On Mon, Jul 29, 2013 at 6:47 AM, <sam...@nym.hush.com> wrote: > I’d appreciate some pointers on what to do. I don’t want to have > the exact same users on the new Debian server (some of the users on > the Unix server have left) so was hoping to just create users and > groups manually rather than copy existing files across. Do I need > to edit the UIDs and GIDs somehow, and then export/import some > password/security files? I’ve seen that on the Unix server there’s > a file named /etc/smbpasswd, but that isn’t on the Debian server, > so I’m wondering if they’re using a different type of security back- > end… Is there a command which will report this, or which smb.conf > parameters will identify this? I don’t do a lot of this stuff, so > any help would be appreciated.
Most likely is that It would have simplest to copy the old Samba configuration to the new system. Update the smb.conf for necessary changes (review all of the Changelog's from the old version to the new version), change from the smbpasswd backend to the tdbsam backend (the new default), then remove the users you no longer want or need. Having said that I just finished migrating an NT4 PDC with Exchange 5.5 to two new VM's; the PDC part to a new Debian Samba installation "by hand" (the long way), and the Exchange 5.5 part to a new NT4 server install (sounds like fun, right?). Fortunately the client install base was under 25 so doing it the long way was not out of the question. Had I been moving between Samba version I would not even have been tempted to do anything except follow the first paragraph above. Basically, in the long way, you need the same domain SID, the same user SID's and I believe also the same machine SID's (I manually set all of these as well), etc. and the proper group mappings (no longer automatic, see chapter 9 of the official howto). Then you'll have to "rejoin" all machines to the new PDC although really you are just resetting the trust password. The UID/GID's are meaningless to the Windows side, no need to mess with those, although I prefer to use different ranges for Windows users, and Machines (and also a different group for Machines - just a nicety for scripting later on). Done properly the users will see no difference when they login to the domain, same profile, etc. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba