Re: Windows Server to Debian migration
Joseph H. Fry wrote:
I am the network administrator for one school of my university and I am
considering migrating our Windows 2000 Server to Debian due to some
stability issues and of course the financial factors.
We only have one windows server in the network and it is providing nearly
every service offered on our network. It is configured with Active
Directory and DNS, serves student web pages, provides ftp access, acts as a
file server, authenticates logins, and is probably used to send pornographic
spam to the children of th world when I'm not paying attention.
Being one of Microsofts finest products, it provides ALMOST an entire week
of solid performance before a yet unknown application kills the server
process preventing all logins including logging into or unlocking the
console, meaning it requires a press of the power button to shutdown
windows. The weekly reboots required to keep the server functional are
annoying because they always seem to be required when it is least convienant
for me to make the 30 min ride into work to press the power button twice and
drive home... so its time to start working toward a more stable solution.
I've been researching this problem for over 6 months trying every far-out
idea I come across to find the cause to no avail... I give up, so either I
rebuild the network with W2K server, or go with linux. Considering I'll
never get the funds to upgrade to a new Windows server version in the
future, likely forcing me to go with linux at that point; I figure I'll just
get ahead of the game and go linux now.
My questions for all of you very helpful type people are:
1. The server is a Dell PowerEdge 2500 dual Xeon, 1GB RAM with a PERC 3/Di
RAID controller, would I have any issues with hardware support? I'm pretty
sure I'll be ok, but I'd love to have someone tell me that it's better than
supported... It's flawless." Or something close!
Almost! I'd say everything will work fine except the PERC raid, which is
just a "hardware-assisted" software RAID. Simply use the kernel's
built-in software RAID which works a treat.
2. Is it possible to build and configure the server on a spare workstation,
then when I am satisfied with the configuration and have tested everything,
migrate the configuration from the workstation to the actual server hardware
(I can't afford the down time it would take my newbie ass to install and
configure everything). If so, how difficult is this and could I get a rough
overview of the process to get my research started?
You should certainly be able to do this, although moving everything over
from one machine to another might be more complex than you think:
different motherboards and PCI cards will mean different drivers, so try
not to configure-in too much: I suggest letting discover do most of this
anyway.
3. I currently have 3 Debian servers on the network, one LAMP server for
our intranet and two 750 GB file servers (one's a rsnapshot backup of most
of the other) providing data storage, and disk based backups of the windows
server. The file servers currently use winbind to authenticate their Samba
shares to the Active Directory... What will I have to do so that these
servers will still allow access once the Windows Server is gone. Will I
have to create 200+ users on each of my Samba servers, or should I use some
sort of central authentication. Any advice on this issue would be welcome.
Samba can act as a PDC, not sure it can work as an AD server yet.
Certainly, you can import your AD directory into OpenLDAP and get Samba
to authenticate against that, but in either case you'll most likely need
to go round changing stuff on each workstation that uses the AD server
to switch things around. I'm no Windows expert however!
As for people mentioning OpenLDAP crashing often: it certainly can do,
however you can quite easily set up a monitoring package like monit to
make sure everything is up all the time. monit has saved my ass more
times than I wish to count.
4. Our windows server currently runs Symantec AV daily to try to keep the
spread of viruses via the file server at a minimum... Is there a equally
good free product for linux that I could use to scan the user data. I'm not
worried much about protecting the server from viruses cuz I know there
aren't many for linux... But I'd hate to have my users (who can't seem to
sit at the same computer twice) to spread it around my labs.
I highly recommend ClamAV as a virus scanner on Linux. I have it
scanning all mail going through my server and not once has it let
anything through at all. Of course it can scan the filesystem and can
even integrate with Samba, although I'm not sure the Debian version of
Samba works this way. Certainly nothing a cron job can't be knocked up
to do.
5. Considering that I'm fairly inexperienced with linux I would have to say
that it is likely that my current windows server is more secure than
anything I would put together with linux, apart from the rediculous holes
within the OS itself anyway. Is there an easy way to ensure a resonable
level of security without needing to research too deep into securing linux,
securing apache, securing ftp, securing... I don't have the time to do much
more than keep it patched once it's set up. The server is behind a BSD
router that is managed by someone far more experienced with such things than
I, so other than the few ports I'll have forwarded in the router (SSH, HTTP,
FTP) the server should be relatively safe from outside attacks.
The Securing Debian Manual
(http://www.debian.org/doc/manuals/securing-debian-howto/) is about the
best thing I've ever found. As mentioned previously Bastille and Tiger
tend to waste more time than close security holes in my opinion. Just
get a good firewall and make sure only the appropriate users can perform
administration or login to a console.
6. Any suggestions about migrating users and their data?
As I said above Samba + OpenLDAP is probably your best choice here.
Linux boxen can authenticate right against LDAP, and Windows users can
use Samba.
7. Finally, other than the Debian GNU/Linux 3.1 Bible, which I understand
is the best resource for all things Debian... Are there any other texts I
shouldn't go without in this quest.
I'm not a good one for manuals, I've learnt just about everything I know
simply by experimenting. That being said, /usr/share/doc on an installed
system can be your biggest source of information. And don't forget the
-doc packages as well!
I'm sorry this is such a long post, I just wanted to try and answer all your
potential questions before they were asked. I'm not looking for a detailed
howto, I know how to research and figure things out, I simply have a very
hard time deciding what is the best approach to most things in linux. That
and any pitfalls to watch outfor or issues I'm likely to face if I follow
your suggestions would be great so I don't get discouraged before I'm done.
Once completed, this will be a far more complicated solution than I have
ever implemented with linux, so please try to take it easy. I'm still a
newbie, hopefully I'll feel deserving of a better title once the project is
complete!
Here's 1/2 ton of thanks in advance, other half on completion of the
project!
Joe
Hope it helps!
Chris
--
Chris Boot
bootc@bootc.net
http://www.bootc.net/
Reply to: