Web lists-archives.com

Re: [Samba] Provision new domain keeping users and passwords




On Wed, 2017-03-29 at 10:50 -0300, Jeanderson Soares via samba wrote:
> Yes, but for DC you should use tdbsam instead of smbpasswd in the "-
> e" and'
> "-i" parameters.
> 
> After that, I had some problems with the RIDs when creating new
> users, and
> had to manually change the ridnextrid attribute.

Indeed, this is the biggest risk I would see with this approach.

The latest Samba 4.5 has some more protections against this:  If you
run dbcheck after this 'migration' it will try and correctly reset the
ridnextrid values.

You will also loose the AES kerberos keys.

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba