-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Message: 28 > Date: Wed, 05 Nov 2003 20:52:44 +0100 > From: G?mes G?za <[EMAIL PROTECTED]> > Subject: Re: [Samba] Migrating from Samba2.2.8a+LDAP+PDC to > Samba3+ldapsam > To: Sebasti?n Abate <[EMAIL PROTECTED]> > Cc: [EMAIL PROTECTED] > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed >
> Hi I did something like this, Mandrake 9.1, the steps to the success where: > 1. edit /etc/samba3/smb.conf to suit your old setup: Workgroup, Netbios > name, shares, ldap settings etc > 2. stop samba-2 > 3. copy /etc/samba/secrets.tdb to /etc/samba3 > 4. start samba-3 > 5. run net3 getlocalsid, and save the result to a file > 6. stop samba-3 > 7. remove /etc/samba3/secrets.tdb > 8. start samba-3 > 9. run net3 setlocalsid previously saved SID Instead of steps 2-9, you can extract the SID using smbpasswd -X <domain>, and import it with 'net3 setlocalsid <SID>' > 10. run smbpasswd3 -w password, just like you did with samba-2 > You could say, that steps 6-10 are needless, maybe you are right, but I > felt more comfortable using a samba3 generated tdb file. > 11. dump your ldap database to ldif format > 12. run /usr/share/samba3/scripts/convertSambaAccount --input > your-old-ldif-file --output your-modified-ldif-file --sid > your-previously saved domain SID > 13. comment out samba schema from /etc/openldap/slapd.conf, and include > the new samba3 schema > 14. stop ldap > 15. delete everything from /var/lib/ldap, making a backup would be advisable > 16. start ldap > 17. import your-modified-ldif-file to ldap Instead of steps 11-17, you can instead: /usr/share/samba3/scripts/convertSambaAccount --input \ your-old-ldif-file --output your-modified-ldif-file --sid \ your-previously saved domain SID --changetype modify # ldapmodify -x -D "ldap admin dn" -W -ZZ -f your-modified-ldif-file This method allows you to have changes propogated to slave servers, and allows you to have less down time. Also, once you have done this, you will need to add group mappings for all the primary groups of your users etc. Note, I haven't migrated our production network, only done it on my test network ... Feedback welcome as always, and you guys might want to add some notes on the Mandrake community wiki at http://mandrake.vmlinuz.ca Regards, Buchan - -- |--------------Another happy Mandrake Club member--------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/q7vfrJK6UGDSBKcRAu8nAKCpDOkRGg02zOmq+L0FfiECR6J6zQCfS9Qh OvjkBeAIJgRt5i0rEW3YI+g= =q6fl -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
