Migrating users with the adbindproxy perl script

If winbind is not currently configured in your /etc/nsswitch.conf file, follow the steps below after you’ve installed the adbindproxy package.

This script gets the UID andGID files from Samba. You then import them into Active Directory.

To migrate UNIX user profiles to Active Directory using the adbindproxy.pl script:

  1. Identify the Samba servers you want to update to integrate with authentication, privilege elevation, and audit and monitoring services.
  2. On each of the Samba servers to be updated, locate the winbindd_idmap.tdb file and create a backup copy of the file.
    1. To locate the winbindd_idmap.tdb file, you can run a command similar to the following to view details about the Samba build:

      /CurrentSambaBInaryPath/smbd -b |grep -i lockdir

    2. In the output, you should see a line similar to the following that indicates the location of the winbind_idmap.tdb file:

      LOCKDIR: /var/lib/samba

  3. Make a backup copy of the winbindd_idmap.tdb file.

    For example:

    cp /var/lib/samba/winbind_idmap.tdb /tmp/winbind_idmap.tdb.pre_adbindproxybackup

  4. Run the adbindproxy.pl script with the following options to generate the export files.

    perl /usr/share/centrifydc/bin/adbindproxy.pl --export --groupFile filename --userFile filename --tdbFile filename

    See Using adbindproxy.pl for details about the command-line parameters for adbindproxy.pl.

    When you run these adbindproxy.pl options it generates export files for the users and the groups that are currently known by the Samba server. By default, these files are created as:

    /var/centrify/samba/passwd

    /var/centrify/samba/group

  5. Move the exported files to a computer where you have installed the Access Manager console.
  6. In the Access Manager console, use the Import from UNIX wizard to import the users and groups (with their existing UID and GID mappings) into the zone.

    For more information on importing existing user and group information and mapping information to Active Directory, see the “Importing existing users and groups” chapter in the Administrator’s Guide for Linux and UNIX.