Samba 3 to Samba 4 Migration. ( patch)

Andrew Bartlett abartlet at
Thu Nov 18 02:59:39 MST 2010

On Wed, 2010-11-03 at 15:55 +0000, Lukasz Zalewski wrote:
> Hi Metze,
> Thx :)
> On 11/03/2010 03:04 PM, Stefan (metze) Metzmacher wrote:
> > Hi Lukasz,
> >
> > here's my current version of the script (based on your -08 version).
> >
> > - I added the --create_user_principal_name option (disabled by default)
> >    not everybody wants to have that.
> Shall we also add an option flag to the samba-tool newuser cmd as it 
> automatically creates userPrinicpalName - (OTOH this is how Active 
> Directory Users and Computers creates accounts.)
> >
> > - I fixed the 'member' handling for the primary group of a user.
> >
> > - I removed some lines like:
> >      self.insert_organizationalUnit(self.groups.importdn)
> >    where importdn is only the partial dn.
> >
> > - I removed IMPORT_TYPE_TRUSTS from IMPORT_TYPE_ALL for now
> >
> > metze
> Given the recent name changing, maybe this is a good opportunity to 
> change to something else (i think we already agreed the 
> current name must go)
> I have noticed that some of the attributes have to explicitly rejected 
> by the user - this seems sensible, but some parameters do have their 
> counterparts in samba4, for example shadowMin, shadowMax, shadowExpire, 
> shadowFlag, shadowWarning, shadowInactive - shall they be white listed 
> (such that they do not trigger keep != remove assertion) or do you want 
> them to be explicitly rejected?
> Also, python 2.4 does not handle getpass password prompt well when 
> redirecting to stdout (2.6 is fine). Do you know of any 
> workarounds/solutions for this?
> attached is same script with small typo corrected (was 
> --create_user_prinical_name instead of --create_user_principal_name)

I would like to propose that we include this in the tree, in
scripting/devel until we can modify it to be a subcommand of samba-tool.

This script should not sit outside version control for this long, as
folks are starting to use it.

To do that, we do need to clean it up a little.  For example, import the
constants like ACB_ etc from samba.dcerpc.samr, and the others from

I would also like the dump() function removed (particularly given it is
copied in, and just used in commented out code). 

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the samba-technical mailing list