diff -ur MigrationTools-47/migrate_common.ph MigrationTools-47-krb5/migrate_common.ph
--- MigrationTools-47/migrate_common.ph	2009-06-22 16:16:02.730586333 +0200
+++ MigrationTools-47-krb5/migrate_common.ph	2009-06-22 16:15:55.070581897 +0200
@@ -120,6 +120,11 @@
 #	$DEFAULT_REALM = $DEFAULT_MAIL_DOMAIN;
 #	$DEFAULT_REALM =~ tr/a-z/A-Z/;
 #}
+
+# Default SMB SID (must be non-empty string)
+#if ($EXTENDED_SCHEMA) {
+#	$DEFAULT_SMB_SID = "";
+#}
 
 if (-x "/usr/sbin/revnetgroup") {
 	$REVNETGROUP = "/usr/sbin/revnetgroup";
diff -ur MigrationTools-47/migrate_passwd.pl MigrationTools-47-krb5/migrate_passwd.pl
--- MigrationTools-47/migrate_passwd.pl	2009-06-22 16:16:02.850581340 +0200
+++ MigrationTools-47-krb5/migrate_passwd.pl	2009-06-22 16:13:13.997264191 +0200
@@ -50,6 +52,7 @@
 	exit 1;
 }
 
+$do_samba = 0;
 while ($ARGV[0] =~ /^--.*/) {
 	if ($ARGV[0] eq "--minuid") {
 		$minuid = $ARGV[1];
@@ -57,13 +60,22 @@
 	} elsif ($ARGV[0] eq "--maxuid") {
 		$maxuid = $ARGV[1];
 		shift ; shift;
+	} elsif ($ARGV[0] eq "--samba") {
+		$do_samba = 1;
+		shift;
 	} else {
 		shift;
 	}
 }
 
+if ($do_samba && !defined($DEFAULT_SMB_SID)) {
+	print STDERR "You must set \$DEFAULT_SMB_SID in /etc/openldap/migrate_common.ph to migrate smbpasswd\n";
+	exit 2;
+}
+
 &parse_args();
 &read_shadow_file();
+if ($do_samba) { &read_samba(); }
 &open_files();
 
 while(<INFILE>)
@@ -138,7 +150,23 @@
 	print $HANDLE "objectClass: top\n";
 
 	if ($DEFAULT_REALM) {
-		print $HANDLE "objectClass: kerberosSecurityObject\n";
+		print $HANDLE "objectClass: krb5Principal\n";
+		print $HANDLE "objectClass: krb5KDCEntry\n";
+		print $HANDLE "krb5PrincipalName: $user\@$DEFAULT_REALM\n";
+		print $HANDLE "krb5KeyVersionNumber: 0\n";
+	}
+
+	if ($DEFAULT_SMB_SID) {
+		print $HANDLE "objectClass: sambaSamAccount\n";
+		print $HANDLE "displayName: $cn\n";
+		print $HANDLE "sambaSID: $DEFAULT_SMB_SID-$uid\n";
+		print $HANDLE "sambaPrimaryGroupSID: $DEFAULT_SMB_SID-$gid\n";
+		if ($do_samba) {
+			print $HANDLE "sambaLMPassword: ".$sambaUsers{$user}->{"sambaLMPassword"}."\n";
+			print $HANDLE "sambaNTPassword: ".$sambaUsers{$user}->{"sambaNTPassword"}."\n";
+			print $HANDLE "sambaAcctFlags: ".$sambaUsers{$user}->{"sambaAcctFlags"}."\n";
+			print $HANDLE "sambaPwdLastSet: ".$sambaUsers{$user}->{"sambaPwdLastSet"}."\n";
+		}
 	}
 
 	if ($shadowUsers{$user} ne "") {
@@ -147,10 +175,6 @@
 		print $HANDLE "userPassword: {crypt}$pwd\n";
 	}
 
-	if ($DEFAULT_REALM) {
-		print $HANDLE "krbName: $user\@$DEFAULT_REALM\n";
-	}
-
 	if ($shell) {
 		print $HANDLE "loginShell: $shell\n";
 	}
@@ -226,3 +250,16 @@
 	}
 }
 
+sub read_samba
+{
+	open(INPUT, "</etc/samba/smbpasswd");
+	while (<INPUT>) {
+		my ($sambaUser, $id, $lmp, $ntp, $f, $lf, $xxx) = split(':');
+		$sambaUsers{$sambaUser}->{"sambaLMPassword"} = $lmp;
+		$sambaUsers{$sambaUser}->{"sambaNTPassword"} = $ntp;
+		$sambaUsers{$sambaUser}->{"sambaAcctFlags"} = $f;
+		$lf =~ s/^LCT-//;
+		$sambaUsers{$sambaUser}->{"sambaPwdLastSet"} = hex($lf);
+	}
+	close(INPUT);
+}
diff -ur MigrationTools-47/migrate_group.pl MigrationTools-47-krb5/migrate_group.pl
--- MigrationTools-47/migrate_group.pl	2009-06-23 17:02:54.982471778 +0200
+++ MigrationTools-47-krb5/migrate_group.pl	2009-06-24 13:43:59.759317493 +0200
@@ -86,6 +86,11 @@
 	print $HANDLE "dn: cn=$group,$NAMINGCONTEXT\n";
 	print $HANDLE "objectClass: posixGroup\n";
 	print $HANDLE "objectClass: top\n";
+	if ($DEFAULT_SMB_SID) {
+		print $HANDLE "objectClass: sambaGroupMapping\n";
+		print $HANDLE "sambaSID: $DEFAULT_SMB_SID-$gid\n";
+		print $HANDLE "sambaGroupType: 2\n";
+	}
 	print $HANDLE "cn: $group\n";
 	if ($pwd) {
 		print $HANDLE "userPassword: {crypt}$pwd\n";