Sebastián Abate
2003-Nov-05 19:22 UTC
[Samba] Migrating from Samba2.2.8a+LDAP+PDC to Samba3+ldapsam
Hi, and thanks in advance for your support (sorry my english) Is there any documentation for migrating Samba 2.2 with LDAP and PDC suport to Samba3 with PDC and LDAPSAM? I try to explain the situation: Only one server running Mandrake 9.2 + Samba 2.2.8a with ldap support (from precompiled contrib); and I wish to migrate to Samba3+LDAPSAM. My real problem is that I must use ldap because I also use ldap for unix authentication (can that be done with tdbsam and pam?). I read the samba howto collection, but i dont find any help. The solution must preserve machines trust accounts and sids. Sebasti?n Abate Telcom Sistemas Tel. 4383-1937 abates@telcomsistemas.com.ar www.telcomsistemas.com.ar
Gémes Géza
2003-Nov-05 19:52 UTC
[Samba] Migrating from Samba2.2.8a+LDAP+PDC to Samba3+ldapsam
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sebasti?n Abate ?rta: | Hi, and thanks in advance for your support (sorry my english) | Is there any documentation for migrating Samba 2.2 with LDAP and PDC | suport to Samba3 with PDC and LDAPSAM? | I try to explain the situation: | Only one server running Mandrake 9.2 + Samba 2.2.8a with ldap support | (from precompiled contrib); and I wish to migrate to Samba3+LDAPSAM. My | real problem is that I must use ldap because I also use ldap for unix | authentication (can that be done with tdbsam and pam?). I read the samba | howto collection, but i dont find any help. The solution must preserve | machines trust accounts and sids. | | Sebasti?n Abate | Telcom Sistemas | Tel. 4383-1937 | abates@telcomsistemas.com.ar | www.telcomsistemas.com.ar | | | Hi I did something like this, Mandrake 9.1, the steps to the success where: 1. edit /etc/samba3/smb.conf to suit your old setup: Workgroup, Netbios name, shares, ldap settings etc 2. stop samba-2 3. copy /etc/samba/secrets.tdb to /etc/samba3 4. start samba-3 5. run net3 getlocalsid, and save the result to a file 6. stop samba-3 7. remove /etc/samba3/secrets.tdb 8. start samba-3 9. run net3 setlocalsid previously saved SID 10. run smbpasswd3 -w password, just like you did with samba-2 You could say, that steps 6-10 are needless, maybe you are right, but I felt more comfortable using a samba3 generated tdb file. 11. dump your ldap database to ldif format 12. run /usr/share/samba3/scripts/convertSambaAccount --input your-old-ldif-file --output your-modified-ldif-file --sid your-previously saved domain SID 13. comment out samba schema from /etc/openldap/slapd.conf, and include the new samba3 schema 14. stop ldap 15. delete everything from /var/lib/ldap, making a backup would be advisable 16. start ldap 17. import your-modified-ldif-file to ldap 18. test test and test Good Luck! Geza Gemes -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/qVUM/PxuIn+i1pIRAnmJAJ41SWaab+ej1YW3+RCezOhNi3pcXwCgjMFE kFFFYAdvhEuFF0/Y/dLM5EM=oP1T -----END PGP SIGNATURE-----
Buchan Milne
2003-Nov-07 15:36 UTC
[Samba] Migrating from Samba2.2.8a+LDAP+PDC to Samba3+ldapsam
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1> Message: 28 > Date: Wed, 05 Nov 2003 20:52:44 +0100 > From: G?mes G?za <geza@kzsdabas.sulinet.hu> > Subject: Re: [Samba] Migrating from Samba2.2.8a+LDAP+PDC to > Samba3+ldapsam > To: Sebasti?n Abate <abates@telcomsistemas.com.ar> > Cc: samba@lists.samba.org > Message-ID: <3FA9550C.9060503@kzsdabas.sulinet.hu> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed >> Hi I did something like this, Mandrake 9.1, the steps to the successwhere:> 1. edit /etc/samba3/smb.conf to suit your old setup: Workgroup, Netbios > name, shares, ldap settings etc > 2. stop samba-2 > 3. copy /etc/samba/secrets.tdb to /etc/samba3 > 4. start samba-3 > 5. run net3 getlocalsid, and save the result to a file > 6. stop samba-3 > 7. remove /etc/samba3/secrets.tdb > 8. start samba-3 > 9. run net3 setlocalsid previously saved SIDInstead of steps 2-9, you can extract the SID using smbpasswd -X <domain>, and import it with 'net3 setlocalsid <SID>'> 10. run smbpasswd3 -w password, just like you did with samba-2 > You could say, that steps 6-10 are needless, maybe you are right, but I > felt more comfortable using a samba3 generated tdb file. > 11. dump your ldap database to ldif format > 12. run /usr/share/samba3/scripts/convertSambaAccount --input > your-old-ldif-file --output your-modified-ldif-file --sid > your-previously saved domain SID > 13. comment out samba schema from /etc/openldap/slapd.conf, and include > the new samba3 schema > 14. stop ldap > 15. delete everything from /var/lib/ldap, making a backup would beadvisable> 16. start ldap > 17. import your-modified-ldif-file to ldapInstead of steps 11-17, you can instead: /usr/share/samba3/scripts/convertSambaAccount --input \ your-old-ldif-file --output your-modified-ldif-file --sid \ your-previously saved domain SID --changetype modify # ldapmodify -x -D "ldap admin dn" -W -ZZ -f your-modified-ldif-file This method allows you to have changes propogated to slave servers, and allows you to have less down time. Also, once you have done this, you will need to add group mappings for all the primary groups of your users etc. Note, I haven't migrated our production network, only done it on my test network ... Feedback welcome as always, and you guys might want to add some notes on the Mandrake community wiki at http://mandrake.vmlinuz.ca Regards, Buchan - -- |--------------Another happy Mandrake Club member--------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/q7vfrJK6UGDSBKcRAu8nAKCpDOkRGg02zOmq+L0FfiECR6J6zQCfS9Qh OvjkBeAIJgRt5i0rEW3YI+g=q6fl -----END PGP SIGNATURE-----