-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Message: 6 > Date: Thu, 11 Sep 2003 16:23:46 +0200 > From: Wiktor Wodecki <[EMAIL PROTECTED]> > Subject: [Samba] samba 3.0 with ldap / sambaSID > To: [EMAIL PROTECTED] > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=us-ascii > > Hello, > > I'm lloking for a way to convert my company's existing samba2.2 ldap > backed service to samba 3.0. What's particulary making me curious is the > sambaSID. As I've read it is the unique identifier of a PDC in the > windows world. So, how does samba3 generate this? Is it supposed to be > changed by the admin or is it determined by samba on the first startup? > Any pointer to a doc describing this in more depth would be apreciated.
If you are running a recent samba-2.2.x, you can get the domain sid as follows: # smbpasswd -X <domain name> Then, you will want to dump your LDAP db to LDIF (and probably set your LDAP server to read only for the moment): # slapcat -l ldap-samba2.ldif Then, you can either convert the LDIF file to a new LDIF with the new schema, or you can generate an LDIF file suitable for use with ldapmodify, using the convertSambaAccount script in examples/LDAP. I would suggest using the ldapmodify option (works better if you have ldap slaves): # ./convertSambaAccount --input ldap-samba2.ldif --output ldap-samba2-to-samba3.ldif --changetype modify --sid <DOMAIN SID> Then, ensure your ldap server is in read-write, and use something like: # ldapmodify -f ldap-samba2-to-samba3.ldif -x -D "<rootdn>" -W Note, for samba3 it seems more important that all the groups your users are members of are in LDAP, and mapped as samba groups. Regards, Buchan - -- |--------------Another happy Mandrake Club member--------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/ZbxtrJK6UGDSBKcRApG5AJ45iNJYKmqQmHJcWxbtQSFgy1wwMQCgn2Ek olYSZHGVDoI5rJ6yynYGFqI= =3BF6 -----END PGP SIGNATURE----- ***************************************************************** Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. ***************************************************************** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
