I have been doing research on the internet for several days but I have not yet found the best way to proceed to meet these specific needs:
I work in a company with about 1000 employees where my predecessor unix system administrator had configured samba 3 in the best way to meet the needs of the company at that time without Active Directory, but now unfortunately or fortunately , the management of the network is on my hands, alone. I never managed Active Directory, samba was enough at that time.
The current installed Samba 3 uses the simple smbpasswd as passwd backend, nis (without openldap and without kerberos), automount (to mount homes and folder group from other linux) and to manage the users and group folders it uses the simple standard posix managed by chmod behind samba (not ACL through setfacl).
But recently we have to connect to a AD root domain in a forest and it's mandatory by company policy, so I have to introduce Active Directory too.
Straight up, the ideal target is to add AD as a single sign-on, users will join to the AD domain and mount the shared linux resources from samba 4 keeping the actual directory structure shared (home users, directory groups), this is because we want to migrate to the two domains gradually and not in one shot. I know users have to be recreated on AD :(
The online documentations that I found say howto join from linux to AD using winbind and sssd, but it's not clear how to map gid to the existing uid on linux (keeping the linux current users), and even if possible how to override the access posix behind samba (I mean chmod/chown on files not on smb.conf)?
My idea is to install a new linux server like centos 7.2, setup samba4 and mount through autofs the resources, join samba4 to AD, remap folders from gpo and continue to use samba 3 for the old domain and samba4+AD for the new domain on the two but same samba's shared resources....is it possible!? Users save on the same map network folder keeping the same data. What is the best way to combine samba to AD keeping the same shared resources structure managed on samba3?
I would appreciate your advice on approach! Thank you.