a journey from 170 samba3 nt4 domains to 1 unified samba
play

A journey from 170 Samba3-NT4 domains to 1 unified Samba-AD domain - PowerPoint PPT Presentation

Apr 29, 2023 •289 likes •601 views

A journey from 170 Samba3-NT4 domains to 1 unified Samba-AD domain with 8000 users Denis Cardon, 6th June 2016 They did not know it was impossible so they did it - Mark TWAIN T ranquil IT IT company in Nantes, France, since 2002

  1. A journey from 170 Samba3-NT4 domains to 1 unified Samba-AD domain with 8000 users Denis Cardon, 6th June 2016

  2. « They did not know it was impossible so they did it » - Mark TWAIN

  3. T ranquil IT ● IT company in Nantes, France, since 2002 ● Largest Samba-AD integrator in France ● Editor of Wapt software deployment solution ● Good beer drinkers

  4. Culture in France ● In France all is about culture – Wine, Cheese, Castles, Museum, Litterature, Philosophy, etc. ● So we have a Ministry in charge of that ! ● Not mission critical, but important anyway !

  6. Ministry of Culture Migration ● Working with regional branches for 12 years ● Collaboration with IT team to restructure whole identity management starting 2016 ● Architecture historically based on – Central LDAP for business applications – 170 domains for workstation authentication

  7. Why Samba ?

  8. Samba in France, French stereotype Some say French people are... ● chauvinistic ● greedy ● anti-English/American ● self indulgent ● arrogant, etc.

  10. Samba in France, a Fertile Ground ● What a better place for Samba to foursish! – free as in beer, free as in speech, anti Microsoft zealot – (General de Gaulle syndrom) ● Samba3-NT4 historically strong – administrations, schools, universities, research labs, hospitals, private companies, etc. ● Fertile ground for Samba-AD

  11. Ministry of Culture Migration ● state of affairs in 2013 : – mostly Samba3-NT4 domains – some Microsoft AD 2k3, 2k8 (and 1 NT4) – IT management mostly de-centralized – No strict specification for domain management

  12. Regional Initiative, 2013 ● Regional initiative in early 2013 ● migrating the « Pays de Loire » regional branch ● from Samba3-NT4 ● Samba-AD 4.0 – great minefield – In Samba team we trust !

  13. Regional initiative, 2014 ● Regional initiative, 2014 ● Migrating Limousin regional branch ● Aging Windows NT4 domain… ● same setup, works great !

  14. January 4th 2016 ● First incoming business call of the year 2016... ● « we want the same thing » ● regional initiative become a national one ● one big domain, all merged !

  15. Samba 4.3 Everywhere !

  16. Ministry of Culture Migration ● Samba 4.3 not ready for large domains ● intermediate step : 16 domains – 1 central administration – 15 regional branches ● IMHO, the best choice – from a technical perspective – from a human perspective –

  17. Ministry of Culture Migration ● Cyberspace landscape evolving rapidly – Many more threats everyday – Local Area Network / Endpoints are the new target ● Local Area Network security is Lame ! ● Same network → same security level

  18. Ministry of Culture Migration Phase1 ● Phase 1 : – Merge into 16 domains, cleanup, normalisation – 170 physical sites : France, Corsica, Martinique, Guadeloupe, Guyane, Réunion, etc. – a lot of travel, many souvenirs ! ● at the same time – normalise username and groups, linux distribution, virtualization, etc.

  19. Ministry of Culture Migration ● Server side migration automation – ansible playbook for creating / preconfiguring CentOS VM – ansible playbook for creating / join new DC – ansible playbook for normalizing SID on fileserver

  20. Ministry of Culture Migration, Phase 1 ● Client side migration automation – WAPT inventory – profile migration – WAPT scripting – Python rocks !

  21. Migration tools ● Scripting, scripting, scripting... – python-ldb – samdb ● set-nt-hash hack ● Wapt ● Talking, talking, talking… – human cannot yet be scripted :-)

  22. Ministry of Culture Migration, Phase 2 ● Phase 2 : – samba 4.7 ready for 8k users domain – Merge 16 domains into 1 domain – More cleanup, more normalization – Less travel (only going to main sites) – Automatic AD user management directly from HR system

  23. Ministry of Culture Migration, Phase 2 ● Almost finished ! – 166 sites merged, only 4 left – merging finished at the end of the month – One directory to rule them all !

  24. Ministry of Culture Migration, Security Hardening ● Security Hardening – disabling NetBIOS, SMB1, NTLMv1, etc. – more RODC – lesser right policy on AD objects ● more automation – Ansible for servers, decrease « time to patch » – Wapt for Clients

  25. Herding the Flock ● Many other already following suit – Ministry of Finance (1 domain, already 35k desktop migrated, 1k per week, aim at 150k desktops) – Ministry of Environment (46 domains, 25k desktops) – Ministry of Agriculture central administration (1 domain, 2k desktops) – French navy

  26. Herding the Flock ● And many other catching up ! – interministries regional branches (DDI) – Education ministry ● academic region of new Aquitaine, Britanny, Normady, Centre, etc.

  27. Samba Everywhere !

  28. What’s Next ? ● Financing model not easy ● Being as good as MS-AD not sufficient ● Need to find revenue stream – SaaS (Samba-AD as a Service?) – Packaged product with support ? – have more sensible defaults ?

  29. The end ! ● a big thank to – Samba team – Ministry of Culture team – Tranquil IT team – To you all, no tomatoes thown yet...

  30. ● Any question ? ● dcardon@tranquil.it ● #tranquil_it

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The Important Details Of Windows Authentication Stefan Metzmacher <metze@samba.org> Samba

The Important Details Of Windows Authentication Stefan Metzmacher <metze@samba.org> Samba

The Important Details Of Windows Authentication Stefan Metzmacher <metze@samba.org> Samba Team / SerNet 2017-05-04 https://samba.org/~metze/presentations/2017/SambaXP/ Topics Windows Domains, Forests and Trusts Netlogon Secure

497 views • 34 slides
One year with GitLab Catalysts Samba Team Our journey today Bootstrap GitHub

One year with GitLab Catalysts Samba Team Our journey today Bootstrap GitHub

One year with GitLab Catalysts Samba Team Our journey today Bootstrap GitHub GitLab Background and statjstjcs Your custom image here Has it been it too hard to contribute to Samba? Where did our new contributors go?

655 views • 42 slides
Samba in the Enterprise : Samba 3.0 and beyond By Jeremy Allison jra@samba.org

Samba in the Enterprise : Samba 3.0 and beyond By Jeremy Allison jra@samba.org

Samba in the Enterprise : Samba 3.0 and beyond By Jeremy Allison jra@samba.org jeremy.allison@hp.com Where we are now : Samba 2.2 The current Samba is a credible replacement for a Windows server providing file and

529 views • 19 slides
Finally Curing The Identity Crisis? (ID-Mapping Re-Re-Re-Visited) sambaXP 2011 Michael Adam

Finally Curing The Identity Crisis? (ID-Mapping Re-Re-Re-Visited) sambaXP 2011 Michael Adam

Finally Curing The Identity Crisis? (ID-Mapping Re-Re-Re-Visited) sambaXP 2011 Michael Adam obnox@samba.org Samba Team / SerNet 2011-05-10 Mini History of ID Mapping in Samba3 up to 3.0.24 simple single configuration idmap backend

623 views • 51 slides
Implementing the Witness protocol in Samba Gnther Deschner <gd@samba.org> (Red Hat /

Implementing the Witness protocol in Samba Gnther Deschner <gd@samba.org> (Red Hat /

Implementing the Witness protocol in Samba Gnther Deschner <gd@samba.org> (Red Hat / Samba Team) About Samba and RedHat Currently 7 Samba Team members inside RedHat Creators and users of Samba technology for authentication

836 views • 45 slides
Samba Witness Protection Programming Samuel Cabrero scabrero@suse.com David Disseldorp

Samba Witness Protection Programming Samuel Cabrero scabrero@suse.com David Disseldorp

Samba Witness Protection Programming Samuel Cabrero scabrero@suse.com David Disseldorp ddiss@samba.org Agenda Clustered Samba Witness Protocol Demo Outlook Clustered Samba Samba File and print server SMB / CIFS, SMB2

428 views • 40 slides
Samba and the road to Python3 Noel Power SUSE/Samba team noel.power@suse.com npower@samba.org

Samba and the road to Python3 Noel Power SUSE/Samba team noel.power@suse.com npower@samba.org

