samba - Mar 2003 - Transparent migration of users to a samba PDC, how about cygwin tool ?

Hi,

I would like to migrate from NT PDC to a Samba PDC.

My main concern is that all my users have local profile (i.e. there is
no roaming profiles). It seems that users profiles on a workstation are
not valide when migrating  to  the Samba PDC. It seams that the users
cannot keep the same identity.  On the other hand, I would really like
to change PDC without users noticing anything.


Tools like pwdump.exe or pwdum2.exe to build smbpasswd, extracting the
domaine SID and  putting it in /etc/samba/MACHINE.SID help to this goal.
But, it does not seems to be enough ( at least in my setup !): windows
passwords migrate ok, workstations migrate apparently ok, but the former
profile of users are no more accessible and new ones are create. It
seems that it is because the users identity (SID) has changed, even if 
the users ID in /etc/passwd and /etc/samba/smbpasswd are the ones
extract with pwdump.exe from the NT PDC.

1- Is this feature normal
2- Can I do better with actual Samba tools ?
3- If not, how about using information from cygwin tool mkpasswd and
mkgroup from wich I can extract lines like 

myusername::11190:10513:this_is_me,S-1-5-21-90123874-2034640729-581009308-1190:/home/myusername:/bin/sh

and 

Domain Users:S-1-5-21-90123874-2034640729-581009308-513:10513:


These contains the SID of the users and group.  Is there a way to
exploit this informations in Samba? Can it help for a completly
transparent migration of NT PDC to Samba PDC ?



Laurent





-- 
Laurent Hubert,
Assistant de recherche
Centre d'Imagerie M?tabolique et Fonctionnelle
CRC, CHUS
Universit? de Sherbrooke
3001, 12e Avenue Nord
Sherbrooke, Qu?bec
Canada
J1H 5N4
t?l : 819 346 1110 poste 11836
T?l?copieur : 819 820 6490
Courriel : laurent.hubert@chus.qc.ca

On Mon, 31 Mar 2003, Laurent Hubert wrote:
> Hi,
>
> I would like to migrate from NT PDC to a Samba PDC.
>
> My main concern is that all my users have local profile (i.e. there is
> no roaming profiles). It seems that users profiles on a workstation are
> not valide when migrating  to  the Samba PDC. It seams that the users
> cannot keep the same identity.  On the other hand, I would really like
> to change PDC without users noticing anything.
>
>
> Tools like pwdump.exe or pwdum2.exe to build smbpasswd, extracting the
> domaine SID and  putting it in /etc/samba/MACHINE.SID help to this goal.
> But, it does not seems to be enough ( at least in my setup !): windows
> passwords migrate ok, workstations migrate apparently ok, but the former
> profile of users are no more accessible and new ones are create. It
> seems that it is because the users identity (SID) has changed, even if
> the users ID in /etc/passwd and /etc/samba/smbpasswd are the ones
> extract with pwdump.exe from the NT PDC.
This is much easier with Samba-3.0.0 (currently in alpha). You can use the
'net rpc vampire' tool to extract all your account info directly into
Samba.

You can also easily join the NT4 domain and then update it to be the PDC.
This way your SID issues are not an issue.

Additionally, Samba-3.0.0 has a tool for migrating profiles (ie: changing
he SIDs).
>
> 1- Is this feature normal
> 2- Can I do better with actual Samba tools ?
> 3- If not, how about using information from cygwin tool mkpasswd and
> mkgroup from wich I can extract lines like
>
>
myusername::11190:10513:this_is_me,S-1-5-21-90123874-2034640729-581009308-1190:/home/myusername:/bin/sh
>
> and
>
> Domain Users:S-1-5-21-90123874-2034640729-581009308-513:10513:
>
>
> These contains the SID of the users and group.  Is there a way to
> exploit this informations in Samba? Can it help for a completly
> transparent migration of NT PDC to Samba PDC ?
Suggest you use this opportunity to explore Samba-3.0.0 - I am happy to
help you with your migration since this is a subject I am speaking about
at the SambaXP conference in Germany on April 14/15.

- John T.
-- 
John H Terpstra
Email: jht@samba.org