[Samba] Migrating from Samba2.2.8a+LDAP+PDC to Samba3+ldapsam

Buchan Milne bgmilne at cae.co.za
Fri Nov 7 15:36:00 GMT 2003 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Message: 28
> Date: Wed, 05 Nov 2003 20:52:44 +0100
> From: G?mes G?za <geza at kzsdabas.sulinet.hu>
> Subject: Re: [Samba] Migrating from Samba2.2.8a+LDAP+PDC to
> 	Samba3+ldapsam
> To: Sebasti?n Abate <abates at telcomsistemas.com.ar>
> Cc: samba at lists.samba.org
> Message-ID: <3FA9550C.9060503 at kzsdabas.sulinet.hu>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>

> Hi I did something like this, Mandrake 9.1, the steps to the success
where:
> 1. edit /etc/samba3/smb.conf to suit your old setup: Workgroup, Netbios
> name, shares, ldap settings etc
> 2.  stop samba-2
> 3.  copy /etc/samba/secrets.tdb to /etc/samba3
> 4.  start samba-3
> 5.  run net3 getlocalsid, and save the result to a file
> 6.  stop samba-3
> 7.  remove /etc/samba3/secrets.tdb
> 8.  start samba-3
> 9.  run net3 setlocalsid previously saved SID

Instead of steps 2-9, you can extract the SID using smbpasswd -X
<domain>, and import it with 'net3 setlocalsid <SID>'

> 10. run smbpasswd3 -w password, just like you did with samba-2
> You could say, that steps 6-10 are needless, maybe you are right, but I
> felt more comfortable using a samba3 generated tdb file.
> 11. dump your ldap database to ldif format
> 12. run /usr/share/samba3/scripts/convertSambaAccount --input
> your-old-ldif-file --output your-modified-ldif-file --sid
> your-previously saved domain SID
> 13. comment out samba schema from /etc/openldap/slapd.conf, and include
> the new samba3 schema
> 14. stop ldap
> 15. delete everything from /var/lib/ldap, making a backup would be
advisable
> 16. start ldap
> 17. import your-modified-ldif-file to ldap

Instead of steps 11-17, you can instead:
/usr/share/samba3/scripts/convertSambaAccount --input \
your-old-ldif-file --output your-modified-ldif-file --sid \
 your-previously saved domain SID --changetype modify

# ldapmodify -x -D "ldap admin dn" -W -ZZ -f your-modified-ldif-file

This method allows you to have changes propogated to slave servers, and
allows you to have less down time.

Also, once you have done this, you will need to add group mappings for
all the primary groups of your users etc.

Note, I haven't migrated our production network, only done it on my test
network ...

Feedback welcome as always, and you guys might want to add some notes on
the Mandrake community wiki at http://mandrake.vmlinuz.ca

Regards,
Buchan

- --
|--------------Another happy Mandrake Club member--------------|
Buchan Milne                Mechanical Engineer, Network Manager
Cellphone * Work            +27 82 472 2231 * +27 21 8828820x202
Stellenbosch Automotive Engineering         http://www.cae.co.za
GPG Key                   http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/q7vfrJK6UGDSBKcRAu8nAKCpDOkRGg02zOmq+L0FfiECR6J6zQCfS9Qh
OvjkBeAIJgRt5i0rEW3YI+g=
=q6fl
-----END PGP SIGNATURE-----

More information about the samba mailing list