[Samba] Domain migration from 2.2.x to 3.0.x

[Logan Shaw]

On Fri, 11 Aug 2006, Rory Vieira wrote:
> One of my customers is running a pretty old Redhat 8 (Psyche) server
> with Samba 2.2.something (I think 7). Next week I'm planned to upgrade
> his Redhat platform to SuSE 9.3 and also update his samba to 3.0.23b.

I did almost the exact same thing going from RedHat 7.2 with Samba 2.2
to Slackware 10.2 with Samba 3.0.22, and managed to pull it off with
no real problems.

> My biggest worry is that this customer has about 14 workstations
> already in the 2.2.x domain.
> I would like to know WHAT to do so I won't have to re-add all those
> machines again, as this will take up a lot of my time.

>From memory, I believe you need to do the following:

1)  Copy the machine accounts over, preserving the flags,
     the LM and NT hashed passwords, etc.  They are just
     smbpasswd entries with special usernames (with "$" in them),
     so this isn't all that complicated.  With only 14 machines,
     I might just do it by hand.

2)  Make sure the new server has the same NetBIOS name
     as the old.  (This might not be necessary.  On the other
     hand, you probably want to do it anyway.)

3)  Make sure the new server has the same domain as the old.

4)  Make sure the new server has the same SID as the old.
     There are lots of ways of doing this, but I believe the
     one I used was to run "rpcclient"'s "lookupsids" command
     against the domain itself to get the old SID on 2.2.x, then
     I used "net setlocalsid" to set it on the new 3.0.22 system.
     Or something along those lines.  :-)

5)  This might or might not be necessary, but make sure the
     machine accounts have the same SID as before as well.

That list might not be complete.  For me, things were
easier since I was moving from one machine to another in the
process, so I could compare settings on both and make changes
incrementally until I was satisfied everything was good.

   - Logan