[Samba] NT4-Samba Migration Test Results

John H Terpstra jht at samba.org
Thu Oct 9 02:31:45 GMT 2003 

Sapan,

It is of course a pleasure to help you, but I did expect that my reply was
rather specific enough.

Have you read the Samba-HOWTO-Collection.pdf?

Chapter 31 covers the process (Section 31.1.1.2) covers this rather
completely.

Anyhow, here we go:

1. Configure smb.conf for BDC

   [globals]
	workgroup = NT4DOMAIN
	netbios name = NEWSERVER
	passdb backend = tdbsam
	domain master = No
	domain logons = Yes
	os level = 33
	add user script = /usr/sbin/useradd -m %u
	delete user script = /usr/sbin/userdel %u
	add group script = /usr/sbin/groupadd %g
	add machine script =
		/usr/sbin/useradd -d /dev/null -s /bin/false %u
	wins server = x.x.x.x

2. Join the domain as a BDC server:

	net rpc join -UAdministrator%passsword

3. Migrate accounts:

	net rpc vampire -UAdministrator%password

4. Shutdown NT4 PDC

5. Convert Samba-3 BDC to PDC, and make it the WINS server:

   [globals]
        workgroup = NT4DOMAIN
        netbios name = NEWSERVER
	passdb backend = tdbsam
        domain master = Yes
        domain logons = Yes
        os level = 33
        add user script = /usr/sbin/useradd -m %u
        delete user script = /usr/sbin/userdel %u
        add group script = /usr/sbin/groupadd %g
        add machine script =
                /usr/sbin/useradd -d /dev/null -s /bin/false %u
        wins support = Yes

6. Start Samba PDC.


If all worked correctly then your existing Windows NT4 Domain clients will
be able to log on just as with the original NT4 PDC.


Gotchas:
--------

The biggest problem will be the migration of NT4 Group accounts.
You will need to either:

a) convert all group names to all lower-case and less than 32 characters

_OR_

b) create your own replacement for the "groupadd" command on your system
so that it can add group names that have a space character in them, and
that can have an upper case character in them. You will also need to
modify the way that the NT Group name is passed to the script.


Here is a script that will do the trick, although it is NOT elegant nor
does it do any safety checks. You might call this script: smbaddgrp.sh
Of course it needs to be set to permissions to execute with:
	chmod 755 smbgrpadd.sh

PS: That script is published on page 144 as Example 12.1 smbgrpadd.sh in
the Samba-HOWTO-Collection.pdf.

--------------------------------------------------
#!/bin/bash

# Add the group using normal system groupadd tool.
groupadd smbtmpgrp00
grpunconv

thegid='cat /etc/group | grep smbtmpgrp00 | cut -d ":" -f3'

# Now change the name to what we want for the MS Windows networking end
cp /etc/group /etc/group.bak cat /etc/group.bak | sed s/smbtmpgrp00/$1/g > /etc/group
grpconv

# Now return the GID as would normally happen.
echo $thegid

exit 0
---------------------------------------------------
You will need to change your smb.conf as follows:

	add group script = /usr/sbin/smbgrpadd.sh "%g"



Finally, please note that you must NOT change the Domain Name (WORGROUP)
or the netbios name of the server. If you do, then the SID will change and
your clients will need to be re-joined to the domain.


Oh, and one more pointer (see page 122, Chapter 11.3.2 - The pdbedit
command) for information on how to migrate your account backend to another
backend format.

For example, if you have your migrated accounts in tdbsam (which stores
the accounts in a file called passdb.tdb) and you want to copy them to an
smbpasswd file you can do this as follows:

	In smb.conf:
		passdb backend = tdbsam, smbpasswd

	Execute:
		pdbedit -i tdbsam -e smbpasswd

If you have your accounts in smbpasswd and you want to migrate them to
tdbsam:

	In smb.conf:
		passdb backend = smbpasswd, tdbsam

	Execute:
		pdbedit -i smbpasswd -e tdbsam

And so on. After migration you can delete the backend that you no longer
need to use from the "passdb backend" parameter line.


Is there something I may have missed? I look forward to your HOWTO.

cheers,
John T.


On Tue, 7 Oct 2003, Ganguly, Sapan  wrote:

>
> If someone answers my question I'll even write a howto!
>
> -----Original Message-----
> From: Ganguly, Sapan
> Sent: 06 October 2003 10:06
> To: 'samba at lists.samba.org'
> Cc: 'jht at samba.org'
> Subject: Re: [Samba] NT4-Samba Migration Test Results
>
>
>
> >Larry,
>
> >I have found that the easiest way to migrate from NT4 to SAmba3 is to:
>
> >1. Use tdbsam as a medium for migration.
> >2. Before migrating accounts:
> >	i. Make sure that you configure your smb.conf carefully
> >	ii. Include all the "user/group/machine scripts"
> >	iii. Do NOT run smbd before vampire is run.
> >3. Set up the smb.conf for a Samba-BDC
> >4. Join the domain before running vampire
> >5. Then finally run vampire.
> >
> >IF you want to use an LDAP or smbpasswd backend, use pdbedit to migrate
> >the database.
>
> >- John T.
>
>
> John,
>
> Would it be possible for you to show us a copy of your smb.conf for each
> stage of your migration?  I'm also interested in how you use pbedit to
> migrate the database.
>
> Thanks,
> Sapan
>

-- 
John H Terpstra
Email: jht at samba.org

More information about the samba mailing list