[Samba] Upgrading LDAP entries from 2.2.7 for Samba 3 not
abartlet at samba.org
Sat Mar 27 00:54:52 GMT 2004
On Sat, 2004-03-27 at 08:47, jamie wrote:
> I know I'm not the only person to upgrade from 2.2.7 to 3.0. Some one PLEASE
> chime in. I have 600+ users coming back from spring break Monday!
> PLEASE PLEASE PLEASE HELP!
> On 3/25/04 4:44 PM, "jamie" <mcparlandj at newberg.k12.or.us> wrote:
> > We have been using samba 2.2.7 for awhile now with ldap no problem. We are
> > ready to move to Samba 3 though, and this is where the trouble begins.
> > We do not have a domain set up. We have a few samba boxes and they just use
> > the ldap servers to get their passwords from. (no roaming desktops or
> > anything like that.)
> > I did a bit of reading up and see that I need to run the convertSambaAccount
> > script against an ldif export.
> > So here's what I did
> > ldapsearch -LL -x -h localhost -D
> > "uid=root,ou=People,dc=newberg,dc=k12,dc=or,dc=us" -b
> > "ou=People,dc=newberg,dc=k12,dc=or,dc=us" -w > old.ldif
> > I got an ldif no problem. I don't really know what a SID is or what's it
> > for. Something to do with having a domain (which we don't)
> > So I try this
> > [root at ldap /]# net getlocalsid
> > bash: net: command not found
> > So i can't get the SID from this machine.
> > I decide to just make one up and try that.
> > /convertSambaAccount --input=old.ldif --output new.ldif --changetype=modify
> > --sid=S-1-0-0
That is a *really* bad idea. There is a SID, and you can find it out.
Use the 'net' command from 3.0, it does not exist in 2.2. There is also
an smbpasswd option I think.
If you want to keep your existing Samba 2.2 schema in LDAP, that is
supported. Simply use ldapsam_compat, or configure --with-ldapsam
(which enables the compatibility modes by default)
If you want to move to the 3.0 schema, you will find that there is a
one-domain per LDAP subtree restriction, that is, all the machines
talking to those entries in LDAP must agree to be part of a single
Simply nominate a master box as PDC, and the rest as There is no need
to have actual clients in the domain.
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040327/9f1a8fe2/attachment.bin
More information about the samba