[Samba] migrate from existing MIT kerberos / openldap

Andrew Bartlett abartlet at samba.org
Fri Aug 31 19:34:50 UTC 2018

On Fri, 2018-08-31 at 15:50 +0200, Christian via samba wrote:
> Dear all,
> is it possible to migrate from an existing MIT kerberos / openldap
> setup
> to samba AD? We can re-create the accounts through a script, but it
> would be nice to be able to keep passwords for users and machine
> accounts / keytabs which are in our existing KDC. Thanks for any
> insights,
> Christian

I think someone has done it before, for the arcfour-hmac-md5 keys.
 Those are the easiest to do, because you can extract them and then
force them into the unicodePwd attribute.

Have a good study of how the classicupgrade code works and the magic
control to allow you to set the backend password attributes directly.

 * this should only be used for importing users from Samba3

Andrew Bartlett

Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list