[Samba] Domain migration from 2.2.x to 3.0.x

Adam Williams awilliam at mdah.state.ms.us
Fri Aug 11 19:39:40 GMT 2006 

be sure to copy over all of the .tdb files under /var/*/samba

Logan Shaw wrote:
> On Fri, 11 Aug 2006, Rory Vieira wrote:
>> One of my customers is running a pretty old Redhat 8 (Psyche) server
>> with Samba 2.2.something (I think 7). Next week I'm planned to upgrade
>> his Redhat platform to SuSE 9.3 and also update his samba to 3.0.23b.
>
> I did almost the exact same thing going from RedHat 7.2 with Samba 2.2
> to Slackware 10.2 with Samba 3.0.22, and managed to pull it off with
> no real problems.
>
>> My biggest worry is that this customer has about 14 workstations
>> already in the 2.2.x domain.
>> I would like to know WHAT to do so I won't have to re-add all those
>> machines again, as this will take up a lot of my time.
>
>> From memory, I believe you need to do the following:
>
> 1)  Copy the machine accounts over, preserving the flags,
>     the LM and NT hashed passwords, etc.  They are just
>     smbpasswd entries with special usernames (with "$" in them),
>     so this isn't all that complicated.  With only 14 machines,
>     I might just do it by hand.
>
> 2)  Make sure the new server has the same NetBIOS name
>     as the old.  (This might not be necessary.  On the other
>     hand, you probably want to do it anyway.)
>
> 3)  Make sure the new server has the same domain as the old.
>
> 4)  Make sure the new server has the same SID as the old.
>     There are lots of ways of doing this, but I believe the
>     one I used was to run "rpcclient"'s "lookupsids" command
>     against the domain itself to get the old SID on 2.2.x, then
>     I used "net setlocalsid" to set it on the new 3.0.22 system.
>     Or something along those lines.  :-)
>
> 5)  This might or might not be necessary, but make sure the
>     machine accounts have the same SID as before as well.
>
> That list might not be complete.  For me, things were
> easier since I was moving from one machine to another in the
> process, so I could compare settings on both and make changes
> incrementally until I was satisfied everything was good.
>
>   - Logan

More information about the samba mailing list