[Samba] Standalone Server User Import / Export

Rowland penny rpenny at samba.org
Thu Aug 8 19:52:51 UTC 2019 

On 08/08/2019 20:42, David Ayers via samba wrote:
> Am Freitag, den 09.08.2019, 07:08 +1200 schrieb Andrew Bartlett:
>> On Thu, 2019-08-08 at 17:04 +0200, David Ayers via samba wrote:
>>> Hello!
>>>
>>> when using Samba [4.5.16-Debian] as standalone server in Windows
>>> environment to allow certain users to access shares, we are
>>> currently
>>> using the default tdbsam backend with a bunch of users.
>>>
>>> We now want to migrate the users from one standalone server to a
>>> replacement server.  To migrate the users I expected to able to
>>> export
>>> the users (incl. passwords) into a file on one server, copy the
>>> file
>>> over to the new server and import the users there.  Specifically I
>>> expected using:
>>>
>>> old: pdbedit -e tdbsam:/root/samba.user.tdbexp
>>> new: pdbedit -I tdbsam:/root/samba.user.tdbexp
>>>
>>> would do the trick.  A file is created during the export.  The
>>> import
>>> does not complain and has a return value indicating success.  But
>>> pdbedit -L (-v) does not list any of the imported users.
>> Just copy (use tdbbackup for safety if you can't stop Samba) all the
>> tdb files and put them in the same spot on the new server.  That is
>> the
>> easiest way to do this.
>>
>> My guess is that the domain sid has been re-randomised on the new
>> server.  Dump that with 'net' (I forget the subcommand) and force it
>> in again (it is stored in a host-name specific key in secrets.tdb).
> I am not very familiar with the concept of a "domain" in the case of a
> standalone server.

What I was asking was, what are you connecting from  ?

If they are members of an Active Directory domain, you would probably be 
better of changing your standalone server into a Unix domain member, 
that way you can set permissions from Windows.

>
> The new server is indeed simply a new installation with the smb.conf
> edited to match the old one.  My goal is to transfer the users
> including the passwords (which I have no knowledge of) from the old
> server to the new server.
>
>  From your comment I deduce that this may not possible without actually
> copying all tdb files directly.  Is that truly the case?

You should be able export your database, but it isn't working for you, 
so it looks like Andrews idea is the best option.

Rowland

More information about the samba mailing list