[Samba] migrate from existing MIT kerberos / openldap
abartlet at samba.org
Fri Aug 31 19:34:50 UTC 2018
On Fri, 2018-08-31 at 15:50 +0200, Christian via samba wrote:
> Dear all,
> is it possible to migrate from an existing MIT kerberos / openldap
> to samba AD? We can re-create the accounts through a script, but it
> would be nice to be able to keep passwords for users and machine
> accounts / keytabs which are in our existing KDC. Thanks for any
I think someone has done it before, for the arcfour-hmac-md5 keys.
Those are the easiest to do, because you can extract them and then
force them into the unicodePwd attribute.
Have a good study of how the classicupgrade code works and the magic
control to allow you to set the backend password attributes directly.
* this should only be used for importing users from Samba3
#define DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID "22.214.171.124.4.1.7126.96.36.199"
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba