Re: [Samba] Transfer winbind idmap to LDAP
Le sam 13/11/2004 à 12:36, Paul Coray a écrit : > Marcel de Riedmatten wrote: > > Le mer 10/11/2004 à 11:21, Paul Coray a écrit : > > > > > > 1) get the winbind-idmap in text form with a getent passwd for example > > I did that with # net idmap dump winbindd_idmap.tdb > > /tmp/winbindd_idmap.dump on the member server. the resulting file looks > like: > > ... > UID 10013 S-1-5-21-98201057-1281969052-1085559986-1608 > UID 10202 S-1-5-21-98201057-1281969052-1085559986-1436 > UID 10138 S-1-5-21-98201057-1281969052-1085559986-1011 > UID 10105 S-1-5-21-98201057-1281969052-1085559986-1418 > UID 10067 S-1-5-21-98201057-1281969052-1085559986-1137 > ... Actualy you want this information on the following form UIDName:x:UIDNumber:GIDNumber This is because smbldap-useradd doesn't know about SID. The vampire use it only for the posix part of the account. Again a getent passwd with the unusefull line removed will do the trick. > > > > 3) hack the script defined under "user add script" who will be adding > > the users to use the information of 1). With the ldap backend this is > > usually smbldap-useradd . > > Well, I'd like to, but my knowledge of Perl is still too limited :-( So > if any body can help, I think I'm not the only one who would appreciate > highly! Another way would be to modify the IDs of each user and Group in > LDAP after the vampire process. I have had an other idea. You can just populate the posix account before running the vampire according to the data you got under 1). The vampire check if the account exist and if it exist smbldap-useradd is not called. You can populate with the following script: #!/bin/bash USERADD="/usr/local/sbin/smbldap-useradd" while read STRING ; do #echo $STRING UIDName=$(echo $STRING | cut -d : -f1) UIDNumber=$(echo $STRING | cut -d : -f3) GIDNumber=$(echo $STRING | cut -d : -f4) echo "Creating Account: $UIDName $UIDNumber $GIDNumber " $USERADD -u $UIDNumber -g $GIDNumber $UIDName done call it populate.sh and do # ./populate.sh < myaccountlistfile Depending of your data you might need something similar for your groups. Cheers -- Marcel de Riedmatten signature.asc Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e=2E?= -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Transfer winbind idmap to LDAP
Marcel de Riedmatten wrote: Le mer 10/11/2004 à 11:21, Paul Coray a écrit : Hi all This seems simple, but I can't figure how tho acheive it. I have: - NT4-PDC - Fileserver (Solaris 9), Samba 3.0.2 member server with winbind I want to migrate my NT4-PDC to Samba PDC with ldapsam. How can I make sure that after vamprie my old PDC to Samba-PDC, the user and group ids will be the same as in the winbind-idmap of my Samba member server? Hi Paul this is my suggestion: 1) get the winbind-idmap in text form with a getent passwd for example I did that with # net idmap dump winbindd_idmap.tdb > /tmp/winbindd_idmap.dump on the member server. the resulting file looks like: ... UID 10013 S-1-5-21-98201057-1281969052-1085559986-1608 UID 10202 S-1-5-21-98201057-1281969052-1085559986-1436 UID 10138 S-1-5-21-98201057-1281969052-1085559986-1011 UID 10105 S-1-5-21-98201057-1281969052-1085559986-1418 UID 10067 S-1-5-21-98201057-1281969052-1085559986-1137 ... 2) remove the nss_winbind from the nssswitch.conf or what it is on solaris; this is because the vampire will look in the unix database to see if the account exist and if the account already exist it w'ont be added. No need for that, as on my new PDC-LDAP system no winbind nss is configured in the first place. 3) hack the script defined under "user add script" who will be adding the users to use the information of 1). With the ldap backend this is usually smbldap-useradd . Well, I'd like to, but my knowledge of Perl is still too limited :-( So if any body can help, I think I'm not the only one who would appreciate highly! Another way would be to modify the IDs of each user and Group in LDAP after the vampire process. 4) do the usual procedure Anyone has a better idea ! Cheers -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Transfer winbind idmap to LDAP
Le mer 10/11/2004 à 11:21, Paul Coray a écrit : > Hi all > > This seems simple, but I can't figure how tho acheive it. > > I have: > > - NT4-PDC > - Fileserver (Solaris 9), Samba 3.0.2 member server with winbind > > I want to migrate my NT4-PDC to Samba PDC with ldapsam. How can I make > sure that after vamprie my old PDC to Samba-PDC, the user and group ids > will be the same as in the winbind-idmap of my Samba member server? > Hi Paul this is my suggestion: 1) get the winbind-idmap in text form with a getent passwd for example 2) remove the nss_winbind from the nssswitch.conf or what it is on solaris; this is because the vampire will look in the unix database to see if the account exist and if the account already exist it w'ont be added. 3) hack the script defined under "user add script" who will be adding the users to use the information of 1). With the ldap backend this is usually smbldap-useradd . 4) do the usual procedure Anyone has a better idea ! Cheers -- Marcel de Riedmatten signature.asc Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e=2E?= -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Transfer winbind idmap to LDAP
Hi all This seems simple, but I can't figure how tho acheive it. I have: - NT4-PDC - Fileserver (Solaris 9), Samba 3.0.2 member server with winbind I want to migrate my NT4-PDC to Samba PDC with ldapsam. How can I make sure that after vamprie my old PDC to Samba-PDC, the user and group ids will be the same as in the winbind-idmap of my Samba member server? Thanks and regards Paul -- Paul Coray Administrator Server und Netzwerk Oeffentliche Bibliothek der Universitaet Basel EDV-Abteilung Schoenbeinstrasse 18-20 CH-4056 Basel Tel: +41 61 267 05 13 Fax: +41 61 267 31 03 mailto:[EMAIL PROTECTED] http://www.ub.unibas.ch -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba