Transfer of samba credentials to new installation?

Andrew Bartlett abartlet at samba.org
Thu Dec 1 18:53:55 UTC 2016 

On Tue, 2016-11-29 at 12:05 +0100, Stefan Recksiegel wrote:
> Hi Andrew,
> 
> thank you very much for your helpful answer! What would be the
> "cleanest" way to do this, just transfer /etc/samba/smb.conf
> and a tarball of the /var/lib/samba directory or should I rather
> leave out e.g. winbindd_cache.tdb and have it regenerated?

It all comes down to how much state you wish to set, I suppose.

the files in private/ will be the most important, with the SID and the
password.

For the rest, we try to follow the FHS rules for how important each
file is.

Andrew Bartlett

> Best,      Stefan
> 
> On 28/11/16 18:53, Andrew Bartlett wrote:
> > 
> > On Mon, 2016-11-28 at 12:57 +0100, Stefan Recksiegel wrote:
> > > 
> > > Dear all,
> > > 
> > > I have a question that I have not been able to answer by
> > > searching
> > > the
> > > archives:
> > > 
> > > We have a cluster of about 250 computers that used to
> > > authenticate
> > > against a local LDAP server. I am currently in the process of
> > > migrating
> > > to our institute's ADS infrastructure. I join each host with
> > > "net ADS JOIN" and everything works as expected, so far so good.
> > > 
> > > We have a highly automated installation system (based on Debian
> > > pre-seeding) where booting from the network just re-installs the
> > > complete system with the latest release. Unfortunately, when
> > > using
> > > ADS authentification, this means I manually have to log in to
> > > each
> > > host to perform the join (unless I keep the ADS password in some
> > > script, which I do not want to do).
> > > 
> > > Can I somehow transfer the ADS joining data in
> > > /var/lib/samba/private/
> > > from the old installation to the new installation to avoid having
> > > to do a new join after upgrading the system?
> > 
> > Yes.  As long as you keep the right secrets with the right rebuilt
> > host, then that should work fine.  Test well, but I don't expect
> > issues.
> > 
> > Thanks,
> > 
> > Andrew Bartlett
> > --
> > Andrew Bartlett                       http://samba.org/~abartlet/
> > Authentication Developer, Samba Team  http://samba.org
> > Samba Developer, Catalyst IT          http://catalyst.net.nz/servic
> > es/samba
> > 
> > 
> 
-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list