Michael Lueck
2009-Oct-05 16:32 UTC
[Samba] How to bulk add machine accounts during PDC hardware refresh?
Greetings- I have not found discussed / documented what to do with machine accounts when moving a Samba PDC to new hardware. I have seen that uid/gid numbers must match between the old/new system. I am thinking to use adduser to accomplish that, then make the numbers on the new server match, using a text editor. After that, can I simply enter the machine account entries by hand with a text editor? TIA! -- Michael Lueck Lueck Data Systems http://www.lueckdatasystems.com/
John Drescher
2009-Oct-05 16:38 UTC
[Samba] How to bulk add machine accounts during PDC hardware refresh?
On Mon, Oct 5, 2009 at 12:32 PM, Michael Lueck <mlueck at lueckdatasystems.com> wrote:> Greetings- > > I have not found discussed / documented what to do with machine accounts > when moving a Samba PDC to new hardware. > > I have seen that uid/gid numbers must match between the old/new system. I am > thinking to use adduser to accomplish that, then make the numbers on the new > server match, using a text editor. > > After that, can I simply enter the machine account entries by hand with a > text editor? >I would not remove the old entries. If you are using ldap replicate the openldap first. If you are using tdbsam copy the /var/lib/samba folder. -- John M. Drescher
Michael Lueck
2009-Oct-05 16:45 UTC
[Samba] How to bulk add machine accounts during PDC hardware refresh?
John Drescher wrote:> I would not remove the old entries. If you are using ldap replicate > the openldap first. If you are using tdbsam copy the /var/lib/samba > folder.Sorry, I forgot to mention that no LDAP or anything "fancy" is involved. So Samba has made entries in /etc/passwd and /etc/group, and that is what I am interested in moving properly. "remove the old entries"... ??? I am trying to set up an identical PDC on new hardware. I understand that uid/gid numbers must match, so thinking to use adduser to get them added, then edit the files to keep the numbers matching between the old/new PDC. But then, what to do about those entries in those two files that are for workstations? Can I simply copy/paste from the files on the existing PDC the entries for the machine accounts? Thanks, -- Michael Lueck Lueck Data Systems http://www.lueckdatasystems.com/
Eero Volotinen
2009-Oct-05 17:00 UTC
[Samba] How to bulk add machine accounts during PDC hardware refresh?
Michael Lueck kirjoitti:> John Drescher wrote: >> I would not remove the old entries. If you are using ldap replicate >> the openldap first. If you are using tdbsam copy the /var/lib/samba >> folder. > > Sorry, I forgot to mention that no LDAP or anything "fancy" is involved. > So Samba has made entries in /etc/passwd and /etc/group, and that is > what I am interested in moving properly. >just copy and paste entries to /etc/passwd and /etc/group ? -- Eero
Michael Lueck
2009-Oct-05 17:18 UTC
[Samba] How to bulk add machine accounts during PDC hardware refresh?
Eero Volotinen wrote:> just copy and paste entries to /etc/passwd and /etc/group ?That is what I was thinking to do... just wanted to be sure that such would actually work... that I did not need to actually execute adduser and have it create the entries as it also knows to update "some other place" that I was not thinking of. Perhaps years of OS/2 and Windows bleeding through... ;-) Thanks, -- Michael Lueck Lueck Data Systems http://www.lueckdatasystems.com/
Zoolook
2009-Oct-05 17:33 UTC
[Samba] How to bulk add machine accounts during PDC hardware refresh?
On Mon, Oct 5, 2009 at 2:18 PM, Michael Lueck <mlueck at lueckdatasystems.com> wrote:> Eero Volotinen wrote: > >> just copy and paste entries to /etc/passwd and /etc/group ? > > That is what I was thinking to do... just wanted to be sure that such would > actually work... that I did not need to actually execute adduser and have it > create the entries as it also knows to update "some other place" that I was > not thinking of.Also be sure to copy these: /var/lib/samba /var/spool/samba /var/cache/samba Regards, Norberto
Zoolook
2009-Oct-05 17:57 UTC
[Samba] How to bulk add machine accounts during PDC hardware refresh?
