[OT] [Gllug] Migrating Samba servers between domains - the hard way.
Simon Morris
simon.morris at cmtww.com
Wed Feb 8 21:39:12 UTC 2006
Mike Brodbelt wrote:
> Winbind assigns RIDs algorithmically, which is where problems can creep
> in. If you change your Samba setup to backend off LDAP or tdbsam, you
> can suck the account information out of your NT domain with "net rpc
> vampire". This should retain the same mappings as NT uses, and allow you
> to move the domain transparently to a Samba PDC. Of course if you have
> this setup with an LDAP backend, there's very little to be gained by
> moving to AD any more.
Apple take the Active Directory SID and run it through an algorithm to
generate a uid number which is longer than the numbers Samba on Linux
gives out.
For example
nyc1fs01:~ admin$ id simon.morris
uid=390123485(simon.morris) gid=619239703(EWNS\domain users)
groups=619239703(EWNS\domain users), 504247204(EWNS\eig-dub1-directors),
[snip]
The number derived is guaranteed to be the same on all OS X Samba boxes
(as long as you keep the same SID in AD) and according to their
engineering guy I was talking to, is unique across the domain.
I don't know if this method is available to the open source versions of
Samba but it would get around the problem you describe above
Thanks
~sm
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list