|Main Archive Page > Month Archives > samba-users archives|
Am 10.08.2010 11:39, schrieb Lukasz Zalewski:
> On 08/08/2010 12:44 AM, Michael Wood wrote:
>> On 7 August 2010 19:11, Nico Kadel-Garcia<firstname.lastname@example.org> wrote:
>>> On Mon, Aug 2, 2010 at 10:06 AM, Dave
>>> Thurston<email@example.com> wrote:
>>>> I have searched but I have yet to find a method to import users and
>>>> passwords from
>>>> a samba3/ldap system to samba4. Is there available a method of doing
>>> Why do you need to import? Isn't the backend Kerberos and the account
>>> informat sufficiently similar that you can simply switch over?
>>> (I ask as someone using Samba 3, eyeing Samba 4 with interest to get
>>> LDAP out of the hands of Active Directory.)
>> By default Samba 4 uses its own built in LDAP server and the OpenLDAP
>> backend is currently not working properly.
>> I have managed to migrate users from an Apple Open Directory server
>> (which is based on MIT Kerberos and OpenLDAP) to Samba 4, but I was
>> only using Open Directory for authentication of one service. No
>> machines joined to OD or anything like that.
>> All I needed to do was dump the kerberos database, import it to
>> Heimdal, dump it from Heimdal again and then use the password hashes
>> from the Heimdal dump to create the necessary unicodePwd attributes in
>> Samba's directory. After that I used ldapsearch to get hold of the
>> groups each user was a member of and then used ldbmodify (or perhaps
>> ldapmodify. I can't remember now) to migrate them to Samba.
>> I've never used Samba 3 as a PDC, so I'm not sure what the LDAP schema
>> looks like and how it differs from what Samba 4 uses, but as long as
>> the password hashes are in a compatible format, I imagine it's just a
>> matter of slapcat or ldapsearch, munging the results and then
>> ldbmodify to add the users to Samba 4.
>> I don't know of an existing script to do this.
> I have started writing a script that will pull account information
> (Users, Groups and Computers) from s3's ldap backend and import it to
> s4. its still early days though. I'm pretty sure that there will be
> loads of hurdles to jump before is in any usable state
I've something that's is almost done for users, groups and computers.
It needs a lot of cleanup, then I'll commit it to master/example/*.
Currently the script 'myldap-pub.py' expects input.ldif hardcoded (later
we can also support ldap urls)
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba