[Samba] account migartion from NIS and Smbpasswd to LDAP

Steve Zeng szeng at mainframe.ca
Mon Mar 14 20:31:32 GMT 2005 

John,

Thanks for your excellent explanation. For some reason I need to keep 
both NIS and LDAP running while NIS is the master passwd database. So is 
there any complete discussion about account migration in the Samba 
Documents?

Steve
> On Monday 14 March 2005 12:22, Paul Gienger wrote:
> 
>>>There are both machine accounts and user accounts in the "smbpasswd"
>>>file. 
> 
> 
> If you do not specify a "passdb backend" the default is to use an smbpasswd 
> backend and it will contain both user and machine accounts.
> 
> If the "passdb backend" specifies LDAP Samba will place user and machine 
> accounts into the locations specified by:
> 
> ldap machine suffix =
> ldap user suffix =
> 
> 
>>>So pdbedit will automatically put machine accounts into 
>>>ou=Computers and user accounts into ou=users, am I right?
> 
> 
> pdbedit will do as instructed in smb.conf via the above.
> 
> 
>>That I couldn't tell you honestly.  It stands to reason that the command
>>could figure out which is which, but I have no empirical data to back
>>that up.
>>
>>
>>>>>I've tried "smbldap-migrate-unix-accounts" to migrate NIS account
>>>>>into LDAP. It is a great tool. There is no problem if he/she
>>>>>authenticate from Linux machine with his old NIS account. But I
>>>>>found that I need to run smbldap-passwd to give a new passwd so that
>>>>>he/she can authenticate from windows machine. Does anyone has a
>>>>>better solution about it?
> 
> 
> There is no better solution because the passwords that are stored in NIS can 
> not be decrypted and then recrypted into the format needed by Windows.
> 
> On the other hand, if you already have an smbpasswd file that was previously 
> used with NIS, then you can migrate just the NIS copmonent into the LDAP 
> backend and then use:
> 
> 	pdbedit -i smbpasswd -e ldapsam
> 
> to migrate the existing Windows passwords.
> 
> 
>>>>So by your subject line it appears that you have a smbpasswd file
>>>>someplace.  You can use the pdbedit command with import and export
>>>>flags to move the relevant fields over to ldap.
> 
> 
> - John T.

-- 
Regards,

Steve Zeng
Systems Administrator
Mainframe Entertainment Inc
T: (604) 628-1000 ext 5293

More information about the samba mailing list