Re: [Samba] migrate from existing MIT kerberos / openldap
- Date: Sat, 01 Sep 2018 07:34:50 +1200
- From: Andrew Bartlett via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] migrate from existing MIT kerberos / openldap
On Fri, 2018-08-31 at 15:50 +0200, Christian via samba wrote:
> Dear all,
> is it possible to migrate from an existing MIT kerberos / openldap
> to samba AD? We can re-create the accounts through a script, but it
> would be nice to be able to keep passwords for users and machine
> accounts / keytabs which are in our existing KDC. Thanks for any
I think someone has done it before, for the arcfour-hmac-md5 keys.
Those are the easiest to do, because you can extract them and then
force them into the unicodePwd attribute.
Have a good study of how the classicupgrade code works and the magic
control to allow you to set the backend password attributes directly.
* this should only be used for importing users from Samba3
#define DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID "220.127.116.11.4.1.718.104.22.168"
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
To unsubscribe from this list go to the following URL and read the