Not sure about your setup, but it has been my experience that monkeying
around in uncharted territory for mission critical systems is not the
best policy.  Again, without knowing your setup it's hard for me to say.
Is the ill 2K sbs the only server M$ server available, or are there
others in the fleet.  If there are others, I would say DCpromo one of
the others, and move the services over.  Once you are stable again, then
it's safer & less pressure trying to get an open source samba pdc/
openldap going.  Another option is backup your AD, and whatever else is
important, nuke the 2K OS, reinstall 2Ksbs (or 2k+3 if available), and
restore your services.  This again is safe.  One last thing, if you are
running Exchange over there, then forget about it.  This is a tough
task, and not really recommended.  If no exchange, then no problem.

You are probably thinking thanks for nothing, as I already know this.
Well, I just wanted to mention it is all.  Since you already have the M$
licenses, then what the heck, just redo it.

For the open source setup, not sure how much you are using you AD.  If
you mainly just need it for logins, then all you need is samba setup to
be a PDC.  There are many how to's on how to do this laying around the
net.  If you need more of the other functionality from the AD, then you
must also implement something like openldap to carry that load.  

I still run a 2k+3 sbs AD at HQ (not happy about that), but I was able
to setup a couple Slackware boxes for two remote offices to act as
seconday PDC's and setup openldap on each Slack box as well.  This was
not as easy as I thought, and I think other distros have some easier
tools/software to help with this.  

Good Luck!


Bob De Mars
IT Manager
T: 651 925 1510       bob at grunners.com
Cell: 612 850 6940   www.grunners.com
-----Original Message-----
From: tclug-list-bounces at mn-linux.org
[mailto:tclug-list-bounces at mn-linux.org] On Behalf Of Joshua Radke
Sent: Thursday, April 09, 2009 6:25 PM
To: Twin Cities Linux Users
Subject: [tclug-list] AD -> Samba Migration

Our Windows 2000 SBS AD server has been terminally infected with a 
variant of the Virut virus.  It will die soon, as will single sign-on,  
DNS, DHCP, and WINS.

DNS will be easy to migrate.  There are numberous writeups on DHCP/WINS 
(I seem to recall), but I'm going into uncharted territory with the user

migration.  I'm not even certain exactly what type of implementation I 
really need.  Here are some possibilities:

http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-pdc.htm
l 
(Just samba)

http://www.howtoforge.com/openldap-samba-domain-controller-ubuntu7.10 
(with OpenLDAP)

It also seems possible to do Samba/Kerberos (I lost the reference for 
now ... I know, lmgtfy)

I'm not certain where to go, and our company is looking to hire someone 
who has either experience in this, or has some Windows Domain 
Authentication/active directory/LDAP background, which is the greatest 
gaping hole in our understanding.

The timescale is as soon as possible (I'm not sure how long it will be 
until one of the borked services writes to null again).  Please drop me 
a line.

Best,

Josh




_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
tclug-list at mn-linux.org
http://mailman.mn-linux.org/mailman/listinfo/tclug-list