[Samba] migrate machine-passwords from smbpasswd to ldap?

Stefan Schmitz stevie-s at gmx.de
Fri Jan 12 16:38:46 GMT 2007


Hi Peter,

I didnt test it but

pdbedit -i smbpasswd:/etc/smbpasswd -e ldapsam

should do the job! Ther is also a parameter -g wich applies to group
mappings (Are they available in Samba 2 ???).

Good luck.

peter pilsl schrieb:
> 
> I'm just migrating a whole samba-installations ffrom old 2.2 to 3.0 with
> LDAP.
> I was successfully able to migrate all useraccounts with smbldap-useradd
> but now I'm stuck with the machine-accounts. All machines are part of
> the domain and they should be able to logon the new server without
> noticing any difference.
> 
> I can add them with smbldap-useradd -w but the resulting ldap-entry does
> not have any samba-attributes, especially the sambaNTpassword and
> sambaLMpassword-fields are not set !!
> 
> I think that these passwords are essential to keep the trustrelation
> between server and machines.
> 
> I'm not sure about some details also:
> 
> 1) the machines still have the $ as last name, so the machine  dummy
> should be in the ldap-structure with uid=dummy$ ?!
> 
> 2) am I right that sambaNTPassword and sambaLMPassword needs to be the
> same on the new installation than the old one to let the machines stay
> in the domain without needing to leave and rejoin?
> 
> 3) what about sambaSID for the existing machine? How do I get the
> correct sambaSID? Is the same than with users?  domainSID-1000+2*uid ?
> 
> 4)  Do I need to add a machine as normal user first and then as machine,
> cause when I try to add the machine with pdbedit I get the following error:
> 
> #pdbedit -a -m -u ihf23$ 2>&1
> doing parameter max log size = 10000
> pm_process() returned Yes
> Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=IHF))]
> smbldap_open_connection: connection opened
> ldap_connect_system: succesful connection to the LDAP server
> The LDAP server is succesfully connected
> Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=IHF))]
> smbldap_open_connection: connection opened
> ldap_connect_system: succesful connection to the LDAP server
> The LDAP server is succesfully connected
> ldapsam_add_sam_account: Adding new user
> init_ldap_from_sam: Setting entry for user: ihf23$
> ldapsam_modify_entry: Failed to add user dn=
> uid=ihf23$,ou=smbComputers,dc=ihf,dc=local with: Object class violation
>         object class 'sambaSamAccount' requires attribute 'sambaSID'
> ldapsam_add_sam_account: failed to modify/add user with uid = ihf23$ (dn
> = uid=ihf23$,ou=smbComputers,dc=ihf,dc=local)
> Unable to add machine! (does it already exist?)
> 
> 
> thnx,
> peter
> 
> 
> 



More information about the samba mailing list