migration nt -> samba pdc

Lars O. Grobe grobe at gmx.net
Tue Nov 20 16:46:05 GMT 2001


We did the migration about 18 months ago. We have a heterogenous network
here, so as you just need samba, you are quite lucky ;-)

You will have to get ("export") the nt-encrypted passwords. They can't
be decrypted, but this shouldn't be necessary.

I used a utility called pwdump2 (take a look at google). This writes a
smbpasswd-like file, so it's quite close to what you will need in samba.

Now, I parsed this file with the utility pdadduser. This will allow you
to create unix accounts based on the output of pwdump2. You need an
account for every user and every machine! I usually set both's shells to

If you have the unix-users, you can create the samba-users. The only
problem is that the output of pwdump2 doesn't contain the valid uids, if
you correct this (maybe with the help of pdadduser, again, maybe with
some script), you can use this as your smbpasswd-file.

So, you should be able to check that all your users arrived on samba.
Simply try smbclient -U <yourusername> -L <yourservername>, you should
have to enter the password, and see the shares of your samba server.

Now, go from machine to machine and put them into your domain.... I
don't think that there is a way to avoid this... (maybe with samba-tng,
which has some backup-dc-features).

Good luck, and have fun, you should get a fast and reliable server....

CU, Lars.


More information about the samba-ntdom mailing list