peter pilsl
2007-Jan-11 16:41 UTC
[Samba] migrate machine-passwords from smbpasswd to ldap?
I'm just migrating a whole samba-installations ffrom old 2.2 to 3.0 with
LDAP.
I was successfully able to migrate all useraccounts with smbldap-useradd but now
I'm stuck with the machine-accounts. All machines are part of the domain and
they should be able to logon the new server without noticing any difference.
I can add them with smbldap-useradd -w but the resulting ldap-entry does not
have any samba-attributes, especially the sambaNTpassword and
sambaLMpassword-fields are not set !!
I think that these passwords are essential to keep the trustrelation between
server and machines.
I'm not sure about some details also:
1) the machines still have the $ as last name, so the machine dummy should be
in the ldap-structure with uid=dummy$ ?!
2) am I right that sambaNTPassword and sambaLMPassword needs to be the same on
the new installation than the old one to let the machines stay in the domain
without needing to leave and rejoin?
3) what about sambaSID for the existing machine? How do I get the correct
sambaSID? Is the same than with users? domainSID-1000+2*uid ?
4) Do I need to add a machine as normal user first and then as machine, cause
when I try to add the machine with pdbedit I get the following error:
#pdbedit -a -m -u ihf23$ 2>&1
doing parameter max log size = 10000
pm_process() returned Yes
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=IHF))]
smbldap_open_connection: connection opened
ldap_connect_system: succesful connection to the LDAP server
The LDAP server is succesfully connected
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=IHF))]
smbldap_open_connection: connection opened
ldap_connect_system: succesful connection to the LDAP server
The LDAP server is succesfully connected
ldapsam_add_sam_account: Adding new user
init_ldap_from_sam: Setting entry for user: ihf23$
ldapsam_modify_entry: Failed to add user dn=
uid=ihf23$,ou=smbComputers,dc=ihf,dc=local with: Object class violation
object class 'sambaSamAccount' requires attribute
'sambaSID'
ldapsam_add_sam_account: failed to modify/add user with uid = ihf23$ (dn =
uid=ihf23$,ou=smbComputers,dc=ihf,dc=local)
Unable to add machine! (does it already exist?)
thnx,
peter
--
mag. peter pilsl - goldfisch.at
IT-Consulting
Tel: +43-650-3574035
Tel: +43-1-8900602
Fax: +43-1-8900602-15
skype: peter.pilsl
pilsl@goldfisch.at
www.goldfisch.at
Stefan Schmitz
2007-Jan-12 16:39 UTC
[Samba] migrate machine-passwords from smbpasswd to ldap?
Hi Peter, I didnt test it but pdbedit -i smbpasswd:/etc/smbpasswd -e ldapsam should do the job! Ther is also a parameter -g wich applies to group mappings (Are they available in Samba 2 ???). Good luck. peter pilsl schrieb:> > I'm just migrating a whole samba-installations ffrom old 2.2 to 3.0 with > LDAP. > I was successfully able to migrate all useraccounts with smbldap-useradd > but now I'm stuck with the machine-accounts. All machines are part of > the domain and they should be able to logon the new server without > noticing any difference. > > I can add them with smbldap-useradd -w but the resulting ldap-entry does > not have any samba-attributes, especially the sambaNTpassword and > sambaLMpassword-fields are not set !! > > I think that these passwords are essential to keep the trustrelation > between server and machines. > > I'm not sure about some details also: > > 1) the machines still have the $ as last name, so the machine dummy > should be in the ldap-structure with uid=dummy$ ?! > > 2) am I right that sambaNTPassword and sambaLMPassword needs to be the > same on the new installation than the old one to let the machines stay > in the domain without needing to leave and rejoin? > > 3) what about sambaSID for the existing machine? How do I get the > correct sambaSID? Is the same than with users? domainSID-1000+2*uid ? > > 4) Do I need to add a machine as normal user first and then as machine, > cause when I try to add the machine with pdbedit I get the following error: > > #pdbedit -a -m -u ihf23$ 2>&1 > doing parameter max log size = 10000 > pm_process() returned Yes > Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=IHF))] > smbldap_open_connection: connection opened > ldap_connect_system: succesful connection to the LDAP server > The LDAP server is succesfully connected > Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=IHF))] > smbldap_open_connection: connection opened > ldap_connect_system: succesful connection to the LDAP server > The LDAP server is succesfully connected > ldapsam_add_sam_account: Adding new user > init_ldap_from_sam: Setting entry for user: ihf23$ > ldapsam_modify_entry: Failed to add user dn> uid=ihf23$,ou=smbComputers,dc=ihf,dc=local with: Object class violation > object class 'sambaSamAccount' requires attribute 'sambaSID' > ldapsam_add_sam_account: failed to modify/add user with uid = ihf23$ (dn > = uid=ihf23$,ou=smbComputers,dc=ihf,dc=local) > Unable to add machine! (does it already exist?) > > > thnx, > peter > > >