On Mon, Oct 5, 2009 at 2:36 PM, Michael Lueck <mlueck at lueckdatasystems.com> wrote:> Just no one happened to explain how to move machine accounts to the new PDC. >machine accounts are user accounts from the *nix point of view ;-) regards, norberto
Harry Jede
2009-Oct-05 20:24 UTC
[Samba] How to bulk add machine accounts during PDC hardware refresh?
On Montag, 5. Oktober 2009 wrote Eero Volotinen:> Michael Lueck kirjoitti: > > John Drescher wrote: > >> I would not remove the old entries. If you are using ldap > >> replicate the openldap first. If you are using tdbsam copy the > >> /var/lib/samba folder. > > > > Sorry, I forgot to mention that no LDAP or anything "fancy" is > > involved. So Samba has made entries in /etc/passwd and /etc/group, > > and that is what I am interested in moving properly. > > just copy and paste entries to /etc/passwd and /etc/group ?Sounds usable, but do not do this. You may get massiv problems :-( . You need passwd AND shadow for the users, but normaly NOT the hole file. The system accounts may be different on your new system, so identify the min and max uidnumber for regular users and copy only these users. Do the same with the shadow file. AND make backups. Same thing with groups. Identify your min and max gidnumber and copy only these groups. Maybe you need to transform some uid/gid-numbers :-) .> > -- > Eero-- Gruss Harry Jede
Michael Lueck
2009-Oct-06 22:29 UTC
[Samba] How to bulk add machine accounts during PDC hardware refresh?
Greetings Harry- Thank you for your continued assistance! Harry Jede wrote:> On Dienstag, 6. Oktober 2009 wrote Michael Lueck: >> For Samba users (real actual users) there is an entry in passwd and >> group. I would think I can use adduser to set those up, and edit the >> uid/gid # to match.> If you need to edit uid/gid, do not forget to change the uid/gid in your > filesystems. Do it separately for uid and gid. It is more safe.I was thinking to create the new uid/gid entries before I restore files from the backup. Thus since ID's are created, made to look the same as the old server, I would think files/dirs would restore properly, including ownership. No?>> Do you see any problems with this course of action? > Yes. The samba passwords (lm and nt hashes) are stored in a separate > file. I am sure you will not change the paswords. But be sure, that > you do not loose the "logical connection" with both storage areas > (passwd/shadow and smbpasswd).So what is the proper way to create the "machine accounts" for the Windows boxes? Shall I simply copy/paste the existing entries in passwd/shaow and smbpasswd and do not concern myself copying the password hash from non-login ID's on the new server (shadow file)? Or... ??? Sincerely, -- Michael Lueck Lueck Data Systems http://www.lueckdatasystems.com/
John Drescher
2009-Oct-06 22:46 UTC
[Samba] Fwd: How to bulk add machine accounts during PDC hardware refresh?
On Tue, Oct 6, 2009 at 6:39 PM, Michael Lueck <mlueck at lueckdatasystems.com> wrote:> John Drescher wrote: > >> Every time I have created a new PDC (in the last decade) I have just >> mirrored the LDAP and did not mess with new incompatible uids/gids > > BUT I DO NOT HAVE LDAP in the configuration. aaakkk!!! >I know. Just copy the files /etc/passwd /etc/group and ?the folders /etc/samba /var/lib/samba /var/spool/samba /var/cache/samba John M. Drescher -- John M. Drescher
Michael Lueck
2009-Oct-06 22:49 UTC
[Samba] Fwd: How to bulk add machine accounts during PDC hardware refresh?
John Drescher wrote:> I know. Just copy the files > > /etc/passwd /etc/group > > and the folders > > /etc/samba > /var/lib/samba > /var/spool/samba > /var/cache/sambaSo do not mess with the password hashes for machine accounts in /etc/passwd since that hashed password has to match the password in smbpasswd? If so, fffeeewww, now the task sounds doable! ;-) Thanks, -- Michael Lueck Lueck Data Systems http://www.lueckdatasystems.com/