GreeG wrote:
> Hi there,
>
> Is anybody has ever made this: Migrate samba 2.x users (and their unix
> accounts) to an openldap? I've found plenty of how to for building a
> blank samba/ldap authentication system, but nothing for migrate existing
> samba 2.x account (but samba 3.x)... smbldap-tools are useful for
> creating groups etc., migratetools are useful for unix account, but what
> about samba 2.x?
I'm in the midst of such a migration & agree the information out there
is surprisingly sparse. **I should point out that was already already on
Samba 3 so apologies if this doesn't apply here - test in a safe manner**
I'm asssuming you've already got all your posix accounts & groups in
place - if you've used the PADL scripts to migrate these you'll have to
modify some entries so that your machine accounts are under ou=computers
rather ou=users or ou=people.
Having laid the ground, I would firstly copy your smb.conf to something
like migrate.smb.conf & put all the stuff in the copy to allow it to
talk to your LDAP server, **but not including the ldapsam backend
directive**, eg:
ldap ssl = [off|on|start_tls]
ldap admin dn = uid=admin,dc=example,dc=com
ldap suffix = dc=example,dc=com
ldap group suffix = ou=groups
ldap user suffix = ou=users
ldap machine suffix = ou=computers
Put the ldap admin user in secrets.tdb by doing: smbpasswd -w adminpass
Copy your smbpasswd file to an alternate location avoid accidentally
clobbering the real one with a typo.
Now you can use pdbedit to export users, letting it using the new conf
file by specifying it with '-s':
pdbedit -s /path/to/migrate.smb.conf -e \
ldapsam:ldap://ldap.example.com[:port]
Also group mappings:
pdbedit -s /path/to/migrate.smb.conf -g -e \
ldapsam:ldap://ldap.example.com[:port]
Obviously you'll need to point samba to the new backend once it's ready.
HTH
--
Ben Tisdall
--
To unsubscribe from this list go to the following URL and read the
instructions:
https://lists.samba.org/mailman/listinfo/samba
Linux