences in implementing and optimizing Active Directory

Speeding up Samba by backing up Experiences in implementing and optimizing Active Directory

Speeding up Samba by backing up Experiences in implementing and optimizing Active Directory features in Samba What has been done in the last year? Samba 4.9 Password and membership change auditing LMDB back-end (semi-experimental)

1.06k views • 49 slides
Sampling in Euclidean and Non-Euclidean Domains: A Unified Approach NIST ACMD Seminar Series

Sampling in Euclidean and Non-Euclidean Domains: A Unified Approach NIST ACMD Seminar Series

Sampling Theory in Euclidean Geometry Geometry of Surfaces Sampling in Non-Euclidean Geometry Application: Network Tomography Sampling in Euclidean and Non-Euclidean Domains: A Unified Approach NIST ACMD Seminar Series Stephen Casey American

1.57k views • 124 slides
Present And Future File Serving With Samba LinuxCon Europe 2014 Michael Adam Samba Team / SerNet

Present And Future File Serving With Samba LinuxCon Europe 2014 Michael Adam Samba Team / SerNet

Present And Future File Serving With Samba LinuxCon Europe 2014 Michael Adam Samba Team / SerNet October 14, 2014 Samba... Michael Adam SambaFS (2/40) Short History 1.9.17: 1996/08 2.0: 1999/01: domain-member, +SWAT 2.2: 2001/04:

553 views • 40 slides
CTDB Stories Amitay Isaacs amitay@samba.org Samba Team IBM (Australia Development Labs, Linux

CTDB Stories Amitay Isaacs amitay@samba.org Samba Team IBM (Australia Development Labs, Linux

CTDB Stories Amitay Isaacs amitay@samba.org Samba Team IBM (Australia Development Labs, Linux Technology Center) Amitay Isaacs CTDB Stories CTDB Project Motivation: Support for clustered Samba Multiple nodes active simultaneously

1.84k views • 156 slides
Samba's Cloudy Future Wider World Opening Windows to a Jeremy Allison Samba Team jra@samba.org

Samba's Cloudy Future Wider World Opening Windows to a Jeremy Allison Samba Team jra@samba.org

Samba's Cloudy Future Wider World Opening Windows to a Jeremy Allison Samba Team jra@samba.org Isn't cloud storage the future ? Wider World Opening Windows to a Yes, but not usable for many existing apps. Cloud Storage is a blob store

317 views • 17 slides

More recommend