[Samba] Samba and Migration to an existing LDAP backend
John H Terpstra - Samba Team
jht at samba.org
Tue May 19 22:57:12 GMT 2009
John Goubeaux wrote:
> I have a new build of samba 3.3.0 ( stand alone file server ) which is
> configured to find all user data in an ldap directory, eg passdb backend
> = ldapsam. After testing I have confirmed that it all seems to work as
> it should with a test set of users.
> Now I need to figure out the best way to migrate the shares and users
> from the old system ( that used /etc/passwd to store user auth info) to
> this new one. The users already have Directory entries in the ldap which
> is used for a variety of existing services . Meaning, all I want to do
> is populate their existing entries with the proper attributes and
> re-mout the shares on the new server and NOT have to have them re-enter
> a new passwd, but use the existing Directory passwd that is already in
> their entry.
> So far the only way I can see to get their existing directory entry to
> work is to run pdbedit -a <userid> which prompts for the users
> passwd and which then populates their directory entry with all the
> samba attributes such as the sambasid and sambantpasswd which have
> unique values.
> My question is then: Is there another way to get their directory entry
> populated with these values without having to re-enter their passwd ( eg
> have the user retype their passwd) at the pdbedit prompt ? Also, it
> seems that down the road if a user changes their directory passwd this
> process will have to be repeated to re-sync the unique samba values.
> Am I missing something with regard to the samba attribute values and
> their relationship with existing uid and userpassword values in a
> directory ?
> Any advice on options is appreciated..
You can migrate all your /etc/passwd, /etc/shadow, /etc/group entries to
LDAP using the PADL Migration Tools. See:
After the UNIX system accounts have been migrated to LDAP, just execute:
pdbedit -i smbpasswd -e ldapsam
pdbedit -i smbpasswd -e ldapsam -g
The first migrates user SambaSAM account info, the second your group
PS: If your samba account info is in tdb files (ie: tdbsam) then execute:
pdbedit -i tdbsam -e ldapsam
pdbedit -i tdbsam -e ldapsam -g
- John T.
John H Terpstra
"If at first you don't succeed, don't go sky-diving!"
More information about the samba