diff options
Diffstat (limited to 'docs')
-rw-r--r-- | docs/Samba-Guide/SBE-MigrateNT4Samba3.xml | 89 |
1 files changed, 62 insertions, 27 deletions
diff --git a/docs/Samba-Guide/SBE-MigrateNT4Samba3.xml b/docs/Samba-Guide/SBE-MigrateNT4Samba3.xml index f0f9f7f112..601d531a06 100644 --- a/docs/Samba-Guide/SBE-MigrateNT4Samba3.xml +++ b/docs/Samba-Guide/SBE-MigrateNT4Samba3.xml @@ -391,7 +391,13 @@ <procedure> <step><para> Configure the Samba &smb.conf; file to create a BDC. An example configuration is - given here: + given in <link linkend="sbent4smb"/>. + The delete scripts are correctly commented out so that during the process of migration + no account information can be deleted. + </para></step> + +<example id="sbent4smb"> +<title>NT4 Migration Samba-3 Server <filename>smb.conf</filename> &smbmdash; Part: A</title> <screen> # Global parameters [global] @@ -410,12 +416,9 @@ # delete user script = /opt/IDEALX/sbin/smbldap-userdel '%u' add group script = /opt/IDEALX/sbin/smbldap-groupadd -p '%g' # delete group script = /opt/IDEALX/sbin/smbldap-groupdel '%g' - add user to group script = \ - /opt/IDEALX/sbin/smbldap-groupmod -m '%u' '%g' -# delete user from group script = \ - /opt/IDEALX/sbin/smbldap-groupmod -x '%u' '%g' - set primary group script = \ - /opt/IDEALX/sbin/smbldap-usermod -g '%g' '%u' + add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m '%u' '%g' +# delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x '%u' '%g' + set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g '%g' '%u' add machine script = /opt/IDEALX/sbin/smbldap-useradd -w '%u' logon script = scripts\logon.cmd logon path = \\%L\profiles\%U @@ -440,7 +443,12 @@ winbind nested groups = Yes ea support = Yes map acl inherit = Yes +</screen> +</example> +<example id="sbent4smb2"> +<title>NT4 Migration Samba-3 Server <filename>smb.conf</filename> &smbmdash; Part: B</title> +<screen> [apps] comment = Application Data path = /data/home/apps @@ -483,7 +491,12 @@ path = /var/lib/samba/netlogon guest ok = Yes locking = No +</screen> +</example> +<example id="sbent4smb3"> +<title>NT4 Migration Samba-3 Server <filename>smb.conf</filename> &smbmdash; Part: C</title> +<screen> [profiles] comment = Profile Share path = /var/lib/samba/profiles @@ -501,14 +514,15 @@ path = /var/lib/samba/drivers write list = root </screen> - The delete scripts are correctly commented out so that during the process of migration - no account information can be deleted. - </para></step> - +</example> <step><para> <indexterm><primary>slapd.conf</primary></indexterm> Configure OpenLDAP in preparation for the migration. An example - <filename>sladp.conf</filename> file is shown here: + <filename>sladp.conf</filename> file is shown in <link linkend="sbentslapd"/>. + </para></step> + +<example id="sbentslapd"> +<title>NT4 Migration LDAP Server Configuration File: <filename>/etc/openldap/slapd.conf</filename> &smbmdash; Part A</title> <screen> include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema @@ -534,7 +548,12 @@ access to attr=shadowLastChange access to * by * read by anonymous auth +</screen> +</example> +<example id="sbentslapd2"> +<title>NT4 Migration LDAP Server Configuration File: <filename>/etc/openldap/slapd.conf</filename> &smbmdash; Part B</title> +<screen> #loglevel 256 #schemacheck on @@ -566,13 +585,17 @@ index sambaPrimaryGroupSID eq index sambaDomainName eq index default sub </screen> - </para></step> +</example> <step><para> <indexterm><primary>nss_ldap</primary></indexterm> <indexterm><primary>/etc/ldap.conf</primary></indexterm> Install the PADL <command>nss_ldap</command> tool set, then configure the <filename>/etc/ldap.conf</filename> - as shown here: + as shown in <link linkend="sbrntldapconf"/>. + </para></step> + +<example id="sbrntldapconf"> +<title>NT4 Migration NSS LDAP File: <filename>/etc/ldap.conf</filename></title> <screen> host 127.0.0.1 @@ -591,11 +614,23 @@ nss_base_group ou=Groups,dc=terpstra-world,dc=org?one ssl off </screen> - </para></step> +</example> <step><para> <indexterm><primary>/etc/nsswitch.conf</primary></indexterm> - Edit the <filename>/etc/nsswitch.conf</filename> file so it has the following entries: + Edit the <filename>/etc/nsswitch.conf</filename> file so it has the entries shown + in <link linkend="sbentnss"/>. Note that the LDAP entries have been commented out. + This is deliberate. If these entries are active (not commented out), and the + <filename>/ec/ldap.conf</filename> file has been configured, when the LDAP server + is started, the process of starting the LDAP server will cause LDAP lookups. This + causes the LDAP server <command>slapd</command> to hang becasue it finds port 389 + open and therefore can not gain exclusive control of it. By commenting these entries + out it is possible to avoid this grid-lock situation and thus the over-all + installation and configuration will progress more smoothly. + </para></step> + +<example id="sbentnss"> +<title>NT4 Migration NSS Control File: <filename>/etc/nsswitch.conf</filename> (Stage:1)</title> <screen> passwd: files #ldap shadow: files #ldap @@ -615,16 +650,10 @@ publickey: files bootparams: files automount: files nis aliases: files +#passwd_compat: ldap #Not needed. +#group_compat: ldapa #Not needed. </screen> - Note that the LDAP entries have been commented out. This is deliberate. If these - entries are active (not commented out), and the <filename>/ec/ldap.conf</filename> - file has been configured, when the LDAP server is started, the process - of starting the LDAP server will cause LDAP lookups. This causes the LDAP server - <command>slapd</command> to hang becasue it finds port 389 open and therefore - can not gain exclusive control of it. By commenting these entries out it is possible - to avoid this grid-lock situation and thus the over-all installation and configuration - will progress more smoothly. - </para></step> +</example> <step><para> Validate the the target NT4 PDC name is being correctly resolved to its IP address by @@ -779,6 +808,11 @@ writing new configuration file: <step><para> Edit the <filename>/etc/nsswitch.conf</filename> file so it has the following entries: + Note that the LDAP entries above have now been uncommented. + </para></step> + +<example id="sbentnss2"> +<title>NT4 Migration NSS Control File: <filename>/etc/nsswitch.conf</filename> (Stage:2)</title> <screen> passwd: files ldap shadow: files ldap @@ -798,9 +832,10 @@ publickey: files bootparams: files automount: files nis aliases: files +#passwd_compat: ldap #Not needed. +#group_compat: ldapa #Not needed. </screen> - Note that the LDAP entries above have now been uncommented. - </para></step> +</example> <step><para> The LDAP management password must be installed into the <filename>secrets.tdb</filename> |