On Fri, 26 Mar 2010 15:32:50 +0100, GG <[email protected]> wrote: > wow I made it! > > I copied net and all the libs it complained about from another suse > server which was not missing it :-) > > [2010/03/26 15:07:37, 0] param/loadparm.c:map_parameter(2435) > Unknown parameter encountered: "domain admin group" > [2010/03/26 15:07:37, 0] param/loadparm.c:lp_do_parameter(3125) > Ignoring unknown parameter "domain admin group" > SID for domain ThisIsLikeTheHostNameOrMaybeAtestDomain??? > is: S-1-5-21-1bla bla > SID for domain THISISMYDOMAIN is: S-1-5-other-bla bla > > Which shall I import? >
Import both for sure:-). First is localsid, second is domainsid > So now back to mail number 2 :-) > > LDAP: I exported ldif :-) now > I copied /etc/groups passwd shadow aliases > > now on the new server: > > how do I import LDAP and all its configs, > samba and all its configs are only in smb.conf? > Import only data to LDAP no configs (slapcat->slapadd) Configs yes, live data no, but if you have ldap it *should* be enough to import ldif from old server, configure samba to use ldap and run smbpasswd -W to store ldap admin dn pass to secrets.tdb. After that you can test if samba see imported users in ldap (pdbedit -L). > :-) > Giorgio > > > > On 3/26/10, Vladimir Psenicka <[email protected]> wrote: >> Paste ldap admin dn or ldap suffix in your smb.conf >> >> Dne 26.3.2010 15:24, Vladimir Psenicka napsal(a): >> > try this: >> > >> > ldapsearch -x -h localhost -D "cn=Manager,dc=WORKGROUP,dc=it" -W -b >> > "sambaDomainName=WORKGROUP,dc=WORKGROUP,dc=it" >> > >> > Dne 26.3.2010 15:00, GG napsal(a): >> >> Hello! >> >> >> >> I'm stuck on getdomainsid: Net command is missing even though libs and >> >> smbclient are installed. >> >> >> >> I tried this: >> >> # ldapsearch -x -h localhost -D "cn=Manager,dc=domain,dc=it" -W -b >> >> "sambaDomainName=WORKGROUP,dc=domain,dc=it" >> >> Enter LDAP Password: >> >> # extended LDIF >> >> # >> >> # LDAPv3 >> >> # base <sambaDomainName=WORKGROUP,dc=domain,dc=it> with scope sub >> >> # filter: (objectclass=*) >> >> # requesting: ALL >> >> # >> >> >> >> # search result >> >> search: 2 >> >> result: 34 Invalid DN syntax >> >> text: invalid DN >> >> >> >> # numResponses: 1 >> >> >> >> So: I'm not sure what is sambaDomainName=domain,dc=domain,dc=it... >> >> I used WORKGROUP as it is the domain we use on pcs and the only one >> >> defined in smb.conf >> >> >> >> I also tried using my pdc HOSTNAME >> >> >> >> and this was returned >> >> # LDAPv3 >> >> # base <sambaDomainName=hostname,dc=domain,dc=it> with scope sub >> >> # filter: (objectclass=*) >> >> # requesting: ALL >> >> # >> >> >> >> # search result >> >> search: 2 >> >> result: 34 Invalid DN syntax >> >> text: invalid DN >> >> >> >> # numResponses: 1 >> >> >> >> Any way to get through this or how to use net command? Maybe updating >> >> samba-client? >> >> >> >> I tried rpm -i samba-client but it says >> >> file /usr/share/man/man1/smbclient.1.gz from install of >> >> samba-client-2.2.12-1.suse82 conflicts with file from package >> >> samba-client-2.2.7a-72 when trying to rpm -i samba-client-2.2.12-1.rpm >> >> >> >> I found also the original package but it says it is already installed. >> >> >> >> What happens if I remove samba-client and reinstall it soon after on >> >> the production pdc? >> >> >> >> >> >> Giorgio >> >> >> >> On 3/26/10, Vladimir Psenicka <[email protected]> wrote: >> >>> Dne 26.3.2010 13:50, GG napsal(a): >> >>>> Hello! >> >>>> >> >>>>>> Have you samba-client package installed? >> >>>>>> >> >>>> >> >>>> yes I do at least smbclient is there! but no net command :-/ >> >>>> >> >>>>>> pavouk\pseni...@psenicka:~> rpm -qf `which net` >> >>>>>> samba-client-3.5.1-4.1.x86_64 >> >>>> >> >>>> So here are the issues encountered... >> >>>> file /usr/share/man/man1/smbclient.1.gz from install of >> >>>> samba-client-2.2.12-1.suse82 conflicts with file from package >> >>>> samba-client-2.2.7a-72 when trying to rpm -i >> >>>> samba-client-2.2.12-1.rpm >> >>>> I found on net... >> >>>> >> >>>>>> >> >>>>>> or you can dig domainsid from ldap >> >>>> >> >>>> This sounds interesting! How do I do that? >> >>>> >> >>> >> >>> modify to your needs (domain): >> >>> >> >>> ldapsearch -x -h ldap -D "cn=admin,dc=domain,dc=cz" -W -b >> >>> "sambaDomainName=domain,dc=domain,dc=cz" >> >>> >> >>> sambaSID: is your domainsid >> >>> >> >>> or you can use phpldapadmin to manage you ldap from browser >> >>> >> >>>> Thanks very much! >> >>>> Giorgio >> >>>> >> >>>> On 3/26/10, GG <[email protected]> wrote<script type="text/javascript" src="https://mail.prodeco.cz/roundcube/program/js/tiny_mce/themes/advanced/langs/cs.js?s=1240817786";></script>: >> >>>>> Hi! >> >>>>> >> >>>>> I'll be at it in a few minutes installing samba client / net >> >>>>> command :-) >> >>>>> >> >>>>> I have a question about the samba sernet repos: >> >>>>> Shall I apt-get remove samba and use >> >>>>> http://enterprisesamba.com/index.php?id=148 + >> >>>>> http://enterprisesamba.com/index.php?id=56 >> >>>>> instead from start? >> >>>>> >> >>>>> What is the real advantage of sernet? What about installing >> >>>>> official >> >>>>> samba.org packages, are there differences with sernet (stability?) >> >>>>> or >> >>>>> is it just a more liberal repository? >> >>>>> >> >>>>> Also I read >> >>>>>>>> Ensure that all local user and group accounts that are used by >> >>>>>>>> samba >> >>>>>>>> have the same uid/gid. >> >>>>> >> >>>>> Shall I copy /etc/shadow and /etc/passwd over? other files for >> >>>>> groups >> >>>>> and users? >> >>>>> >> >>>>> I use rsync --verbose --progress --stats --compress --rsh=ssh \ >> >>>>> --recursive --times --perms --links \ >> >>>>> --owner --group --devices --specials \ >> >>>>> --exclude-from '/root/exclude.txt (if any, not in this case as >> >>>>> I'm only syncing data dir)' \ >> >>>>> r...@old_pdc:/DATA /DATA >> >>>>> >> >>>>> This should bring over every attribute set on files... correct? >> >>>>> >> >>>>> [[[did only partially in one case: I set up a twin install (fresh >> >>>>> install then live cd and full rsync and after that I kept mbr, but >> >>>>> changed /boot and the /ect/fstab settings) and the server started >> >>>>> etc.. LDAP did not work though: authentication was not available... >> >>>>> So I must be missing something or this rsync parameter set must be >> >>>>> missing something.. I had disconnected old PDC, set same IP and >> >>>>> hostname to the VM well this worked well for other virtualizations >> >>>>> and >> >>>>> in this PDC I need to upgrade to win7 compatible samba version >> >>>>> anyway >> >>>>> :-) >> >>>>> This was another story but just to share it as it is an excellent >> >>>>> way >> >>>>> of migrating sometimes specially for machines you do not master and >> >>>>> this is my case very often.]]] >> >>>>> >> >>>>> Cheers, >> >>>>> Giorgio >> >>>>> >> >>>>> On Fri, Mar 26, 2010 at 9:14 AM, Vladimir Psenicka >> >>>>> <[email protected]> wrote: >> >>>>>> Hi >> >>>>>> >> >>>>>> Dne 25.3.2010 17:41, GG napsal(a): >> >>>>>>> Hello Vladimir, John and all the NG :-) >> >>>>>>> Thanks so much for answering. I really hoped someone would :-) >> >>>>>>> >> >>>>>>> So I installed Debian latest stable netinst on the future >> >>>>>>> production >> >>>>>>> server and here are my issues in the quotes :-( no net command >> >>>>>>> on my >> >>>>>>> suse 8.2 >> >>>>>>> >> >>>>>>> Cheers :-) >> >>>>>>> Giorgio >> >>>>>>> >> >>>>>>> >> >>>>>>>> On Thu, Mar 25, 2010 at 14:00, John H Terpstra <*[email protected]> >> >>>>>>>> wrote: >> >>>>>>>>> On 03/25/2010 03:33 AM, Vladimir Psenicka wrote: >> >>>>>>>>> What about Debian Stable with Sernet samba repo, where you can >> >>>>>>>>> choose >> >>>>>>>>> Samba 3.4.x or 3.5.x >> >>>>>>>>> >> >>>>>>>>> My hints on migrating to new server: >> >>>>>>>>> >> >>>>>>>>> 1. install new server (Samba,ldap etc.) >> >>>>>>> >> >>>>>>> done :-) Debian Stable netinst >> >>>>>>> >> >>>>>>>>> 2. set same hostname on new server >> >>>>>>> My ignorance comes out :-) >> >>>>>>> Must I set it different from the production server as FW points >> >>>>>>> production.domain.com - I have clients using DNS=oldPDC and PDC >> >>>>>>> forwards queries to FW. FW has pdc.domain.com defined to point >> >>>>>>> to lan >> >>>>>>> ip. >> >>>>>>> >> >>>>>> >> >>>>>> Ok, can be changed later >> >>>>>> >> >>>>>>>>> 3. export ldap data from old server and import them to new >> >>>>>>>>> server >> >>>>>>> >> >>>>>>> slapcat -f /etc/openldap/ldap.conf -l /ldap.ldif >> >>>>>>> OK >> >>>>>>> >> >>>>>>>> Ensure that all local user and group accounts that are used by >> >>>>>>>> samba >> >>>>>>>> have the same uid/gid. >> >>>>>>> my ignorance again... another hint? >> >>>>>>>> >> >>>>>>>>> 4. export SID (net getlocalsid) and set it on new server (net >> >>>>>>>>> setlocalsid oldsid) >> >>>>>>>> >> >>>>>>>> Note: >> >>>>>>>> net getdomainsid (on old server) >> >>>>>>>> net setdomainsid (on new server) >> >>>>>>> thanks :-) >> >>>>>>> >> >>>>>>> # net getdomainsid >> >>>>>>> -bash: net: command not found :-( and not found in yast >> >>>>>>> >> >>>>>>> I understand it has to do with extracting the sid from >> >>>>>>> /etc/samba/secrets.tdb but how do I install the command? suse >> >>>>>>> 8.2 yast >> >>>>>>> has now net package and googling net is.. well wow! >> >>>>>>> >> >>>>>> >> >>>>>> Have you samba-client package installed? >> >>>>>> >> >>>>>> pavouk\pseni...@psenicka:~> rpm -qf `which net` >> >>>>>> samba-client-3.5.1-4.1.x86_64 >> >>>>>> >> >>>>>> or you can dig domainsid from ldap >> >>>>>> >> >>>>>>>>> 5. configure samba on new server as PDC with ldap and shares >> >>>>>>>>> in smb.conf >> >>>>>>>>> from old samba smb.conf (check with testparm) >> >>>>>>> >> >>>>>>> I see it only contains shares so I bet smb.conf would just keep >> >>>>>>> all >> >>>>>>> the old settings rigth? /DATA will be rsynced >> >>>>>>> >> >>>>>> >> >>>>>> Maybe smb.conf from Samba2 is too different from Samba 3. I will >> >>>>>> keep >> >>>>>> current smb.conf on new server and add only shares from old >> >>>>>> smb.conf to >> >>>>>> new smb.conf. >> >>>>>> >> >>>>>>>>> 6. stop samba on old server >> >>>>>>>>> 7. copy all data (with perms) and netlogon share to new server >> >>>>>>>>> 8. stop old server >> >>>>>>>>> 9. start samba on new server a check everything is working >> >>>>>>>>> fine (domain >> >>>>>>>>> logon from windows box, shares and perms) >> >>>>>>>>> >> >>>>>>>>> This can be done best when no users are logged in samba (maybe >> >>>>>>>>> at weekend?) >> >>>>>>>>> >> >>>>>>>>> P.S. We have ubuntu 8.04 as PDC and Windows 7 can't join to >> >>>>>>>>> domain >> >>>>>>> >> >>>>>>> thanks I move to Debian with ease :-) ubuntu is a great deb >> >>>>>>> derived right? >> >>>>>>> >> >>>>>> Ubuntu 8.04 LTS is now older than Debian Stable. When Ubuntu >> >>>>>> 10.04 LTS >> >>>>>> comes out this will be no longer truth. >> >>>>>> >> >>>>>>>> Check http://wiki.samba.org for info regarding Windows 7. >> >>>>>>>> >> >>>>>>>> Cheers, >> >>>>>>>> John T. >> >>>>>>>> >> >>>>>>>>> Dne 25.3.2010 01:05, GG napsal(a): >> >>>>>>>>>> Hello Vladimir and hi all, >> >>>>>>>>>> >> >>>>>>>>>> Thanks very much for replying! >> >>>>>>>>>> >> >>>>>>>>>> Any suggested os? I'd go for debian or what advised, I just >> >>>>>>>>>> happen to >> >>>>>>>>>> know ubuntu more... >> >>>>>>>>>> >> >>>>>>>>>> >> >>>>>>>>>> Any strategy or hint on migrating from ancient ldap + samba >> >>>>>>>>>> to a new server? >> >>>>>>>>>> Already tried rsyncing (using all options to keep perms and >> >>>>>>>>>> attributes >> >>>>>>>>>> grp own mod etc) on a twin v-machine but server starts and >> >>>>>>>>>> the ldap >> >>>>>>>>>> auth fails to work :-( >> >>>>>>>>>> >> >>>>>>>>>> I'm a bit stuck at the moment :-( and I have posponed the >> >>>>>>>>>> problem for >> >>>>>>>>>> too long grrr >> >>>>>>>>>> >> >>>>>>>>>> Giorgio >> >>>>>>>>>> >> >>>>>>>>>> On Wed, Mar 24, 2010 at 9:20 AM, Vladimir Psenicka >> >>>>>>>>>> <[email protected]> wrote: >> >>>>>>>>>>> Dne 23.3.2010 15:48, Giorgio napsal(a): >> >>>>>>>>>>>> Hello, >> >>>>>>>>>>>> Hopefully I'm in the right place asking for help :-) >> >>>>>>>>>>>> >> >>>>>>>>>>>> I need to move from an old physical Suse 8.2 - samba 2.2.7 >> >>>>>>>>>>>> + ldap - to >> >>>>>>>>>>>> latest samba versions, I would like to use an ubuntu 8.04 >> >>>>>>>>>>>> virtual machine. >> >>>>>>>>>>>> >> >>>>>>>>>>>> The domain is in production on the physical server, to be >> >>>>>>>>>>>> dismissed after >> >>>>>>>>>>>> migration. It is also the file server!!! so /DATA/ has all >> >>>>>>>>>>>> shared and >> >>>>>>>>>>>> permission driven file access.. >> >>>>>>>>>>>> >> >>>>>>>>>>>> I was following >> >>>>>>>>>>>> https://help.ubuntu.com/8.10/serverguide/C/samba-dc.html but >> >>>>>>>>>>>> I realize I am in a different scenario... >> >>>>>>>>>>>> >> >>>>>>>>>>>> Production so no errors are admitted :-(, migration to new >> >>>>>>>>>>>> os and versions.. >> >>>>>>>>>>>> all at once? >> >>>>>>>>>>>> >> >>>>>>>>>>>> I have a dump of the physical server (dd sda mbr and single >> >>>>>>>>>>>> partitions :) >> >>>>>>>>>>>> plus an rsync with all permissions daily backup, just to be >> >>>>>>>>>>>> safe ;) >> >>>>>>>>>>>> >> >>>>>>>>>>>> >> >>>>>>>>>>>> What would you guru's suggest as a strategy? >> >>>>>>>>>>>> >> >>>>>>>>>>>> Can I create a new server and add it as secondary domain >> >>>>>>>>>>>> controller and then >> >>>>>>>>>>>> once the replica is up? I'd feel quite comfortable with >> >>>>>>>>>>>> this method. >> >>>>>>>>>>>> >> >>>>>>>>>>>> BTW I need a new version of samba as they have already >> >>>>>>>>>>>> bought Windows 7 >> >>>>>>>>>>>> boxes (without asking if they were supported arrgh). >> >>>>>>>>>>>> >> >>>>>>>>>>>> Thanks to all of you who read or answered :-) >> >>>>>>>>>>>> >> >>>>>>>>>>>> Gio >> >>>>>>>>>>> >> >>>>>>>>>>> Hi. >> >>>>>>>>>>> >> >>>>>>>>>>> Ubuntu 8.10 is bad idea if you will be connecting Windows 7 >> >>>>>>>>>>> into domain, >> >>>>>>>>>>> because of old Samba version. Samba 3.4.x or 3.5.x is >> >>>>>>>>>>> recommended for >> >>>>>>>>>>> Win7. Wait for Ubuntu 10.04 LTS (next month) if you want >> >>>>>>>>>>> Ubuntu. >> >>>>>>>>>>> >> >>>>>>>>>>> -- >> >>>>>>>>>>> Vladimir Psenicka >> >>>>>>>>>>> -- >> >>>>>>>>>>> To unsubscribe from this list go to the following URL and >> >>>>>>>>>>> read the >> >>>>>>>>>>> instructions: https://lists.samba.org/mailman/options/samba >> >>>>>>>>>>> >> >>>>>>>>> >> >>>>>>>>> >> >>>>>>>> >> >>>>>>>> -- >> >>>>>>>> To unsubscribe from this list go to the following URL and read >> >>>>>>>> the >> >>>>>>>> instructions: https://lists.samba.org/mailman/options/samba >> >>>>>> >> >>>>>> >> >>>>>> -- >> >>>>>> Vladimir Psenicka >> >>>>>> IT system engineer >> >>>>>> PRODECO, a.s. >> >>>>>> Tel.: 417 633 762 >> >>>>>> -- >> >>>>>> To unsubscribe from this list go to the following URL and read the >> >>>>>> instructions: https://lists.samba.org/mailman/options/samba >> >>>>>> >> >>>>> >> >>> >> >>> >> >>> -- >> >>> Vladimir Psenicka >> >>> IT system engineer >> >>> PRODECO, a.s. >> >>> Tel.: 417 633 762 >> >>> -- >> >>> To unsubscribe from this list go to the following URL and read the >> >>> instructions: https://lists.samba.org/mailman/options/samba >> >>> >> > >> > >> >> >> -- >> Vladimir Psenicka >> IT system engineer >> PRODECO, a.s. >> Tel.: 417 633 762 >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
