Transfer of samba credentials to new installation?
Andrew Bartlett
abartlet at samba.org
Thu Dec 1 18:53:55 UTC 2016
On Tue, 2016-11-29 at 12:05 +0100, Stefan Recksiegel wrote:
> Hi Andrew,
>
> thank you very much for your helpful answer! What would be the
> "cleanest" way to do this, just transfer /etc/samba/smb.conf
> and a tarball of the /var/lib/samba directory or should I rather
> leave out e.g. winbindd_cache.tdb and have it regenerated?
It all comes down to how much state you wish to set, I suppose.
the files in private/ will be the most important, with the SID and the
password.
For the rest, we try to follow the FHS rules for how important each
file is.
Andrew Bartlett
> Best, Stefan
>
> On 28/11/16 18:53, Andrew Bartlett wrote:
> >
> > On Mon, 2016-11-28 at 12:57 +0100, Stefan Recksiegel wrote:
> > >
> > > Dear all,
> > >
> > > I have a question that I have not been able to answer by
> > > searching
> > > the
> > > archives:
> > >
> > > We have a cluster of about 250 computers that used to
> > > authenticate
> > > against a local LDAP server. I am currently in the process of
> > > migrating
> > > to our institute's ADS infrastructure. I join each host with
> > > "net ADS JOIN" and everything works as expected, so far so good.
> > >
> > > We have a highly automated installation system (based on Debian
> > > pre-seeding) where booting from the network just re-installs the
> > > complete system with the latest release. Unfortunately, when
> > > using
> > > ADS authentification, this means I manually have to log in to
> > > each
> > > host to perform the join (unless I keep the ADS password in some
> > > script, which I do not want to do).
> > >
> > > Can I somehow transfer the ADS joining data in
> > > /var/lib/samba/private/
> > > from the old installation to the new installation to avoid having
> > > to do a new join after upgrading the system?
> >
> > Yes. As long as you keep the right secrets with the right rebuilt
> > host, then that should work fine. Test well, but I don't expect
> > issues.
> >
> > Thanks,
> >
> > Andrew Bartlett
> > --
> > Andrew Bartlett http://samba.org/~abartlet/
> > Authentication Developer, Samba Team http://samba.org
> > Samba Developer, Catalyst IT http://catalyst.net.nz/servic
> > es/samba
> >
> >
>
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list