[Samba] samba 3.0 with ldap / sambaSID

Buchan Milne bgmilne at cae.co.za
Mon Sep 15 13:19:42 GMT 2003 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Message: 6
> Date: Thu, 11 Sep 2003 16:23:46 +0200
> From: Wiktor Wodecki <wiktor.wodecki at net-m.de>
> Subject: [Samba] samba 3.0 with ldap / sambaSID
> To: samba at lists.samba.org
> Message-ID: <20030911162346.F2320 at mail1.d1.net-m.de>
> Content-Type: text/plain; charset=us-ascii
>
> Hello,
>
> I'm lloking for a way to convert my company's existing samba2.2 ldap
> backed service to samba 3.0. What's particulary making me curious is the
> sambaSID. As I've read it is the unique identifier of a PDC in the
> windows world. So, how does samba3 generate this? Is it supposed to be
> changed by the admin or is it determined by samba on the first startup?
> Any pointer to a doc describing this in more depth would be apreciated.

If you are running a recent samba-2.2.x, you can get the domain sid as
follows:

# smbpasswd -X <domain name>

Then, you will want to dump your LDAP db to LDIF (and probably set your
LDAP server to read only for the moment):

# slapcat -l ldap-samba2.ldif

Then, you can either convert the LDIF file to a new LDIF with the new
schema, or you can generate an LDIF file suitable for use with
ldapmodify, using the convertSambaAccount script in examples/LDAP. I
would suggest using the ldapmodify option (works better if you have ldap
 slaves):

# ./convertSambaAccount --input ldap-samba2.ldif --output
ldap-samba2-to-samba3.ldif --changetype modify --sid <DOMAIN SID>

Then, ensure your ldap server is in read-write, and use something like:

# ldapmodify -f ldap-samba2-to-samba3.ldif -x -D "<rootdn>" -W

Note, for samba3 it seems more important that all the groups your users
are members of are in LDAP, and mapped as samba groups.

Regards,
Buchan

- --
|--------------Another happy Mandrake Club member--------------|
Buchan Milne                Mechanical Engineer, Network Manager
Cellphone * Work            +27 82 472 2231 * +27 21 8828820x202
Stellenbosch Automotive Engineering         http://www.cae.co.za
GPG Key                   http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/ZbxtrJK6UGDSBKcRApG5AJ45iNJYKmqQmHJcWxbtQSFgy1wwMQCgn2Ek
olYSZHGVDoI5rJ6yynYGFqI=
=3BF6
-----END PGP SIGNATURE-----

*****************************************************************
Please click on http://www.cae.co.za/disclaimer.htm to read our
e-mail disclaimer or send an e-mail to info at cae.co.za for a copy.
*****************************************************************

More information about the samba mailing list