[Samba] NT4 Migration -> Samba 3.0.2a + LDAP
indorama at rad.net.id
Mon Feb 16 05:35:29 GMT 2004
* Andrew Bartlett <abartlet at samba.org> nulis:
> On Sat, 2004-02-14 at 20:18, Pirkka Luukkonen wrote:
> > Hi!
> > How can I maintain users old NT RIDs while migrating to Samba PDC when they
> > start from 1000. The RID to UID conversion algorithm is RID = 2 * UID + 1000
> > so the user with RID of 1000 would be root (0 * 2 + 1000 = 1000) on Unix.
> > Maintaining the old RIDs is essential for migrating on-the-fly, because
> > re-adding hundreds of computers to domain and losing local user profiles is
> > not an option.
The only way to achieve these requirement is to use pwdump on NT PDC.
>From there you'll get old RID and hashes for machine+useraccount.
Beware that pwdump sometimes can not retrive the hashes and hashes for machine is not correct if machine is joined more than x months.
x = unknown value, maybe 1 or 2.
Thanks for asking, I have similar questions. Is there any (big) company migrate from NT4 to samba3 (with at least 500 clients)? How they migrate? build fresh domain name or using existing domain name? How they avoid re-join all clients?
Any body here using samba 3 on production with > 500 win clients?
> Samba will first try to match names to SIDs via getpwnam().
> If you are concerned by the algorithmic assignment of SIDs conflicting
> with the NT4 sids, then you might want to use 'algorithmic rid base =
> <large number>' to 'push' the algorithmic RIDs higher.
This is not answer the original questions, IMO.
Using new rid will force user to create new profile instead of using old profile, even if domain SID and domain Name is same. Any acl which based on old rid will be mark as 'unknown account'.
> Andrew Bartlett
> Andrew Bartlett abartlet at pcug.org.au
> Manager, Authentication Subsystems, Samba Team abartlet at samba.org
> Student Network Administrator, Hawker College abartlet at hawkerc.net
> http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba