[Samba] Samba and Migration to an existing LDAP backend
John H Terpstra - Samba Team
jht at samba.org
Wed May 20 00:37:39 GMT 2009
John Goubeaux wrote:
>>
>> John,
>>
>> You can migrate all your /etc/passwd, /etc/shadow, /etc/group entries to
>> LDAP using the PADL Migration Tools. See:
>> http://www.padl.com/OSS/MigrationTools.html
>>
>> After the UNIX system accounts have been migrated to LDAP, just execute:
>> pdbedit -i smbpasswd -e ldapsam
>> pdbedit -i smbpasswd -e ldapsam -g
>>
>> The first migrates user SambaSAM account info, the second your group
>> configuration.
>>
>> PS: If your samba account info is in tdb files (ie: tdbsam) then execute:
>> pdbedit -i tdbsam -e ldapsam
>> pdbedit -i tdbsam -e ldapsam -g
>>
>> - John T.
>> --
>> John H Terpstra
>>
>> "If at first you don't succeed, don't go sky-diving!"
>
>
>
> Thanks John,
>
> What if the user's passwd in /etc/shadow is not the same as in their
> existing directory entry ?
Well, then you will have some resolution work ahead of you!
> Meaning, user <bob> has an /etc/passwd entry ( crypt) for the old
> samba server but ALSO has a directory entry uid=bob, but with a passwd
> (SSSH ) that is different ?
So you set up a new LDAP directory and now you have a problem? You could
dump your current directory, then migrate the existing /etc/passwd and
/etc/shadow info into your LDAP directory, then dump that LDAP directory
contents, then perform a merge of the two directory dumps and then reload.
slapcat and slapadd are you friend - check the man pages.
> I do not see a way to populate their directory entry AND sync up their
> entry without running pdbedit -a bob and entering their Directory
> passwd in clear txt as am prompted.
Why? Why? The use of pbdedit -i source -e ldapsam, where source is
either 'smbpasswd' or 'tdbsam' - is your friend also. This will import
all the SambaSAM info (including Windows passwords) into the LDAP
directory. What part of this does not compute?
> Meaning I am trying to avoid having all the users have to re-enter a
> passwd but maybe this is not possible ?
Sorry, I must have missed something here - the advice I gave was exactly
intent on avoiding the need for users to reenter their passwords.
Please read the man page for pdbedit and take note of the command line
parameters I pointed out to you.
Cheers,
John T.
More information about the samba
mailing list