On Sat, 2004-03-27 at 08:47, jamie wrote: > I know I'm not the only person to upgrade from 2.2.7 to 3.0. Some one PLEASE > chime in. I have 600+ users coming back from spring break Monday! > > PLEASE PLEASE PLEASE HELP! > > jamie > > On 3/25/04 4:44 PM, "jamie" <[EMAIL PROTECTED]> wrote: > > > We have been using samba 2.2.7 for awhile now with ldap no problem. We are > > ready to move to Samba 3 though, and this is where the trouble begins. > > We do not have a domain set up. We have a few samba boxes and they just use > > the ldap servers to get their passwords from. (no roaming desktops or > > anything like that.) > > > > I did a bit of reading up and see that I need to run the convertSambaAccount > > script against an ldif export. > > > > So here's what I did > > > > ldapsearch -LL -x -h localhost -D > > "uid=root,ou=People,dc=newberg,dc=k12,dc=or,dc=us" -b > > "ou=People,dc=newberg,dc=k12,dc=or,dc=us" -w > old.ldif > > > > I got an ldif no problem. I don't really know what a SID is or what's it > > for. Something to do with having a domain (which we don't) > > > > So I try this > > > > [EMAIL PROTECTED] /]# net getlocalsid > > bash: net: command not found > > > > So i can't get the SID from this machine. > > > > I decide to just make one up and try that. > > > > /convertSambaAccount --input=old.ldif --output new.ldif --changetype=modify > > --sid=S-1-0-0
That is a *really* bad idea. There is a SID, and you can find it out. Use the 'net' command from 3.0, it does not exist in 2.2. There is also an smbpasswd option I think. If you want to keep your existing Samba 2.2 schema in LDAP, that is supported. Simply use ldapsam_compat, or configure --with-ldapsam (which enables the compatibility modes by default) If you want to move to the 3.0 schema, you will find that there is a one-domain per LDAP subtree restriction, that is, all the machines talking to those entries in LDAP must agree to be part of a single domain. Simply nominate a master box as PDC, and the rest as There is no need to have actual clients in the domain. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
