[Samba] NT4 Migration -> Samba 3.0.2a + LDAP
abartlet at samba.org
Mon Feb 16 11:05:05 GMT 2004
On Mon, 2004-02-16 at 16:35, Beast wrote:
> * Andrew Bartlett <abartlet at samba.org> nulis:
> > On Sat, 2004-02-14 at 20:18, Pirkka Luukkonen wrote:
> > > Hi!
> > >
> > > How can I maintain users old NT RIDs while migrating to Samba PDC when they
> > > start from 1000. The RID to UID conversion algorithm is RID = 2 * UID + 1000
> > > so the user with RID of 1000 would be root (0 * 2 + 1000 = 1000) on Unix.
> > > Maintaining the old RIDs is essential for migrating on-the-fly, because
> > > re-adding hundreds of computers to domain and losing local user profiles is
> > > not an option.
> The only way to achieve these requirement is to use pwdump on NT PDC.
I don't see how this is relevant. 'net rpc vampire' gets the passwords
very nicely and migrates much more than pwdump. As I said, in
particular it gets the SIDs right.
> >From there you'll get old RID and hashes for machine+useraccount.
> Beware that pwdump sometimes can not retrive the hashes and hashes for machine is not correct if machine is joined more than x months.
> x = unknown value, maybe 1 or 2.
The issue would no doubt be the same for 'net rpc vampire', as they read
the same password database.
> Thanks for asking, I have similar questions. Is there any (big)
> company migrate from NT4 to samba3 (with at least 500 clients)?
> How they migrate? build fresh domain name or using existing domain
> name? How they avoid re-join all clients?
> Any body here using samba 3 on production with > 500 win clients?
They use 'net rpc vampire', as documented in the HOWTO. This ensures
that the SIDs are accurate, as are the passwords. The clients should
not be able to tell the difference (or wont care, once you get the
You need to use 'ldapsam' or 'tdbsam', you cannot use smbpasswd. Both
backends can store arbitrary RIDs, to satisfy exactly this requirement.
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040216/deabad5f/attachment.bin
More information about the samba