Re: [Samba] Migrating from Samba2.2.8a+LDAP+PDC to Samba3+ldapsam
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 28 Date: Wed, 05 Nov 2003 20:52:44 +0100 From: G?mes G?za [EMAIL PROTECTED] Subject: Re: [Samba] Migrating from Samba2.2.8a+LDAP+PDC to Samba3+ldapsam To: Sebasti?n Abate [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-1; format=flowed Hi I did something like this, Mandrake 9.1, the steps to the success where: 1. edit /etc/samba3/smb.conf to suit your old setup: Workgroup, Netbios name, shares, ldap settings etc 2. stop samba-2 3. copy /etc/samba/secrets.tdb to /etc/samba3 4. start samba-3 5. run net3 getlocalsid, and save the result to a file 6. stop samba-3 7. remove /etc/samba3/secrets.tdb 8. start samba-3 9. run net3 setlocalsid previously saved SID Instead of steps 2-9, you can extract the SID using smbpasswd -X domain, and import it with 'net3 setlocalsid SID' 10. run smbpasswd3 -w password, just like you did with samba-2 You could say, that steps 6-10 are needless, maybe you are right, but I felt more comfortable using a samba3 generated tdb file. 11. dump your ldap database to ldif format 12. run /usr/share/samba3/scripts/convertSambaAccount --input your-old-ldif-file --output your-modified-ldif-file --sid your-previously saved domain SID 13. comment out samba schema from /etc/openldap/slapd.conf, and include the new samba3 schema 14. stop ldap 15. delete everything from /var/lib/ldap, making a backup would be advisable 16. start ldap 17. import your-modified-ldif-file to ldap Instead of steps 11-17, you can instead: /usr/share/samba3/scripts/convertSambaAccount --input \ your-old-ldif-file --output your-modified-ldif-file --sid \ your-previously saved domain SID --changetype modify # ldapmodify -x -D ldap admin dn -W -ZZ -f your-modified-ldif-file This method allows you to have changes propogated to slave servers, and allows you to have less down time. Also, once you have done this, you will need to add group mappings for all the primary groups of your users etc. Note, I haven't migrated our production network, only done it on my test network ... Feedback welcome as always, and you guys might want to add some notes on the Mandrake community wiki at http://mandrake.vmlinuz.ca Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/q7vfrJK6UGDSBKcRAu8nAKCpDOkRGg02zOmq+L0FfiECR6J6zQCfS9Qh OvjkBeAIJgRt5i0rEW3YI+g= =q6fl -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Migrating from Samba2.2.8a+LDAP+PDC to Samba3+ldapsam
Hi, and thanks in advance for your support (sorry my english) Is there any documentation for migrating Samba 2.2 with LDAP and PDC suport to Samba3 with PDC and LDAPSAM? I try to explain the situation: Only one server running Mandrake 9.2 + Samba 2.2.8a with ldap support (from precompiled contrib); and I wish to migrate to Samba3+LDAPSAM. My real problem is that I must use ldap because I also use ldap for unix authentication (can that be done with tdbsam and pam?). I read the samba howto collection, but i dont find any help. The solution must preserve machines trust accounts and sids. Sebastián Abate Telcom Sistemas Tel. 4383-1937 [EMAIL PROTECTED] www.telcomsistemas.com.ar -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Migrating from Samba2.2.8a+LDAP+PDC to Samba3+ldapsam
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sebastián Abate írta: | Hi, and thanks in advance for your support (sorry my english) | Is there any documentation for migrating Samba 2.2 with LDAP and PDC | suport to Samba3 with PDC and LDAPSAM? | I try to explain the situation: | Only one server running Mandrake 9.2 + Samba 2.2.8a with ldap support | (from precompiled contrib); and I wish to migrate to Samba3+LDAPSAM. My | real problem is that I must use ldap because I also use ldap for unix | authentication (can that be done with tdbsam and pam?). I read the samba | howto collection, but i dont find any help. The solution must preserve | machines trust accounts and sids. | | Sebastián Abate | Telcom Sistemas | Tel. 4383-1937 | [EMAIL PROTECTED] | www.telcomsistemas.com.ar | | | Hi I did something like this, Mandrake 9.1, the steps to the success where: 1. edit /etc/samba3/smb.conf to suit your old setup: Workgroup, Netbios name, shares, ldap settings etc 2. stop samba-2 3. copy /etc/samba/secrets.tdb to /etc/samba3 4. start samba-3 5. run net3 getlocalsid, and save the result to a file 6. stop samba-3 7. remove /etc/samba3/secrets.tdb 8. start samba-3 9. run net3 setlocalsid previously saved SID 10. run smbpasswd3 -w password, just like you did with samba-2 You could say, that steps 6-10 are needless, maybe you are right, but I felt more comfortable using a samba3 generated tdb file. 11. dump your ldap database to ldif format 12. run /usr/share/samba3/scripts/convertSambaAccount --input your-old-ldif-file --output your-modified-ldif-file --sid your-previously saved domain SID 13. comment out samba schema from /etc/openldap/slapd.conf, and include the new samba3 schema 14. stop ldap 15. delete everything from /var/lib/ldap, making a backup would be advisable 16. start ldap 17. import your-modified-ldif-file to ldap 18. test test and test Good Luck! Geza Gemes -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/qVUM/PxuIn+i1pIRAnmJAJ41SWaab+ej1YW3+RCezOhNi3pcXwCgjMFE kFFFYAdvhEuFF0/Y/dLM5EM= =oP1T -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Migrating from Samba2.2.8a+LDAP+PDC to Samba3+ldapsam
