Voting Chart

Total votes : 5

Think this will work?

  •  
    Yes - should be fun
  •  
    Yes - tough one....
  •  
    Screwed.. Good luck with creating new accounts.

About to get in way over my head - Windows to Unix migration

  • Sunburnt Yeti
  • Beginner
  • Beginner
  • User avatar
  • Posts: 38
  • Loc: Reagan Test Site - Kwajalein Atoll, Rep. Marshall Islands

Post 3+ Months Ago

Okie dokie...

We're looking to move from Windows AD to UNIX due to licensing issues that are about to come up....

Any easy way to migrate AD users/pwd's to UNIX?

Should I rephrase that to....

is there a way to migrate AD users/stuff to UNIX? (I'm sure it's not going to be graceful and easy).

Got a userbase of only about 1050 accounts. Cannot do a "change password on next login" because the users will be on RADIUS (basically I'm running the small free ISP for a bunch of gov. contractors on an island in the pacific).

Any ideas on how I should move forward?
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • Sunburnt Yeti
  • Beginner
  • Beginner
  • User avatar
  • Posts: 38
  • Loc: Reagan Test Site - Kwajalein Atoll, Rep. Marshall Islands

Post 3+ Months Ago

Alittle history.

We're having to move to an authenticated dial-in due to people passing around viruses/DOS attacks/bounce attacks.... Some kiddies on island think they're little hackers now....

Currently using a few old Max2000 dial-in boxes... We've put in a Cisco AS5400 to do the new dial-in..... We were going to move everything to Win 2k3 Server, however when it comes down to it we can't get enough funding for all the CAL's needed for the users on island. So we're wanting to go cheaper, and what's cheaper than free/open source?
  • this213
  • Guru
  • Guru
  • User avatar
  • Posts: 1260
  • Loc: ./

Post 3+ Months Ago

OK, well that depends on your idea of fun.

If you've got no or little *nix experience, it might not be so fun.

What you're going to need is Samba (v3 or better), Kerberos and LDAP all playing nicely together. Even if you're not doing this with Gentoo, this should help you: http://gentoo-wiki.com/HOWTO_Implement_ ... s_your_PDC

Looking at what you're doing though, do you really have a need to create a domain for your dialup users? What network resources do you want them to have access to other than the connection itself?
  • Sunburnt Yeti
  • Beginner
  • Beginner
  • User avatar
  • Posts: 38
  • Loc: Reagan Test Site - Kwajalein Atoll, Rep. Marshall Islands

Post 3+ Months Ago

No, they technically do not *need* to be on a domain, we just need to authenticate the users.....

Biggest thing, like I said, is that I don't want to have to go through and recreate the passwords for the users (it was published to the users out here, and some have already changed their passwords)... So if I had to recreate the accounts and reset their passwords we'd run into the issue of having to spend man-hours (mine!) printing up 1k forms and sending them back through the mail service out here (granted, the MPS service is free for local stuff, but that's a lot of man-hours).

I'm interested if there's an ability to 'merge' the users and get them transfered in some way or another....

And i'm an *nix n00b, so I'm sure that's not helping too much (don't know much about it so I don't know it's abilities/inabilities).
  • this213
  • Guru
  • Guru
  • User avatar
  • Posts: 1260
  • Loc: ./

Post 3+ Months Ago

This will show you how to export your users from your current PDC. This will give you an actual data file which you can then build a script around to import into LDAP. http://support.microsoft.com/kb/q237677/

Once you have your users in LDAP, you'll need to configure radius to use the PAM LDAP module.

I'm assuming your running your radius server from a Linux box (freeRadius), if this isn't the case, your options may be further limited - meaning you'll be either stuck using a Windows PDC or manually entering accounts into your new Radius server. If you're not running your Radius server from a Linux box, it may be more worthwhile for you to build a Linux box just for this (time == $ as you point out).
  • Sunburnt Yeti
  • Beginner
  • Beginner
  • User avatar
  • Posts: 38
  • Loc: Reagan Test Site - Kwajalein Atoll, Rep. Marshall Islands

Post 3+ Months Ago

Many thanks....


Yes, we're using a linux box (RHEL4) and we're running freeradius on it.... We were discussing it between myself and the DBA's on how we wanted to organize the users... I'm guessing LDAP is going to be the way to go....

Once again, many thanks....
  • this213
  • Guru
  • Guru
  • User avatar
  • Posts: 1260
  • Loc: ./

Post 3+ Months Ago

LDAP is going ot be pretty much the only way to go. Well, not really, but it's the only sensible way to go (IMHO).

I saw somewhere once a script that actually exported AD to an LDAP injection script (can't find it now - but it's out there somewhere)

Here's an LDAP implementation HOWTO which should give you just about everything you need to get set up once your users are in LDAP: http://www.faqs.org/docs/Linux-HOWTO/LD ... HOWTO.html

Post Information

  • Total Posts in this topic: 7 posts
  • Users browsing this forum: No registered users and 36 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
cron
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.