Import samba 3 to samba 4
in [Samba]
|
Prev: [Samba] [3.4.8/Debian Testing amd64] dpkg-build-package fails with linker error
Next: [Samba] Samba4 questions (idmap, forest, inter-domain trust)
From: Nico Kadel-Garcia on 7 Aug 2010 13:20 On Mon, Aug 2, 2010 at 10:06 AM, Dave Thurston <dthurston(a)comcast.net> wrote: > I have searched but I have yet to find a method to import users and passwords from > a samba3/ldap system to samba4. Is there available a method of doing this? > > > Thanks > > Dave Why do you need to import? Isn't the backend Kerberos and the account informat sufficiently similar that you can simply switch over? (I ask as someone using Samba 3, eyeing Samba 4 with interest to get LDAP out of the hands of Active Directory.) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Michael Wood on 7 Aug 2010 19:50 On 7 August 2010 19:11, Nico Kadel-Garcia <nkadel(a)gmail.com> wrote: > On Mon, Aug 2, 2010 at 10:06 AM, Dave Thurston <dthurston(a)comcast.net> wrote: >> I have searched but I have yet to find a method to import users and passwords from >> a samba3/ldap system to samba4. Is there available a method of doing this? > > Why do you need to import? Isn't the backend Kerberos and the account > informat sufficiently similar that you can simply switch over? > > (I ask as someone using Samba 3, eyeing Samba 4 with interest to get > LDAP out of the hands of Active Directory.) By default Samba 4 uses its own built in LDAP server and the OpenLDAP backend is currently not working properly. I have managed to migrate users from an Apple Open Directory server (which is based on MIT Kerberos and OpenLDAP) to Samba 4, but I was only using Open Directory for authentication of one service. No machines joined to OD or anything like that. All I needed to do was dump the kerberos database, import it to Heimdal, dump it from Heimdal again and then use the password hashes from the Heimdal dump to create the necessary unicodePwd attributes in Samba's directory. After that I used ldapsearch to get hold of the groups each user was a member of and then used ldbmodify (or perhaps ldapmodify. I can't remember now) to migrate them to Samba. I've never used Samba 3 as a PDC, so I'm not sure what the LDAP schema looks like and how it differs from what Samba 4 uses, but as long as the password hashes are in a compatible format, I imagine it's just a matter of slapcat or ldapsearch, munging the results and then ldbmodify to add the users to Samba 4. I don't know of an existing script to do this. Cc: samba-technical -- Michael Wood <esiotrot(a)gmail.com> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Lukasz Zalewski on 10 Aug 2010 05:40 On 08/08/2010 12:44 AM, Michael Wood wrote: > On 7 August 2010 19:11, Nico Kadel-Garcia<nkadel(a)gmail.com> wrote: >> On Mon, Aug 2, 2010 at 10:06 AM, Dave Thurston<dthurston(a)comcast.net> wrote: >>> I have searched but I have yet to find a method to import users and passwords from >>> a samba3/ldap system to samba4. Is there available a method of doing this? >> >> Why do you need to import? Isn't the backend Kerberos and the account >> informat sufficiently similar that you can simply switch over? >> >> (I ask as someone using Samba 3, eyeing Samba 4 with interest to get >> LDAP out of the hands of Active Directory.) > > By default Samba 4 uses its own built in LDAP server and the OpenLDAP > backend is currently not working properly. > > I have managed to migrate users from an Apple Open Directory server > (which is based on MIT Kerberos and OpenLDAP) to Samba 4, but I was > only using Open Directory for authentication of one service. No > machines joined to OD or anything like that. > > All I needed to do was dump the kerberos database, import it to > Heimdal, dump it from Heimdal again and then use the password hashes > from the Heimdal dump to create the necessary unicodePwd attributes in > Samba's directory. After that I used ldapsearch to get hold of the > groups each user was a member of and then used ldbmodify (or perhaps > ldapmodify. I can't remember now) to migrate them to Samba. > > I've never used Samba 3 as a PDC, so I'm not sure what the LDAP schema > looks like and how it differs from what Samba 4 uses, but as long as > the password hashes are in a compatible format, I imagine it's just a > matter of slapcat or ldapsearch, munging the results and then > ldbmodify to add the users to Samba 4. > > I don't know of an existing script to do this. > I have started writing a script that will pull account information (Users, Groups and Computers) from s3's ldap backend and import it to s4. its still early days though. I'm pretty sure that there will be loads of hurdles to jump before is in any usable state Regards Luk > Cc: samba-technical > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Stefan (metze) Metzmacher on 10 Aug 2010 07:00
Am 10.08.2010 11:39, schrieb Lukasz Zalewski: > On 08/08/2010 12:44 AM, Michael Wood wrote: >> On 7 August 2010 19:11, Nico Kadel-Garcia<nkadel(a)gmail.com> wrote: >>> On Mon, Aug 2, 2010 at 10:06 AM, Dave >>> Thurston<dthurston(a)comcast.net> wrote: >>>> I have searched but I have yet to find a method to import users and >>>> passwords from >>>> a samba3/ldap system to samba4. Is there available a method of doing >>>> this? >>> >>> Why do you need to import? Isn't the backend Kerberos and the account >>> informat sufficiently similar that you can simply switch over? >>> >>> (I ask as someone using Samba 3, eyeing Samba 4 with interest to get >>> LDAP out of the hands of Active Directory.) >> >> By default Samba 4 uses its own built in LDAP server and the OpenLDAP >> backend is currently not working properly. >> >> I have managed to migrate users from an Apple Open Directory server >> (which is based on MIT Kerberos and OpenLDAP) to Samba 4, but I was >> only using Open Directory for authentication of one service. No >> machines joined to OD or anything like that. >> >> All I needed to do was dump the kerberos database, import it to >> Heimdal, dump it from Heimdal again and then use the password hashes >> from the Heimdal dump to create the necessary unicodePwd attributes in >> Samba's directory. After that I used ldapsearch to get hold of the >> groups each user was a member of and then used ldbmodify (or perhaps >> ldapmodify. I can't remember now) to migrate them to Samba. >> >> I've never used Samba 3 as a PDC, so I'm not sure what the LDAP schema >> looks like and how it differs from what Samba 4 uses, but as long as >> the password hashes are in a compatible format, I imagine it's just a >> matter of slapcat or ldapsearch, munging the results and then >> ldbmodify to add the users to Samba 4. >> >> I don't know of an existing script to do this. >> > I have started writing a script that will pull account information > (Users, Groups and Computers) from s3's ldap backend and import it to > s4. its still early days though. I'm pretty sure that there will be > loads of hurdles to jump before is in any usable state I've something that's is almost done for users, groups and computers. It needs a lot of cleanup, then I'll commit it to master/example/*. Currently the script 'myldap-pub.py' expects input.ldif hardcoded (later we can also support ldap urls) metze |