Re: [Samba] how to migrate to samba-ldap transparently?
On Fri, 11 Nov 2005, Craig White wrote: of course you can change the SID on the PDC but that isn't gonna work for the computers that are already joined to the domain that still have the old SID ok, my thinking is if e.g. I would need to upgrade my Linux RH 9.0/samba 3.0.5-2 to e.g. FC4/samba 3.0.20, to avoid rejoin every windows client to the new domain, it would be enough to change the new PDC SID to the old one. So in that ideal scenario it would be transparent. samba documentation has information about migrating user profiles in the excellent How-To. Microsoft has lots of documentation about migrating user profiles. There is likely to be some 3rd party utilities to do that as well. I have no experience with them. thank you, I already was reading, I'm gonna try. to the other, see the samba documentation for a comprehensive discussion on migrating user profiles. I see, thanks. not everyone knows about the other mail lists for ldap and those lists aren't openldap specific. I'm not going to get involved with your frustration with openldap and the consultant you brought in to help you with it. My feeling is that if you are going to commit to using LDAP, you really need to understand it before you marry it to your everyday functionality because you aren't going to be able to fix it when it breaks until you understand it. Actually I'm not frustrated. The person who is helping us with ldap and samba is doing his best, only complaining with my refused 'off topic' emails, but perhaps you are right. I know that ldap is a good think, specially to make possible to have a good PDC/BDCs implementation, but here the situation is a little difficult e.g. is hard to find courses for learning/training on ldap, even on samba, so what we have managed to deploy in our institution is based on the basic functionality of free software, for our own, trying to learn first how it works or trying to have a "plan B" to use when a system fails when is possible. I appreciate very much your words and advices, Pablo Chamorro C. Craig -- Tel: +57 (2) 7314752/3222/2595 - Fax: +57 (2) 7310514 Carrera 31 #18-07 Parque Infantil - PO Box 1795 - Pasto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] how to migrate to samba-ldap transparently?
On Fri, 2005-11-11 at 14:57 -0500, Pablo Chamorro C. wrote: > > If you have 2 domains and a number of Windows computers attached to both > > domains and you want to consolidate into one domain, there really is > > little choice but to join the Windows computers to the one remaining > > domain as there is no simpler way to change the SID of the machine to > > the other. > > ok, I was thinking that to change the SID on the PDC or on the Windows PCs > is possible, or I am wrong? of course you can change the SID on the PDC but that isn't gonna work for the computers that are already joined to the domain that still have the old SID > Perhaps is not just a matter of having the > same SID? Even I haven't found a way to migrate a windows profile using > some windows utility from one domain to other. I wonder what is used when > you have to migrate one hundred or one thousand users? The other day I > found one commercial extra non windows software (I tried a demo and it > couldn't detect my PDC, that it costed around 2 USD per windows client). samba documentation has information about migrating user profiles in the excellent How-To. Microsoft has lots of documentation about migrating user profiles. There is likely to be some 3rd party utilities to do that as well. I have no experience with them. > > > If you have user profiles that need to be saved/migrated from one domain > > to the other, see the samba documentation for a comprehensive discussion > > on migrating user profiles. > > thank you, I'm gonna read the docs in more detail > > > Thus, this never was an LDAP question but if you are talking about the > > openldap mail list, they are very provincial that the discussions on > > that list are specifically about their software and not about > > integration. If you want mailing lists where ldap integration is > > appropriate, you might want to check ldap@umich.edu [1] and ldap-interop > > [2] > > ok, your help is the help that the openldap administrator should have > given me, that is too bad for the openldap advocacy, isn't it? not everyone knows about the other mail lists for ldap and those lists aren't openldap specific. I'm not going to get involved with your frustration with openldap and the consultant you brought in to help you with it. My feeling is that if you are going to commit to using LDAP, you really need to understand it before you marry it to your everyday functionality because you aren't going to be able to fix it when it breaks until you understand it. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] how to migrate to samba-ldap transparently?
If you have 2 domains and a number of Windows computers attached to both domains and you want to consolidate into one domain, there really is little choice but to join the Windows computers to the one remaining domain as there is no simpler way to change the SID of the machine to the other. ok, I was thinking that to change the SID on the PDC or on the Windows PCs is possible, or I am wrong? Perhaps is not just a matter of having the same SID? Even I haven't found a way to migrate a windows profile using some windows utility from one domain to other. I wonder what is used when you have to migrate one hundred or one thousand users? The other day I found one commercial extra non windows software (I tried a demo and it couldn't detect my PDC, that it costed around 2 USD per windows client). If you have user profiles that need to be saved/migrated from one domain to the other, see the samba documentation for a comprehensive discussion on migrating user profiles. thank you, I'm gonna read the docs in more detail Thus, this never was an LDAP question but if you are talking about the openldap mail list, they are very provincial that the discussions on that list are specifically about their software and not about integration. If you want mailing lists where ldap integration is appropriate, you might want to check ldap@umich.edu [1] and ldap-interop [2] ok, your help is the help that the openldap administrator should have given me, that is too bad for the openldap advocacy, isn't it? thanks for all, Pablo Chamorro C. Craig [1] LDAP UMICH http://listserver.itd.umich.edu/cgi-bin/lyris.pl?enter=ldap&text_mode=0% 20 [2] LDAP-interop mailing list [EMAIL PROTECTED] http://lists.fini.net/mailman/listinfo/ldap-interop -- Tel: +57 (2) 7314752/3222/2595 - Fax: +57 (2) 7310514 Carrera 31 #18-07 Parque Infantil - PO Box 1795 - Pasto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] how to migrate to samba-ldap transparently?
