Replying to myself: The problem with changing the SID was that I wasn't changing the SID everywere. I was changing the SID only on my net setlocalsid, setdomainsid and the smbldap config file... After I did the smbldap-populate again, everything worked (the new samba domain now has the same sids as the AD and the windows clients recognize the identities).
Now I need to bulk-export and import the users. I'm writing a script to turn the ldifde output from the AD into a smbldap friendly schema. Is there a better way? And, what could be the smbldap-populate be changing that was required for the sid change to work? Thanks! Zarrabeitia On Sat, Mar 8, 2008 at 7:22 PM, <[EMAIL PROTECTED]> wrote: > Hi there. > > [I just asked this over the irc channel, but since I got no reply, I > decided to cross-post here. Please forgive me if that is incorrect] > > I'm trying to migrate an Active Directory domain (that is being used > only for authentication) to a samba3 domain. The network is small > enough to rejoin the clients one by one and recreate the user accounts > if necessary. However, the new user accounts don't have access to > their old folders. I've tried giving the new domain the same SID as > the old domain, but in that case, the windows clients refuse to join > the domain (they report a 'rpc error'). > > Is there anything I can do? > > I think the ideal solution would be to emulate the sidHistory field > from the AD, but a message from 2005 (i think) on this list said it > was not possible with Samba3. Has that situation changed? > > I've also tried to use the moveuser.exe command, to no avail. It > either claims that cannot find the account, or that the account > already exists, and fails in both cases. The "profile wizard" from > forensit fails when trying to determine if the accounts are using > remote profiles. > > I'd appreciate any advise you can give me. > > (BTW, if there is a way to extract the password and machine account > information from the AD, let me know!) > > Thanks, > > Zarrabeitia. > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
