John Goubeaux
2009-May-19 22:38 UTC
[Samba] Samba and Migration to an existing LDAP backend
Folks, I have a new build of samba 3.3.0 ( stand alone file server ) which is configured to find all user data in an ldap directory, eg passdb backend = ldapsam. After testing I have confirmed that it all seems to work as it should with a test set of users. Now I need to figure out the best way to migrate the shares and users from the old system ( that used /etc/passwd to store user auth info) to this new one. The users already have Directory entries in the ldap which is used for a variety of existing services . Meaning, all I want to do is populate their existing entries with the proper attributes and re-mout the shares on the new server and NOT have to have them re-enter a new passwd, but use the existing Directory passwd that is already in their entry. So far the only way I can see to get their existing directory entry to work is to run pdbedit -a <userid> which prompts for the users passwd and which then populates their directory entry with all the samba attributes such as the sambasid and sambantpasswd which have unique values. My question is then: Is there another way to get their directory entry populated with these values without having to re-enter their passwd ( eg have the user retype their passwd) at the pdbedit prompt ? Also, it seems that down the road if a user changes their directory passwd this process will have to be repeated to re-sync the unique samba values. Am I missing something with regard to the samba attribute values and their relationship with existing uid and userpassword values in a directory ? Any advice on options is appreciated.. -john -- John Goubeaux Systems Administrator Gevirtz Graduate School of Education UC Santa Barbara Phelps Hall 3534 805 893-8190
John H Terpstra - Samba Team
2009-May-19 22:55 UTC
[Samba] Samba and Migration to an existing LDAP backend
John Goubeaux wrote:> Folks, > > I have a new build of samba 3.3.0 ( stand alone file server ) which is > configured to find all user data in an ldap directory, eg passdb backend > = ldapsam. After testing I have confirmed that it all seems to work as > it should with a test set of users. > > Now I need to figure out the best way to migrate the shares and users > from the old system ( that used /etc/passwd to store user auth info) to > this new one. The users already have Directory entries in the ldap which > is used for a variety of existing services . Meaning, all I want to do > is populate their existing entries with the proper attributes and > re-mout the shares on the new server and NOT have to have them re-enter > a new passwd, but use the existing Directory passwd that is already in > their entry. > > So far the only way I can see to get their existing directory entry to > work is to run pdbedit -a <userid> which prompts for the users > passwd and which then populates their directory entry with all the > samba attributes such as the sambasid and sambantpasswd which have > unique values. > > My question is then: Is there another way to get their directory entry > populated with these values without having to re-enter their passwd ( eg > have the user retype their passwd) at the pdbedit prompt ? Also, it > seems that down the road if a user changes their directory passwd this > process will have to be repeated to re-sync the unique samba values. > > Am I missing something with regard to the samba attribute values and > their relationship with existing uid and userpassword values in a > directory ? > > Any advice on options is appreciated.. > > -johnJohn, You can migrate all your /etc/passwd, /etc/shadow, /etc/group entries to LDAP using the PADL Migration Tools. See: http://www.padl.com/OSS/MigrationTools.html After the UNIX system accounts have been migrated to LDAP, just execute: pdbedit -i smbpasswd -e ldapsam pdbedit -i smbpasswd -e ldapsam -g The first migrates user SambaSAM account info, the second your group configuration. PS: If your samba account info is in tdb files (ie: tdbsam) then execute: pdbedit -i tdbsam -e ldapsam pdbedit -i tdbsam -e ldapsam -g - John T. -- John H Terpstra "If at first you don't succeed, don't go sky-diving!"