On Fri, 2005-11-11 at 07:46 -0500, Pablo Chamorro C. wrote: > >> Somebody of you know if this process can be made transparently without > >> rejoin every PC to the domain? how?. We have disabled the roaming profiles > >> option. We have some 100 clients/users. > > > > Nowhere do you say what type of system is currently the PDC and that > > probably matters. > > Is a samba 3.0.5-2 one under RH 9.0. This domain was built from scratch, > without any NT to Samba migration. Now we are changing the local > authentication for one based on openldap. > > The person who is leading the migration says that when a windows machine > is joined a password in the field "sambaNTPassword" is created and the > rejoin process is required in order to register that password in openldap. > That's what I understand. > > But, e.g. we have another PDC with FC4 and samba 3.0.15, so the question > was in general, but if there is an especific answer it is worthful for us. > > I tried to post this query to the openldap list but the administrator > clasified my email as 'off topic'! Actually, the passdb you use is not of consequence to this issue. A machine account on a Windows domain is somewhat like a user account in that there is an SID and a password that are readily understood by both the machine joined to the domain and the domain controller(s). That password is going to be stored on the domain controller in whichever form of passdb a samba DC is using. Each domain would necessarily have a different SID and that SID affects all systems and users. If you have 2 domains and a number of Windows computers attached to both domains and you want to consolidate into one domain, there really is little choice but to join the Windows computers to the one remaining domain as there is no simpler way to change the SID of the machine to the other. If you have user profiles that need to be saved/migrated from one domain to the other, see the samba documentation for a comprehensive discussion on migrating user profiles. Thus, this never was an LDAP question but if you are talking about the openldap mail list, they are very provincial that the discussions on that list are specifically about their software and not about integration. If you want mailing lists where ldap integration is appropriate, you might want to check ldap@umich.edu [1] and ldap-interop [2] Craig [1] LDAP UMICH http://listserver.itd.umich.edu/cgi-bin/lyris.pl?enter=ldap&text_mode=0% 20 [2] LDAP-interop mailing list [EMAIL PROTECTED] http://lists.fini.net/mailman/listinfo/ldap-interop -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] how to migrate to samba-ldap transparently?
Somebody of you know if this process can be made transparently without rejoin every PC to the domain? how?. We have disabled the roaming profiles option. We have some 100 clients/users. Nowhere do you say what type of system is currently the PDC and that probably matters. Is a samba 3.0.5-2 one under RH 9.0. This domain was built from scratch, without any NT to Samba migration. Now we are changing the local authentication for one based on openldap. The person who is leading the migration says that when a windows machine is joined a password in the field "sambaNTPassword" is created and the rejoin process is required in order to register that password in openldap. That's what I understand. But, e.g. we have another PDC with FC4 and samba 3.0.15, so the question was in general, but if there is an especific answer it is worthful for us. I tried to post this query to the openldap list but the administrator clasified my email as 'off topic'! Thank you very much, Pablo Chamorro C. Craig -- Tel: +57 (2) 7314752/3222/2595 - Fax: +57 (2) 7310514 Carrera 31 #18-07 Parque Infantil - PO Box 1795 - Pasto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] how to migrate to samba-ldap transparently?
On Thu, 2005-11-10 at 11:43 -0500, Pablo Chamorro C. wrote: > We are in the point of change our samba 3.0.5 PDC setup in order to make > it authenticate its users against openldap 2.3.11. > > We already have the openldap server working with all the PDC users data > and we also have already tested the wanted scenario using an identical PDC > setuped up with the same SID and its netbios name changed and some PCs for > testing as domain clients (we outsourced this task). > > Somebody of you know if this process can be made transparently without > rejoin every PC to the domain? how?. We have disabled the roaming profiles > option. We have some 100 clients/users. I'm not sure if anyone responded to this today or not. Nowhere do you say what type of system is currently the PDC and that probably matters. There are guides for migrating from Samba 2 PDC and WinNT4 PDC in the office Samba How-To (see samba.org documentation) Since you've already set up users, your ability to migrate may be an issue but you could probably back up the portions of your openldap db, do a vampire type operation, back that up and merge it all together to get the machine account info into your openldap db. It's tricky but it certainly can be done by someone who understands openldap. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] how to migrate to samba-ldap transparently?
We are in the point of change our samba 3.0.5 PDC setup in order to make it authenticate its users against openldap 2.3.11. We already have the openldap server working with all the PDC users data and we also have already tested the wanted scenario using an identical PDC setuped up with the same SID and its netbios name changed and some PCs for testing as domain clients (we outsourced this task). Somebody of you know if this process can be made transparently without rejoin every PC to the domain? how?. We have disabled the roaming profiles option. We have some 100 clients/users. Thanks in advance, Pablo Chamorro C. -- Tel: +57 (2) 7314752/3222/2595 - Fax: +57 (2) 7310514 Carrera 31 #18-07 Parque Infantil - PO Box 1795 - Pasto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
