[Samba] Import samba 3 to samba 4

Michael Wood esiotrot at gmail.com
Sat Aug 7 17:44:38 MDT 2010

On 7 August 2010 19:11, Nico Kadel-Garcia <nkadel at gmail.com> wrote:
> On Mon, Aug 2, 2010 at 10:06 AM, Dave Thurston <dthurston at comcast.net> wrote:
>> I have searched but I have yet to find a method to import users and passwords from
>> a samba3/ldap system to samba4. Is there available a method of doing this?
> Why do you need to import? Isn't the backend Kerberos and the account
> informat sufficiently similar that you can simply switch over?
> (I ask as someone using Samba 3, eyeing Samba 4 with interest to get
> LDAP out of the hands of Active Directory.)

By default Samba 4 uses its own built in LDAP server and the OpenLDAP
backend is currently not working properly.

I have managed to migrate users from an Apple Open Directory server
(which is based on MIT Kerberos and OpenLDAP) to Samba 4, but I was
only using Open Directory for authentication of one service.  No
machines joined to OD or anything like that.

All I needed to do was dump the kerberos database, import it to
Heimdal, dump it from Heimdal again and then use the password hashes
from the Heimdal dump to create the necessary unicodePwd attributes in
Samba's directory.  After that I used ldapsearch to get hold of the
groups each user was a member of and then used ldbmodify (or perhaps
ldapmodify.  I can't remember now) to migrate them to Samba.

I've never used Samba 3 as a PDC, so I'm not sure what the LDAP schema
looks like and how it differs from what Samba 4 uses, but as long as
the password hashes are in a compatible format, I imagine it's just a
matter of slapcat or ldapsearch, munging the results and then
ldbmodify to add the users to Samba 4.

I don't know of an existing script to do this.

Cc: samba-technical

Michael Wood <esiotrot at gmail.com>

More information about the samba mailing list