[Samba] migrate from existing MIT kerberos / openldap
Andrew Bartlett
abartlet at samba.org
Fri Aug 31 19:34:50 UTC 2018
On Fri, 2018-08-31 at 15:50 +0200, Christian via samba wrote:
> Dear all,
>
> is it possible to migrate from an existing MIT kerberos / openldap
> setup
> to samba AD? We can re-create the accounts through a script, but it
> would be nice to be able to keep passwords for users and machine
> accounts / keytabs which are in our existing KDC. Thanks for any
> insights,
>
> Christian
I think someone has done it before, for the arcfour-hmac-md5 keys.
Those are the easiest to do, because you can extract them and then
force them into the unicodePwd attribute.
Have a good study of how the classicupgrade code works and the magic
control to allow you to set the backend password attributes directly.
/*
* this should only be used for importing users from Samba3
*/
#define DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID "1.3.6.1.4.1.7165.4.3.12"
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list