[Samba] migrate from existing MIT kerberos / openldap

Andrew Bartlett abartlet at samba.org
Fri Aug 31 19:34:50 UTC 2018


On Fri, 2018-08-31 at 15:50 +0200, Christian via samba wrote:
> Dear all,
> 
> is it possible to migrate from an existing MIT kerberos / openldap
> setup
> to samba AD? We can re-create the accounts through a script, but it
> would be nice to be able to keep passwords for users and machine
> accounts / keytabs which are in our existing KDC. Thanks for any
> insights,
> 
> Christian

I think someone has done it before, for the arcfour-hmac-md5 keys.
 Those are the easiest to do, because you can extract them and then
force them into the unicodePwd attribute.

Have a good study of how the classicupgrade code works and the magic
control to allow you to set the backend password attributes directly.

/*
 * this should only be used for importing users from Samba3
 */
#define DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID "1.3.6.1.4.1.7165.4.3.12"

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba






More information about the samba mailing list