[Samba] Standalone Server User Import / Export
ayers at fsfe.org
Thu Aug 8 20:10:27 UTC 2019
Am Donnerstag, den 08.08.2019, 20:52 +0100 schrieb Rowland penny via
> On 08/08/2019 20:42, David Ayers via samba wrote:
> > Am Freitag, den 09.08.2019, 07:08 +1200 schrieb Andrew Bartlett:
> > > On Thu, 2019-08-08 at 17:04 +0200, David Ayers via samba wrote:
> > > > Hello!
> > > >
> > > > when using Samba [4.5.16-Debian] as standalone server in
> > > > Windows
> > > > environment to allow certain users to access shares, we are
> > > > currently
> > > > using the default tdbsam backend with a bunch of users.
> > > >
> > > > We now want to migrate the users from one standalone server to
> > > > a
> > > > replacement server. To migrate the users I expected to able to
> > > > export
> > > > the users (incl. passwords) into a file on one server, copy the
> > > > file
> > > > over to the new server and import the users
> > > > there. Specifically I
> > > > expected using:
> > > >
> > > > old: pdbedit -e tdbsam:/root/samba.user.tdbexp
> > > > new: pdbedit -I tdbsam:/root/samba.user.tdbexp
> > > >
> > > > would do the trick. A file is created during the export. The
> > > > import
> > > > does not complain and has a return value indicating
> > > > success. But
> > > > pdbedit -L (-v) does not list any of the imported users.
> > >
> > > Just copy (use tdbbackup for safety if you can't stop Samba) all
> > > the
> > > tdb files and put them in the same spot on the new server. That
> > > is
> > > the
> > > easiest way to do this.
> > >
> > > My guess is that the domain sid has been re-randomised on the new
> > > server. Dump that with 'net' (I forget the subcommand) and force
> > > it
> > > in again (it is stored in a host-name specific key in
> > > secrets.tdb).
> > I am not very familiar with the concept of a "domain" in the case
> > of a
> > standalone server.
> What I was asking was, what are you connecting from ?
I was logged into the Debian server and executed the command as root
> If they are members of an Active Directory domain, you would probably
> better of changing your standalone server into a Unix domain member,
> that way you can set permissions from Windows.
There was no AD involved when the user was created. Some of clients
that will be connected may be and others won't be part of an AD [mostly
standalone quasi embedded manufacturing CNC-type controller systems,
which probably won't be added to AD in the near future picking up
definition files] but they are all currently not using AD to
authenticate to the standalone server.
In fact I'm currently unsure whether there is an AD at all but I'll
suggest it the administrators there whether they would consider it.
But currently we just want to transfer the same setup.
> > The new server is indeed simply a new installation with the
> > smb.conf
> > edited to match the old one. My goal is to transfer the users
> > including the passwords (which I have no knowledge of) from the old
> > server to the new server.
> > From your comment I deduce that this may not possible without
> > actually
> > copying all tdb files directly. Is that truly the case?
> You should be able export your database, but it isn't working for
> so it looks like Andrews idea is the best option.
Thank you for verifying that it should work as I had imagined. I guess
I'll first try copying the tdb files tomorrow when I have a maintenance
window. If that works, I guess I'll be fine until/if the setup an AD.
Thank you very much!
David Ayers - Team Austria
Free Software Foundation Europe (FSFE)  (http://www.fsfe.org)
Become a supporter of the FSFE!  (https://fsfe.org/join)
Your donation powers our work! || (http://fsfe.org/donate)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: This is a digitally signed message part
More information about the samba