[Samba] Import samba 3 to samba 4

Stefan (metze) Metzmacher metze at samba.org
Tue Aug 10 04:53:09 MDT 2010

Am 10.08.2010 11:39, schrieb Lukasz Zalewski:
> On 08/08/2010 12:44 AM, Michael Wood wrote:
>> On 7 August 2010 19:11, Nico Kadel-Garcia<nkadel at gmail.com>  wrote:
>>> On Mon, Aug 2, 2010 at 10:06 AM, Dave
>>> Thurston<dthurston at comcast.net>  wrote:
>>>> I have searched but I have yet to find a method to import users and
>>>> passwords from
>>>> a samba3/ldap system to samba4. Is there available a method of doing
>>>> this?
>>> Why do you need to import? Isn't the backend Kerberos and the account
>>> informat sufficiently similar that you can simply switch over?
>>> (I ask as someone using Samba 3, eyeing Samba 4 with interest to get
>>> LDAP out of the hands of Active Directory.)
>> By default Samba 4 uses its own built in LDAP server and the OpenLDAP
>> backend is currently not working properly.
>> I have managed to migrate users from an Apple Open Directory server
>> (which is based on MIT Kerberos and OpenLDAP) to Samba 4, but I was
>> only using Open Directory for authentication of one service.  No
>> machines joined to OD or anything like that.
>> All I needed to do was dump the kerberos database, import it to
>> Heimdal, dump it from Heimdal again and then use the password hashes
>> from the Heimdal dump to create the necessary unicodePwd attributes in
>> Samba's directory.  After that I used ldapsearch to get hold of the
>> groups each user was a member of and then used ldbmodify (or perhaps
>> ldapmodify.  I can't remember now) to migrate them to Samba.
>> I've never used Samba 3 as a PDC, so I'm not sure what the LDAP schema
>> looks like and how it differs from what Samba 4 uses, but as long as
>> the password hashes are in a compatible format, I imagine it's just a
>> matter of slapcat or ldapsearch, munging the results and then
>> ldbmodify to add the users to Samba 4.
>> I don't know of an existing script to do this.
> I have started writing a script that will pull account information
> (Users, Groups and Computers) from s3's ldap backend and import it to
> s4. its still early days though. I'm pretty sure that there will be
> loads of hurdles to jump before is in any usable state

I've something that's is almost done for users, groups and computers.

It needs a lot of cleanup, then I'll commit it to master/example/*.

Currently the script 'myldap-pub.py' expects input.ldif hardcoded (later
we can also support ldap urls)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20100810/355181ce/attachment-0001.pgp>

More information about the samba mailing list