[Samba] Samba and Migration to an existing LDAP backend

John H Terpstra - Samba Team jht at samba.org
Tue May 19 22:57:12 GMT 2009

John Goubeaux wrote:
> Folks,
> I have a new build of samba  3.3.0  ( stand alone file server ) which is
> configured to find all user data in an ldap directory, eg passdb backend
> = ldapsam.  After testing I have confirmed that it all seems to work as
> it should with a test set of users.
> Now I need to figure out the best way to migrate the shares and users
> from the old system ( that used  /etc/passwd to store user auth info) to
> this new one. The users already have Directory entries in the ldap which
> is used for a variety of existing services .  Meaning, all I want to do
> is populate their existing entries with the proper attributes and
> re-mout the shares on the new server and NOT have to have them re-enter
> a new passwd,  but use the existing Directory passwd that is already in
> their entry.
> So far the only way I can see to get their existing directory entry to
> work is to run   pdbedit -a <userid>   which prompts for the users
> passwd and which then populates their  directory entry with all the
> samba attributes  such as the sambasid and sambantpasswd which have
> unique values.
> My question is then:  Is there another way to get their directory entry
> populated with these values without having to re-enter their passwd ( eg
> have the user retype their passwd) at the pdbedit prompt ?  Also, it
> seems that down the road if a user changes their directory passwd this
> process will have to be repeated to re-sync the unique samba values.
> Am I missing something with regard to the samba attribute values and
> their relationship with existing uid and userpassword values in a
> directory ?
> Any advice on options is appreciated..
> -john


You can migrate all your /etc/passwd, /etc/shadow, /etc/group entries to
LDAP using the PADL Migration Tools. See:

After the UNIX system accounts have been migrated to LDAP, just execute:
	pdbedit -i smbpasswd -e ldapsam
	pdbedit -i smbpasswd -e ldapsam -g

The first migrates user SambaSAM account info, the second your group

PS: If your samba account info is in tdb files (ie: tdbsam) then execute:
	pdbedit -i tdbsam -e ldapsam
	pdbedit -i tdbsam -e ldapsam -g

- John T.
John H Terpstra

"If at first you don't succeed, don't go sky-diving!"

More information about the samba mailing list