GreeG wrote: > Hi there, > > Is anybody has ever made this: Migrate samba 2.x users (and their unix > accounts) to an openldap? I've found plenty of how to for building a > blank samba/ldap authentication system, but nothing for migrate existing > samba 2.x account (but samba 3.x)... smbldap-tools are useful for > creating groups etc., migratetools are useful for unix account, but what > about samba 2.x?
I'm in the midst of such a migration & agree the information out there is surprisingly sparse. **I should point out that was already already on Samba 3 so apologies if this doesn't apply here - test in a safe manner** I'm asssuming you've already got all your posix accounts & groups in place - if you've used the PADL scripts to migrate these you'll have to modify some entries so that your machine accounts are under ou=computers rather ou=users or ou=people. Having laid the ground, I would firstly copy your smb.conf to something like migrate.smb.conf & put all the stuff in the copy to allow it to talk to your LDAP server, **but not including the ldapsam backend directive**, eg: ldap ssl = [off|on|start_tls] ldap admin dn = uid=admin,dc=example,dc=com ldap suffix = dc=example,dc=com ldap group suffix = ou=groups ldap user suffix = ou=users ldap machine suffix = ou=computers Put the ldap admin user in secrets.tdb by doing: smbpasswd -w adminpass Copy your smbpasswd file to an alternate location avoid accidentally clobbering the real one with a typo. Now you can use pdbedit to export users, letting it using the new conf file by specifying it with '-s': pdbedit -s /path/to/migrate.smb.conf -e \ ldapsam:ldap://ldap.example.com[:port] Also group mappings: pdbedit -s /path/to/migrate.smb.conf -g -e \ ldapsam:ldap://ldap.example.com[:port] Obviously you'll need to point samba to the new backend once it's ready. HTH -- Ben Tisdall -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba