[Samba] Provision new domain keeping users and passwords
Andrew Bartlett
abartlet at samba.org
Wed Mar 29 18:46:45 UTC 2017
On Wed, 2017-03-29 at 10:50 -0300, Jeanderson Soares via samba wrote:
> Yes, but for DC you should use tdbsam instead of smbpasswd in the "-
> e" and'
> "-i" parameters.
>
> After that, I had some problems with the RIDs when creating new
> users, and
> had to manually change the ridnextrid attribute.
Indeed, this is the biggest risk I would see with this approach.
The latest Samba 4.5 has some more protections against this: If you
run dbcheck after this 'migration' it will try and correctly reset the
ridnextrid values.
You will also loose the AES kerberos keys.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list