Thank you so much for the quick response. What option I must configure in the passdb backend parameter of smb3.conf? ldapsam or ldapsam_compat? or it's irelevant for that step? I'll try your steps and post my comments, thanks again. Sebastián Abate Telcom Sistemas Tel. 4383-1937 [EMAIL PROTECTED] www.telcomsistemas.com.ar -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gémes Géza Sent: Miércoles, 05 de Noviembre de 2003 04:53 p.m. To: Sebastián Abate Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Migrating from Samba2.2.8a+LDAP+PDC to Samba3+ldapsam -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sebastián Abate írta: | Hi, and thanks in advance for your support (sorry my english) | Is there any documentation for migrating Samba 2.2 with LDAP and PDC | suport to Samba3 with PDC and LDAPSAM? | I try to explain the situation: | Only one server running Mandrake 9.2 + Samba 2.2.8a with ldap support | (from precompiled contrib); and I wish to migrate to Samba3+LDAPSAM. My | real problem is that I must use ldap because I also use ldap for unix | authentication (can that be done with tdbsam and pam?). I read the samba | howto collection, but i dont find any help. The solution must preserve | machines trust accounts and sids. | | Sebastián Abate | Telcom Sistemas | Tel. 4383-1937 | [EMAIL PROTECTED] | www.telcomsistemas.com.ar | | | Hi I did something like this, Mandrake 9.1, the steps to the success where: 1. edit /etc/samba3/smb.conf to suit your old setup: Workgroup, Netbios name, shares, ldap settings etc 2. stop samba-2 3. copy /etc/samba/secrets.tdb to /etc/samba3 4. start samba-3 5. run net3 getlocalsid, and save the result to a file 6. stop samba-3 7. remove /etc/samba3/secrets.tdb 8. start samba-3 9. run net3 setlocalsid previously saved SID 10. run smbpasswd3 -w password, just like you did with samba-2 You could say, that steps 6-10 are needless, maybe you are right, but I felt more comfortable using a samba3 generated tdb file. 11. dump your ldap database to ldif format 12. run /usr/share/samba3/scripts/convertSambaAccount --input your-old-ldif-file --output your-modified-ldif-file --sid your-previously saved domain SID 13. comment out samba schema from /etc/openldap/slapd.conf, and include the new samba3 schema 14. stop ldap 15. delete everything from /var/lib/ldap, making a backup would be advisable 16. start ldap 17. import your-modified-ldif-file to ldap 18. test test and test Good Luck! Geza Gemes -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/qVUM/PxuIn+i1pIRAnmJAJ41SWaab+ej1YW3+RCezOhNi3pcXwCgjMFE kFFFYAdvhEuFF0/Y/dLM5EM= =oP1T -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Migrating from Samba2.2.8a+LDAP+PDC to Samba3+ldapsam
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sebastián Abate írta: | Thank you so much for the quick response. | What option I must configure in the passdb backend parameter of | smb3.conf? ldapsam or ldapsam_compat? or it's irelevant for that step? | I'll try your steps and post my comments, thanks again. | | Sebastián Abate | Telcom Sistemas | Tel. 4383-1937 | [EMAIL PROTECTED] | www.telcomsistemas.com.ar | | | -Original Message- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED] On Behalf | Of Gémes Géza | Sent: Miércoles, 05 de Noviembre de 2003 04:53 p.m. | To: Sebastián Abate | Cc: [EMAIL PROTECTED] | Subject: Re: [Samba] Migrating from Samba2.2.8a+LDAP+PDC to | Samba3+ldapsam | | If you do the convertSambaAccount then ldapsam, if you want to stay with your existing ldap structure (samba-2 schema) then ldapsam_compat. The later is considered to be a temporary sollution, which could be removed, from future releases. Another thing, if you have Win9x clients, and you use by any means the list of users from your PDC on them, please see bugzilla, bug #532, or bug #596, and aply the patch you can find there, then rebuild. I had to. Good Luck Again! Geza Gemes -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/qWl3/PxuIn+i1pIRAuMgAKC5VH4xak8GRlQ7Q8biyLkqo70s0ACffG/B 85zNCdLW2FK04wF7rLLpfno= =OXSS -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba