I need some help with migration (from Apple OpenDirectory)
Andrew Bartlett
abartlet at samba.org
Mon Jan 7 14:38:41 MST 2013
On Sun, 2013-01-06 at 16:06 +0400, Максим Мельников wrote:
> Hello SambaTeam,
>
> I need to migrate users from Mac OS X 10.5 OpenDirectory with Samba Version 3.0.25b-apple as PDC to any Active Directory node, for example, using Samba4.
> I want to avoid resetting the ACLs on all of our shared folders in the windows servers, there are a lot.
> I tried to do the http://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO , "Upgrading on a New Server" and "Upgrading In Place" parts, but I didn't get source users in the new AD from *.tdb files.
>
> Can you give me some special HOWTOs or advices for this direction?
I've CC'ed the only user who I know to have managed this.
http://lists.samba.org/archive/samba-technical/2010-April/thread.html#70554
http://lists.samba.org/archive/samba-technical/2010-August/thread.html#72944
http://lists.samba.org/archive/samba-technical/2011-November/thread.html#80418
We may wish to try and script this, as I suspect a large number of sites
have been abandoned by Apple discontinuing PDC support in OSX Lion.
An interesting way to help a number of different sites migrate would be
to enable write support in hdb_dsdb (our hdb module for the AD DC). We
could then allow a migration without passwords, and then somehow copy in
the key values from any supported Heimdal HDB backend (including MIT).
Or we could at least have the python script parse the dump format as an
additional file during the ugprade, perhaps only for the simple case of
the arcfour-hmac-md5 key.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list