2013-04-02 05:35 keltezéssel, [email protected] írta:
On Mon, 1 Apr 2013, [email protected] wrote:
On Tue, 2 Apr 2013, Andrew Bartlett wrote:
On Mon, 2013-04-01 at 09:26 +0200, Gémes Géza wrote:
> 2013-04-01 02:36 keltezéssel, [email protected] írta:
> > Since I don't seem to be having any luck with the
classicupgrade, I > > decided to try starting from scratch and
then adding users.
> > > > I ran the command:
> > /usr/local/samba/bin/samba-tool domain provision --realm=<my
realm> \ > > --domain=<mydomain> --adminpass 'mypass'
--server-role=dc \
> > --dns-backend=BIND9_DLZ
> > > > Then I tried both adding and changing users. In neither
case can I > > change the SID with pdbedit. It seems to be added
with a > > system-defined SID, irrespective of what I specify.
pdbedit -v is > > able to list the user's parameters, including
the SID.
> > > > Any suggestions? I am pretty much stuck here trying to
figure out how > > to migrate from an existing SAMBA3 domain to
SAMBA4.
> > > > > Hi,
> > Trying to add users one by one (preserving SID) is IMHO a lot
harder > (you would probably need to ldbmodify the user record of
each one) to > do, than fixing your samba3 install to have it
classicupgraded.
Indeed. The only way to safely import a list of users who already
have
SIDs is to migrate them to Samba 4.0's AD DC using one of the
supported
migration tools.
These are 'samba-tool domain join dc' and 'samba-tool domain
classicupgrade'.
Perhaps I need to address why the "classicupgrade" did not work. I
see now that I did not pass the --dbdir option when running it
before. I'll try again.
I went back to trying to get the classicupgrade to work:
/usr/local/samba/bin/samba-tool domain classicupgrade \
--dbdir=/var/lib/samba/ --dbdir=/var/lib/samba/ --realm=a.b \
/etc/samba/smb.conf --use-xattrs=yes
For the realm, I used a subdomain of one of the two existing dns
domains in the LAN. It appears to be processing the information from
the old domain tdb files, although I see some errors:
Cannot open idmap database, Ignoring: [Errno 2] No such file or directory
Importing groups
Could not add group name=Remote Desktop Users ((68, "samldb: Account
name (sAMAccountName) 'Remote Desktop Users' already in use!"))
Could not modify AD idmap entry for
sid=S-1-5-21-4254857281-3346836279-4152649156-555, id=5077,
type=ID_TYPE_GID ((32, "Base-DN
'<SID=S-1-5-21-4254857281-3346836279-4152649156-555>' not found"))
Could not add posix attrs for AD entry for
sid=S-1-5-21-4254857281-3346836279-4152649156-555, ((32, "Base-DN
'<SID=S-1-5-21-4254857281-3346836279-4152649156-555>' not found"))
Group already exists
sid=S-1-5-21-4254857281-3346836279-4152649156-512, groupname=Domain
Admins existing_groupname=Domain Admins, Ignoring.
However, after this, all I get from pdbedit -L is:
# pdbedit -L
RAIDSERVER$:4294967295:
Administrator:4294967295:
[root@samba ~]# pdbedit -L
RAIDSERVER$:4294967295:
Administrator:4294967295:
krbtgt:4294967295:--dbdir=/var/lib/samba/ --realm=a.b
/etc/samba/smb.confnobody:99:Nobody
Any ideas? What information might help debug this?
Simon
Could this happen because pdbedit is from the samba3 install?
I recommend doing upgrade on a new box/virtual machine where no samba3
is installed, and copying the tdb files to the new box.
Regards
Geza Gemes
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