Samba and the road to Python3 Noel Power SUSE/Samba team noel.power@suse.com npower@samba.org Agenda Reasons to move to Python3 What is supported in what release Some history of the porting effort Challenges Lessons learned

815 views • 19 slides
SMB3 Multi-Channel in Samba ... Now Really! Michael Adam Red Hat / samba.org sambaXP -

SMB3 Multi-Channel in Samba ... Now Really! Michael Adam Red Hat / samba.org sambaXP -

SMB3 Multi-Channel in Samba ... Now Really! Michael Adam Red Hat / samba.org sambaXP - 2016-05-11 Introduction SMB - mini history SMB: created around 1983 by Barry Feigenbaum, IBM SMB in Lan Manager: around 1990 SMB in Windows for

1.29k views • 58 slides
Tools for the Vagabonding Samba Developer sambaXP 2015 Michael Adam Samba Team / Red Hat May

Tools for the Vagabonding Samba Developer sambaXP 2015 Michael Adam Samba Team / Red Hat May

Tools for the Vagabonding Samba Developer sambaXP 2015 Michael Adam Samba Team / Red Hat May 21, 2015 We use a lot of VMs and containers for testing and building Samba. The setup and maintenance of these machines requires a lot of work. How

351 views • 20 slides
Samba's AD DC: Samba 4.2 and Beyond Presented by Andrew Bartlett of Catalyst // 2014-09 About me

Samba's AD DC: Samba 4.2 and Beyond Presented by Andrew Bartlett of Catalyst // 2014-09 About me

Samba's AD DC: Samba 4.2 and Beyond Presented by Andrew Bartlett of Catalyst // 2014-09 About me Andrew Bartlett Samba T eam member since 2001 Working on the AD DC since 2006 These views are my own, but I do with to thank:

856 views • 36 slides
Faking a Failover Over the Top With Samba Clusters Christopher R. Hertel Samba Team May 2017

Faking a Failover Over the Top With Samba Clusters Christopher R. Hertel Samba Team May 2017

Faking a Failover Over the Top With Samba Clusters Christopher R. Hertel Samba Team May 2017 Introductions Introductor a t i o n a r y e s q u e n e s s e si s m Me: Samba Team Elder SMB Wizard with: The opinions expressed are my

874 views • 21 slides
Status of SMB2 and SMB3 development in Samba SDC 2012 Michael Adam obnox@samba.org Samba Team /

Status of SMB2 and SMB3 development in Samba SDC 2012 Michael Adam obnox@samba.org Samba Team /

Status of SMB2 and SMB3 development in Samba SDC 2012 Michael Adam obnox@samba.org Samba Team / SerNet 2012-09-17 Hi there! Oh ... ... please interrupt with questions! Michael Adam SMB2+ in Samba (3 / 20) SMB2 in Samba Only SMB 2.0

1.35k views • 75 slides
Samba and the road to 100,000 users Presented by Andrew Bartlet Samba Team - Catalyst / / SambaXP

Samba and the road to 100,000 users Presented by Andrew Bartlet Samba Team - Catalyst / / SambaXP

Samba and the road to 100,000 users Presented by Andrew Bartlet Samba Team - Catalyst / / SambaXP 2017 Andrew Bartlet Samba developer since 2001 Working on the AD DC since soon afuer the start of the 4.0 branch, since 2004! Driven to

664 views • 44 slides
A Few things happened on the way to LMDB Presented by Andrew Bartlet Samba Team - Catalyst / /

A Few things happened on the way to LMDB Presented by Andrew Bartlet Samba Team - Catalyst / /

A Few things happened on the way to LMDB Presented by Andrew Bartlet Samba Team - Catalyst / / June 2018 Samba is a member project of the Sofuware Freedom Conseraancy Andrew Bartlet and Catalysts Samba Team Samba Deaeloper since 2001

436 views • 30 slides
Using the Samba Testsuite Andrew Tridgell Samba Team tridge@osdl.org Torture yourself! The

Using the Samba Testsuite Andrew Tridgell Samba Team tridge@osdl.org Torture yourself! The

Using the Samba Testsuite Andrew Tridgell Samba Team tridge@osdl.org Torture yourself! The Samba4 torture suite is an extensive, general purpose CIFS test suite. It is not Samba specific. All CIFS vendors should take advantage of it to

377 views • 21 slides
MIT KDC integration Andreas Schneider <asn@samba.org> G unther Deschner

MIT KDC integration Andreas Schneider <asn@samba.org> G unther Deschner

MIT KDB Design Ongoing development Remaining bits Heimdal sacrifices MIT KDC integration Andreas Schneider <asn@samba.org> G unther Deschner <gd@samba.org> Red Hat May 21th, 2015 Andreas Schneider <asn@samba.org> G

1.17k views • 29 slides
2nd LBS Webinar Series This webinar will begin at 12:01 Et Creative and Innovation: Your

2nd LBS Webinar Series This webinar will begin at 12:01 Et Creative and Innovation: Your

2nd LBS Webinar Series This webinar will begin at 12:01 Et Creative and Innovation: Your Unique Competitive Advantage Tim burt Creative Expert Training I love LBS because of the video commentary and training tools it has to offer. I have

986 views • 70 slides
AdS/CFT and Bubbling Geometries: Going Beyond the BPS Sector Sera Cremonini University of

AdS/CFT and Bubbling Geometries: Going Beyond the BPS Sector Sera Cremonini University of

AdS/CFT and Bubbling Geometries: Going Beyond the BPS Sector Sera Cremonini University of Michigan Great Lake Strings, Madison, April 26 2007 Outline Outline AdS/CFT and Bubbling Picture BPS sector (LLM) Bubbling with less

342 views • 20 slides
Electrospun nanofiber materials for high power target applications Sujit Bidhar 21-22 nd Sept.,

Electrospun nanofiber materials for high power target applications Sujit Bidhar 21-22 nd Sept.,

FERMILAB-SLIDES-17-017-AD Electrospun nanofiber materials for high power target applications Sujit Bidhar 21-22 nd Sept., 2017 J-PARC, Tokai, Japan This manuscript has been authored by Fermi Research Alliance, LLC under Contract No.

641 views • 40 slides
CASE STUDY: MEDICAL COMPANY Client who sells medical devices Large ad spend managing 6

CASE STUDY: MEDICAL COMPANY Client who sells medical devices Large ad spend managing 6

I S A AC R U DA N S KY GOOGLE ADS M ASTERC LASS Highlight what makes your company unique On mobile, make sure to always show call and location extensions (if applicable) Benefits over features is a myth why? Know your

270 views • 5 slides
he ur Operated by Triad National Security, LLC for the U.S. Department of Energy's NNSA Los

he ur Operated by Triad National Security, LLC for the U.S. Department of Energy's NNSA Los

he ur Operated by Triad National Security, LLC for the U.S. Department of Energy's NNSA Los Alamos National Laboratory LA-UR-19-24811 Understanding Storage System Challenges you for Parallel Scientific Simulations nt wo Brad Settlemyer

624 views • 27 slides
IF THEY LIKE YOU, THEY WILL COME: FACEBOOK ADS FOR YOUR LIBRARY Allison Moonitz, Assistant

IF THEY LIKE YOU, THEY WILL COME: FACEBOOK ADS FOR YOUR LIBRARY Allison Moonitz, Assistant

IF THEY LIKE YOU, THEY WILL COME: FACEBOOK ADS FOR YOUR LIBRARY Allison Moonitz, Assistant Director Kurt Hadeler, Director Mahwah Public Library WHO ARE WE? WHATS SO SPECIAL ABOUT SOCIAL NETWORKING ANYWAY? WHERE DO WE FIT IN? HAVE A

930 views • 38 slides
Brand Purpose: Dont fake it to make it Graham Page, Global Managing Director of Media

Brand Purpose: Dont fake it to make it Graham Page, Global Managing Director of Media

Brand Purpose: Dont fake it to make it Graham Page, Global Managing Director of Media Analytics, Affectiva Purpose is powerful, right? Strong evidence for the value of brand purpose Consumer Employee Financial Demand Preference

348 views • 18 slides
A-588-867 Investigation Public Document Operations (6): NC OFFICE OF AD/CVD OPERATIONS

A-588-867 Investigation Public Document Operations (6): NC OFFICE OF AD/CVD OPERATIONS

A-588-867 Investigation Public Document Operations (6): NC OFFICE OF AD/CVD OPERATIONS INITIATION CHECKLIST ___ SUBJECT: Antidumping Duty Petition on Metal Calendar Slides from Japan CASE NUMBER: A-588-867 ___ PETITIONER: Stuebing Automatic

670 views • 16 slides

More recommend