[Samba] Upgrading LDAP entries from 2.2.7 for Samba 3 not
happening
Andrew Bartlett
abartlet at samba.org
Sat Mar 27 00:54:52 GMT 2004
On Sat, 2004-03-27 at 08:47, jamie wrote:
> I know I'm not the only person to upgrade from 2.2.7 to 3.0. Some one PLEASE
> chime in. I have 600+ users coming back from spring break Monday!
>
> PLEASE PLEASE PLEASE HELP!
>
> jamie
>
> On 3/25/04 4:44 PM, "jamie" <mcparlandj at newberg.k12.or.us> wrote:
>
> > We have been using samba 2.2.7 for awhile now with ldap no problem. We are
> > ready to move to Samba 3 though, and this is where the trouble begins.
> > We do not have a domain set up. We have a few samba boxes and they just use
> > the ldap servers to get their passwords from. (no roaming desktops or
> > anything like that.)
> >
> > I did a bit of reading up and see that I need to run the convertSambaAccount
> > script against an ldif export.
> >
> > So here's what I did
> >
> > ldapsearch -LL -x -h localhost -D
> > "uid=root,ou=People,dc=newberg,dc=k12,dc=or,dc=us" -b
> > "ou=People,dc=newberg,dc=k12,dc=or,dc=us" -w > old.ldif
> >
> > I got an ldif no problem. I don't really know what a SID is or what's it
> > for. Something to do with having a domain (which we don't)
> >
> > So I try this
> >
> > [root at ldap /]# net getlocalsid
> > bash: net: command not found
> >
> > So i can't get the SID from this machine.
> >
> > I decide to just make one up and try that.
> >
> > /convertSambaAccount --input=old.ldif --output new.ldif --changetype=modify
> > --sid=S-1-0-0
That is a *really* bad idea. There is a SID, and you can find it out.
Use the 'net' command from 3.0, it does not exist in 2.2. There is also
an smbpasswd option I think.
If you want to keep your existing Samba 2.2 schema in LDAP, that is
supported. Simply use ldapsam_compat, or configure --with-ldapsam
(which enables the compatibility modes by default)
If you want to move to the 3.0 schema, you will find that there is a
one-domain per LDAP subtree restriction, that is, all the machines
talking to those entries in LDAP must agree to be part of a single
domain.
Simply nominate a master box as PDC, and the rest as There is no need
to have actual clients in the domain.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040327/9f1a8fe2/attachment.bin
More information about the samba
mailing list