[Samba] Re: Migration to Samba.

zarrabeitia at gmail.com zarrabeitia at gmail.com
Sun Mar 9 14:54:24 GMT 2008 

Replying to myself:

The problem with changing the SID was that I wasn't changing the SID
everywere. I was changing the SID only on my net setlocalsid,
setdomainsid and the smbldap config file... After I did the
smbldap-populate again, everything worked (the new samba domain now
has the same sids as the AD and the windows clients recognize the
identities).

Now I need to bulk-export and import the users. I'm writing a script
to turn the ldifde output from the AD into a smbldap friendly schema.
Is there a better way?

And, what could be the smbldap-populate be changing that was required
for the sid change to work?

Thanks!

Zarrabeitia

On Sat, Mar 8, 2008 at 7:22 PM,  <zarrabeitia at gmail.com> wrote:
> Hi there.
>
>  [I just asked this over the irc channel, but since I got no reply, I
>  decided to cross-post here. Please forgive me if that is incorrect]
>
>  I'm trying to migrate an Active Directory domain (that is being used
>  only for authentication) to a samba3 domain. The network is small
>  enough to rejoin the clients one by one and recreate the user accounts
>  if necessary. However, the new user accounts don't have access to
>  their old folders. I've tried giving the new domain the same SID as
>  the old domain, but in that case, the windows clients refuse to join
>  the domain (they report a 'rpc error').
>
>  Is there anything I can do?
>
>  I think the ideal solution would be to emulate the sidHistory field
>  from the AD, but a message from 2005 (i think) on this list said it
>  was not possible with Samba3. Has that situation changed?
>
>  I've also tried to use the moveuser.exe command, to no avail. It
>  either claims that cannot find the account, or that the account
>  already exists, and fails in both cases.  The "profile wizard" from
>  forensit fails when trying to determine if the accounts are using
>  remote profiles.
>
>  I'd appreciate any advise you can give me.
>
>  (BTW, if there is a way to extract the password and machine account
>  information from the AD, let me know!)
>
>  Thanks,
>
>  Zarrabeitia.
>

More information about the samba mailing list