Upgrade from S3 to a Samba4 DC

[Andrew Bartlett]

On Sun, 2011-08-14 at 17:13 +1000, Andrew Bartlett wrote:
> I wanted to update the list on the progress on creating a smooth upgrade
> path for users of the Samba3 DC functionality to Samba4's AD server.
> 
> Amitay and I have worked from the basis of Jelmer's python libraries and
> upgrade_from_s3 script, and have extended that script to take advantage
> of the new passdb and loadparm wrappers.   
> 
> We already demonstrate an upgrade of an S3 member server and DC in the
> testsuite, and I'll shortly add and do real-world tests of S3 domains
> being upgraded to Samba4. 
> 
> So far, the upgrade is only of users, but groups will follow very
> shortly.  We can upgrade any passdb backend (because we call the C API),
> which provides a possible upgrade path for users of the externally
> maintained passdb backends that was not possible before.  Passwords and
> SIDs are migrated, as are most other passdb attributes. 
> 
> This passdb-centric approach also means we may not need the
> myldap-pub.py script, or we can have it's features integrated, possibly
> to handle only the parts not exposed to the passdb API. 
> 
> There is plenty more to do, but I hope this shows a clear direction for
> this important part of a Samba 4.0 release. 

A more finished version of this script is now in autobuild, and I hope
will be in the tree tonight.  It now handles groups and group
memberships, as well as maintaining the administrator password (from
either an the old administrator or root user).

We have also tested the upgrade with a real-world WinXP domain member.

The script certainly needs more documention and polish, so patches are
welcome, but I'm very pleased with how this has worked out, and that we
now have a supported upgrade method for our users.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org