David Broome
2011-Mar-05 03:11 UTC
[Samba] Help / Suggestions on how to migrate to AD from smbpasswd
Hello, I have an older standalone Samba 3.0.14 system (security = user) with local users and local home directories and shares. This uses another 'legacy' system for adding linux users accounts. I then use the pam plug-in pam_smbpass <pam_smbpass.so migrate> to create a smbpasswd entry for users. The UID's up to 8765 are currently in use ie: etc/passwd: noni:x:8765:4251::/home/noni:/bin/bash etc/samba/smbpasswd: noni:8765:bla:bla:[U ]:LCT-4D2B7B16: I hope to have the new system Samba 3.5.4 that I am migrating to use AD (security = ads) for samba and ssh via PAM. Will I be able to do this? How do I keep the current users and their UIG / GID active while changing them to authenticate to AD vs local files? All the usernames match between my local accounts and the domain ones. Except for root - how is root login handled? I assume as 'files' is still in the nssswitch.conf that will work. Will the Samba "Add Users" script work to add new users. I would expect if a used tried to login via ssh without a local account it would not work, but would (and created the home dir) via Samba. I would also set " AssumeDefaultDomain ". Should I use Likewise Open for this? Thanks in advance.
Volker Lendecke
2011-Mar-05 06:21 UTC
[Samba] Help / Suggestions on how to migrate to AD from smbpasswd
On Fri, Mar 04, 2011 at 07:11:22PM -0800, David Broome wrote:> I have an older standalone Samba 3.0.14 system (security = user) with > local users and local home directories and shares. This uses another > 'legacy' system for adding linux users accounts. I then use the pam > plug-in pam_smbpass <pam_smbpass.so migrate> to create a smbpasswd > entry for users. > > The UID's up to 8765 are currently in use ie: > > etc/passwd: noni:x:8765:4251::/home/noni:/bin/bash > etc/samba/smbpasswd: noni:8765:bla:bla:[U ]:LCT-4D2B7B16: > > I hope to have the new system Samba 3.5.4 that I am migrating to use > AD (security = ads) for samba and ssh via PAM. > > Will I be able to do this?Look at net idmap dump / net idmap restore. Volker -- SerNet GmbH, Bahnhofsallee 1b, 37081 G?ttingen phone: +49-551-370000-0, fax: +49-551-370000-9 AG G?ttingen, HRB 2816, GF: Dr. Johannes Loxen