samba-users August 2010 archive
Main Archive Page > Month Archives  > samba-users archives
samba-users: Re: [Samba] Import samba 3 to samba 4

Re: [Samba] Import samba 3 to samba 4

From: Stefan (metze) Metzmacher <metze_at_nospam>
Date: Tue Aug 10 2010 - 10:53:09 GMT
To: Lukasz Zalewski <lukas@dcs.qmul.ac.uk>

Am 10.08.2010 11:39, schrieb Lukasz Zalewski:
> On 08/08/2010 12:44 AM, Michael Wood wrote:
>> On 7 August 2010 19:11, Nico Kadel-Garcia<nkadel@gmail.com> wrote:
>>> On Mon, Aug 2, 2010 at 10:06 AM, Dave
>>> Thurston<dthurston@comcast.net> wrote:
>>>> I have searched but I have yet to find a method to import users and
>>>> passwords from
>>>> a samba3/ldap system to samba4. Is there available a method of doing
>>>> this?
>>>
>>> Why do you need to import? Isn't the backend Kerberos and the account
>>> informat sufficiently similar that you can simply switch over?
>>>
>>> (I ask as someone using Samba 3, eyeing Samba 4 with interest to get
>>> LDAP out of the hands of Active Directory.)
>>
>> By default Samba 4 uses its own built in LDAP server and the OpenLDAP
>> backend is currently not working properly.
>>
>> I have managed to migrate users from an Apple Open Directory server
>> (which is based on MIT Kerberos and OpenLDAP) to Samba 4, but I was
>> only using Open Directory for authentication of one service. No
>> machines joined to OD or anything like that.
>>
>> All I needed to do was dump the kerberos database, import it to
>> Heimdal, dump it from Heimdal again and then use the password hashes
>> from the Heimdal dump to create the necessary unicodePwd attributes in
>> Samba's directory. After that I used ldapsearch to get hold of the
>> groups each user was a member of and then used ldbmodify (or perhaps
>> ldapmodify. I can't remember now) to migrate them to Samba.
>>
>> I've never used Samba 3 as a PDC, so I'm not sure what the LDAP schema
>> looks like and how it differs from what Samba 4 uses, but as long as
>> the password hashes are in a compatible format, I imagine it's just a
>> matter of slapcat or ldapsearch, munging the results and then
>> ldbmodify to add the users to Samba 4.
>>
>> I don't know of an existing script to do this.
>>
> I have started writing a script that will pull account information
> (Users, Groups and Computers) from s3's ldap backend and import it to
> s4. its still early days though. I'm pretty sure that there will be
> loads of hurdles to jump before is in any usable state

I've something that's is almost done for users, groups and computers.

It needs a lot of cleanup, then I'll commit it to master/example/*.

Currently the script 'myldap-pub.py' expects input.ldif hardcoded (later
we can also support ldap urls)

metze

-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba