They should be the same SID. The SID of a DC should the same as the
SID of the domain itself. And if you had multiple DC's they should all
have the same SID.
At least that is what I have and it seems to work for me.
On 04/07/2010 10:14 AM, GG wrote:
Hello Vladimir and anyone else reading :-) !
Attaching these files:
- gg-edited.ldif
- slapd.conf.destination.txt
- slapd.conf.source.txt
- ldap.conf.destination.txt
- ldap.conf.source.txt
- slapadd-ing.LOG this was the log while importing ldif
NET SID ETC
net setlocalsid S-1-5-21-1168...........-..................-...............2
net setdomainsid S-1-5-21-1168...........-..................-...............1
does net setlocal and domain sid have sense or should it be
net setdomainsid
twice with different sids?
Thanks very much!
Giorgio
On 4/6/10, Vladimir Psenicka<[email protected]> wrote:
Hi Gorgio
Dne 2.4.2010 17:01, GG napsal(a):
Hi all,
So I have
openldap2-2.1.12-74
samba-2.2.7a-72
I would like to migrate this existing PDC service to a new server and
to current production / stable releases (especially for windows 7
joining to the domain).
New server is Debian Lenny stable.
I have exported the domain SID, and ldap.ldif
Now lets get down to it :-)
Before importing should I do something about organizational units and so? How?
Import only data to LDAP no configs (slapcat->slapadd)
slapadd -c -l slapcat.ldif
I did this but attached errors showed up.
Error, entries missing!
entry 3: dc=people,dc=ExampleDomain,dc=it
entry 4: dc=groups,dc=people,dc=ExampleDomain,dc=it
Can you post first 100 lines of your ldif you try to import? You
probably missing some base ldif.
I know nothing about ldap, but my ldap is probably missing some pre
required settings ? :-/
Can you post slapd.conf also?
Cheers!
Giorgio
Configs yes, live data no, but if you have ldap it *should* be enough to
import ldif from old server, configure samba to use ldap and run smbpasswd
-W to store ldap admin dn pass to secrets.tdb. After that you can test if
samba see imported users in ldap (pdbedit -L).
On 3/27/10, Vladimir Psenicka<[email protected]> wrote:
On Fri, 26 Mar 2010 15:32:50 +0100, GG<[email protected]> wrote:
wow I made it!
I copied net and all the libs it complained about from another suse
server which was not missing it :-)
[2010/03/26 15:07:37, 0] param/loadparm.c:map_parameter(2435)
Unknown parameter encountered: "domain admin group"
[2010/03/26 15:07:37, 0] param/loadparm.c:lp_do_parameter(3125)
Ignoring unknown parameter "domain admin group"
SID for domain ThisIsLikeTheHostNameOrMaybeAtestDomain???
is: S-1-5-21-1bla bla
SID for domain THISISMYDOMAIN is: S-1-5-other-bla bla
Which shall I import?
Import both for sure:-). First is localsid, second is domainsid
So now back to mail number 2 :-)
LDAP: I exported ldif :-) now
I copied /etc/groups passwd shadow aliases
now on the new server:
how do I import LDAP and all its configs,
samba and all its configs are only in smb.conf?
Import only data to LDAP no configs (slapcat->slapadd)
Configs yes, live data no, but if you have ldap it *should* be enough to
import ldif from old server, configure samba to use ldap and run smbpasswd
-W to store ldap admin dn pass to secrets.tdb. After that you can test if
samba see imported users in ldap (pdbedit -L).
:-)
Giorgio
On 3/26/10, Vladimir Psenicka<[email protected]> wrote:
Paste ldap admin dn or ldap suffix in your smb.conf
Dne 26.3.2010 15:24, Vladimir Psenicka napsal(a):
try this:
ldapsearch -x -h localhost -D "cn=Manager,dc=WORKGROUP,dc=it" -W -b
"sambaDomainName=WORKGROUP,dc=WORKGROUP,dc=it"
Dne 26.3.2010 15:00, GG napsal(a):
Hello!
I'm stuck on getdomainsid: Net command is missing even though libs
and
smbclient are installed.
I tried this:
# ldapsearch -x -h localhost -D "cn=Manager,dc=domain,dc=it" -W -b
"sambaDomainName=WORKGROUP,dc=domain,dc=it"
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base<sambaDomainName=WORKGROUP,dc=domain,dc=it> with scope sub
# filter: (objectclass=*)
# requesting: ALL
#
# search result
search: 2
result: 34 Invalid DN syntax
text: invalid DN
# numResponses: 1
So: I'm not sure what is sambaDomainName=domain,dc=domain,dc=it...
I used WORKGROUP as it is the domain we use on pcs and the only one
defined in smb.conf
I also tried using my pdc HOSTNAME
and this was returned
# LDAPv3
# base<sambaDomainName=hostname,dc=domain,dc=it> with scope sub
# filter: (objectclass=*)
# requesting: ALL
#
# search result
search: 2
result: 34 Invalid DN syntax
text: invalid DN
# numResponses: 1
Any way to get through this or how to use net command? Maybe
updating
samba-client?
I tried rpm -i samba-client but it says
file /usr/share/man/man1/smbclient.1.gz from install of
samba-client-2.2.12-1.suse82 conflicts with file from package
samba-client-2.2.7a-72 when trying to rpm -i
samba-client-2.2.12-1.rpm
I found also the original package but it says it is already
installed.
What happens if I remove samba-client and reinstall it soon after on
the production pdc?
Giorgio
On 3/26/10, Vladimir Psenicka<[email protected]> wrote:
Dne 26.3.2010 13:50, GG napsal(a):
Hello!
Have you samba-client package installed?
yes I do at least smbclient is there! but no net command :-/
pavouk\pseni...@psenicka:~> rpm -qf `which net`
samba-client-3.5.1-4.1.x86_64
So here are the issues encountered...
file /usr/share/man/man1/smbclient.1.gz from install of
samba-client-2.2.12-1.suse82 conflicts with file from package
samba-client-2.2.7a-72 when trying to rpm -i
samba-client-2.2.12-1.rpm
I found on net...
or you can dig domainsid from ldap
This sounds interesting! How do I do that?
modify to your needs (domain):
ldapsearch -x -h ldap -D "cn=admin,dc=domain,dc=cz" -W -b
"sambaDomainName=domain,dc=domain,dc=cz"
sambaSID: is your domainsid
or you can use phpldapadmin to manage you ldap from browser
Thanks very much!
Giorgio
On 3/26/10, GG<[email protected]> wrote<script
type="text/javascript"
src="https://mail.prodeco.cz/roundcube/program/js/tiny_mce/themes/advanced/langs/cs.js?s=1240817786";></script>:
Hi!
I'll be at it in a few minutes installing samba client / net
command :-)
I have a question about the samba sernet repos:
Shall I apt-get remove samba and use
http://enterprisesamba.com/index.php?id=148 +
http://enterprisesamba.com/index.php?id=56
instead from start?
What is the real advantage of sernet? What about installing
official
samba.org packages, are there differences with sernet
(stability?)
or
is it just a more liberal repository?
Also I read
Ensure that all local user and group accounts that are used by
samba
have the same uid/gid.
Shall I copy /etc/shadow and /etc/passwd over? other files for
groups
and users?
I use rsync --verbose --progress --stats --compress --rsh=ssh \
--recursive --times --perms --links \
--owner --group --devices --specials \
--exclude-from '/root/exclude.txt (if any, not in this case
as
I'm only syncing data dir)' \
r...@old_pdc:/DATA /DATA
This should bring over every attribute set on files... correct?
[[[did only partially in one case: I set up a twin install (fresh
install then live cd and full rsync and after that I kept mbr,
but
changed /boot and the /ect/fstab settings) and the server started
etc.. LDAP did not work though: authentication was not
available...
So I must be missing something or this rsync parameter set must
be
missing something.. I had disconnected old PDC, set same IP and
hostname to the VM well this worked well for other
virtualizations
and
in this PDC I need to upgrade to win7 compatible samba version
anyway
:-)
This was another story but just to share it as it is an excellent
way
of migrating sometimes specially for machines you do not master
and
this is my case very often.]]]
Cheers,
Giorgio
On Fri, Mar 26, 2010 at 9:14 AM, Vladimir Psenicka
<[email protected]> wrote:
Hi
Dne 25.3.2010 17:41, GG napsal(a):
Hello Vladimir, John and all the NG :-)
Thanks so much for answering. I really hoped someone would :-)
So I installed Debian latest stable netinst on the future
production
server and here are my issues in the quotes :-( no net command
on my
suse 8.2
Cheers :-)
Giorgio
On Thu, Mar 25, 2010 at 14:00, John H Terpstra<*[email protected]>
wrote:
On 03/25/2010 03:33 AM, Vladimir Psenicka wrote:
What about Debian Stable with Sernet samba repo, where you
can
choose
Samba 3.4.x or 3.5.x
My hints on migrating to new server:
1. install new server (Samba,ldap etc.)
done :-) Debian Stable netinst
2. set same hostname on new server
My ignorance comes out :-)
Must I set it different from the production server as FW points
production.domain.com - I have clients using DNS=oldPDC and PDC
forwards queries to FW. FW has pdc.domain.com defined to point
to lan
ip.
Ok, can be changed later
3. export ldap data from old server and import them to new
server
slapcat -f /etc/openldap/ldap.conf -l /ldap.ldif
OK
Ensure that all local user and group accounts that are used by
samba
have the same uid/gid.
my ignorance again... another hint?
4. export SID (net getlocalsid) and set it on new server (net
setlocalsid oldsid)
Note:
net getdomainsid (on old server)
net setdomainsid (on new server)
thanks :-)
# net getdomainsid
-bash: net: command not found :-( and not found in yast
I understand it has to do with extracting the sid from
/etc/samba/secrets.tdb but how do I install the command? suse
8.2 yast
has now net package and googling net is.. well wow!
Have you samba-client package installed?
pavouk\pseni...@psenicka:~> rpm -qf `which net`
samba-client-3.5.1-4.1.x86_64
or you can dig domainsid from ldap
5. configure samba on new server as PDC with ldap and shares
in smb.conf
from old samba smb.conf (check with testparm)
I see it only contains shares so I bet smb.conf would just keep
all
the old settings rigth? /DATA will be rsynced
Maybe smb.conf from Samba2 is too different from Samba 3. I will
keep
current smb.conf on new server and add only shares from old
smb.conf to
new smb.conf.
6. stop samba on old server
7. copy all data (with perms) and netlogon share to new
server
8. stop old server
9. start samba on new server a check everything is working
fine (domain
logon from windows box, shares and perms)
This can be done best when no users are logged in samba
(maybe
at weekend?)
P.S. We have ubuntu 8.04 as PDC and Windows 7 can't join to
domain
thanks I move to Debian with ease :-) ubuntu is a great deb
derived right?
Ubuntu 8.04 LTS is now older than Debian Stable. When Ubuntu
10.04 LTS
comes out this will be no longer truth.
Check http://wiki.samba.org for info regarding Windows 7.
Cheers,
John T.
Dne 25.3.2010 01:05, GG napsal(a):
Hello Vladimir and hi all,
Thanks very much for replying!
Any suggested os? I'd go for debian or what advised, I just
happen to
know ubuntu more...
Any strategy or hint on migrating from ancient ldap + samba
to a new server?
Already tried rsyncing (using all options to keep perms and
attributes
grp own mod etc) on a twin v-machine but server starts and
the ldap
auth fails to work :-(
I'm a bit stuck at the moment :-( and I have posponed the
problem for
too long grrr
Giorgio
On Wed, Mar 24, 2010 at 9:20 AM, Vladimir Psenicka
<[email protected]> wrote:
Dne 23.3.2010 15:48, Giorgio napsal(a):
Hello,
Hopefully I'm in the right place asking for help :-)
I need to move from an old physical Suse 8.2 - samba 2.2.7
+ ldap - to
latest samba versions, I would like to use an ubuntu 8.04
virtual machine.
The domain is in production on the physical server, to be
dismissed after
migration. It is also the file server!!! so /DATA/ has all
shared and
permission driven file access..
I was following
https://help.ubuntu.com/8.10/serverguide/C/samba-dc.html
but
I realize I am in a different scenario...
Production so no errors are admitted :-(, migration to new
os and versions..
all at once?
I have a dump of the physical server (dd sda mbr and
single
partitions :)
plus an rsync with all permissions daily backup, just to
be
safe ;)
What would you guru's suggest as a strategy?
Can I create a new server and add it as secondary domain
controller and then
once the replica is up? I'd feel quite comfortable with
this method.
BTW I need a new version of samba as they have already
bought Windows 7
boxes (without asking if they were supported arrgh).
Thanks to all of you who read or answered :-)
Gio
Hi.
Ubuntu 8.10 is bad idea if you will be connecting Windows 7
into domain,
because of old Samba version. Samba 3.4.x or 3.5.x is
recommended for
Win7. Wait for Ubuntu 10.04 LTS (next month) if you want
Ubuntu.
--
Vladimir Psenicka
--
To unsubscribe from this list go to the following URL and
read the
instructions:
https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read
the
instructions: https://lists.samba.org/mailman/options/samba
--
Vladimir Psenicka
IT system engineer
PRODECO, a.s.
Tel.: 417 633 762
--
To unsubscribe from this list go to the following URL and read
the
instructions: https://lists.samba.org/mailman/options/samba
--
Vladimir Psenicka
IT system engineer
PRODECO, a.s.
Tel.: 417 633 762
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
Vladimir Psenicka
IT system engineer
PRODECO, a.s.
Tel.: 417 633 762
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
Vladimir Psenicka
IT system engineer
PRODECO, a.s.
Tel.: 417 633 762
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
