[Samba] migrate users to ldap

tarjei tarjei at nu.no
Fri Mar 9 08:30:22 GMT 2007

Markus Krause wrote:
> thanks for your answer!
> Zitat von Felipe Augusto van de Wiel <felipe at paranacidade.org.br>:
>> Hash: SHA1
>> On 02/27/2007 08:16 PM, Markus Krause wrote:
>>> Thank you for your answer.
>>> I actually did not point out exactly enough what i want to do,
>>> sorry for that ...
>>> I read these postings and also some sections in the samba howto
>>> and several descriptions on the net, but i understand all these
>>> in that way, that the samba server is reconfigured to use ldap
>>> and "stays" there. at the moment we are some time away from
>>> finally migrating all samba accounts, which are currently stored
>>> in smbpasswd, to ldap and it is no option to take down and
>>> reconfigure samba even for a short time.
>>     Hmmm, sorry, but I can see how you want to accomplish that.
>> You are changing the backend, you need to tell samba about this.
> well, that exactly is the point, i do _not_ want to or better simply 
> _cannot_ change the backend at the moment, i just want/need a snapshot 
> of the current samba accounts in smbpasswd and _copy_ them in ldap. 
> the samba server should not even know about that! the problem is that 
> we can not switch off our samba server for even some minutes (at least 
> without a notice several days in advance!), we have several terabytes 
> of data, about 1500 accounts, and as the most of them are scientists 
> and quite a lot are even working nights and weekends so there is 
> actually no time the (samba) fileserver is not in (heavy) use...
> and to make some serious testing on reliablity (and a lot other 
> things) i need just a copy of all accounts in ldap.
Can't you just make a copy of the smbpasswd file and then use the 
migration scripts on that?

Then, you should set up a version of the new server in a testlab and 
check for other issues like machine passwords etc.
>>> so what i in fact need is a way to get a snapshot of the current
>>> accounts and copy them into ldap, the samba server should/can/must
>>> not be touched (i mean start/stop/reconfigure etc.) in any way
>>> during this process. can this be done ?
>>     I'm not sure I _really_ understood what you want, but
>> using some of the famous migration script, you can create your
>> new LDAP database in a few minutes, them you need to tell
>> Samba to start using the new backend (LDAP) instead of the old
>> backend (smbpasswd file).
> volker gave some hints on how to do this (using pdbedit and a separate 
> config file) and i'll try that as soon i have compiled a version of 
> pdbedit with ldapsam support included ... as soon i got this done i'll 
> report in case someone else may search the archives ;-)
> regards
>    markus
> +-----------------------------------------------------------------+
> | Markus Krause, Mogli-Soft                                       |
> | Support for Mac OS X, Webmail/Horde, LDAP, RADIUS               |
> | by order of the                                                 |
> |    Computing Center of the Max-Planck-Institute of Biochemistry |
> +--------------------------------+--------------------------------+
> | E-Mail: krause at biochem.mpg.de  |  Tel.: 089 - 89 40 85 99       |
> |         markus.krause at mac.com  |  Fax.: 089 - 89 40 85 98       |
> |  Skype: markus.krause          | iChat: markus.krause at mac.com   |
> +--------------------------------+--------------------------------+
> ----------------------------------------------------------------------
>      This message was sent using https://webmail2.biochem.mpg.de
> If you encounter any problems please report to rz-linux at biochem.mpg.de
> --To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list