[Samba] workgroup to domain migration question

De Leeuw Guy G.De_Leeuw at eurofer.be
Tue Jun 26 21:45:56 GMT 2007


Hi all

I try to transform our old workgroup to a domain.
I read a lot of doc about that and smb-ldap tools.
I cannot use smb-ldap tools because I have a running ldap database with
our unix accounts.
I build my own script to update our database.

Questions :
- For the admin account I modify the uid=admin, uidNumber=1033 and
gid=512 to secure the server root account. (no homeDirectory and
loginShell).
It is correct ?

- For the accounts : Administrators, Account Operators, Print
Operators, Backup Operators et Replicators which are the correct SID ?
S-1-5-32-544 or a form like S-1-5-21-374813769-5580279-1681509432-544 ?

- For the sambaSID users I use the localSID + uidNumber it is ok ?
- For the sambaSid groups unix (each user have this own group)
I use localsid + uidNumber + 1000 The primaryGroupSID are needed ? if
yes which ?

- For hosts I use localsid + uidNumber + 2000 ok ?

Could you help me to clarify that ?

Thanks in advance
Guy


More information about the samba mailing list