Kang Sun wrote: >> Hello Mike, >> >> I did similar things and have similar problems. >> I looked at the ldap database, the migration did nothing but get all >> the names of users and machines. >> If the smbldap-* scripts are the only things vampire process is >> calling, I don't see how would it would get anything else.
Agreed, although when migrating with a tdbsam backend, the vampire process will populate the tdbsam with NT passwords and suchlike, but also runs the useradd scripts to add the posix users, so I thought that there may be some other data that Samba puts into LDAP directly, not via invoking the scripts. The documentation from John Terpstra's book (available online at http://de.samba.org/samba/docs/man/Samba-Guide/migration.html#id2549828) suggests that the process should work with an LDAP backend, but I'm currently at a loss to see howm and I'm unable to replicate this, even on a test network, with various versions of the Idealx smbldap-tools. It doesn't appear to work as advertised at the moment. >> After vampiring, >> >> 1. All the computer accounts and user accounts (posixAccount as well) Kang Sun wrote: >> Hello Mike, >> >> I did similar things and have similar problems. >> I looked at the ldap database, the migration did nothing but get all the >> names of users and machines. >> If the smbldap-* scripts are the only things vampire process is calling, I >> don't see how would it would get anything else. Agreed, although when migrating with a tdbsam backend, the vampire process will populate the tdbsam with NT passwords and suchlike, but also runs the useradd scripts to add the posix users, so I thought that there may be some other data that Samba puts into LDAP directly, not via invoking the scripts. The documentation from John Terpstra's book (available online at http://de.samba.org/samba/docs/man/Samba-Guide/migration.html#id2549828) suggests that the process should work with an LDAP backend, but I'm currently at a loss to see howm and I'm unable to replicate this, even on a test network, with various versions of the Idealx smbldap-tools. It doesn't appear to work as advertised at the moment. >> After vampiring, >> >> 1. All the computer accounts and user accounts (posixAccount as well) >> are created just like being created by by smbldap-useradd, with the >> default parameters as defined in the smbldap.conf or >> smbldap_config.pm, eg, profiles, logon scripts, etc, user name, etc. Yes, this seems to work when run from the command line. Vampiring seems to throw up some errors that I've not tracked down yet though. >> 2. Users lost its domain membership. Every user accounts are now >> belonging to "Domain Users" group. No one in "Domain Admins" group >> except Administrator. >> >> The migration process must have done more than just calling these >> smbldap-tools scripts, but I just don't see the effect. >> >> What do you see if you do >> smbldap-usershow <userid> or <machinename>$ ? # smbldap-usershow detritus dn: uid=rwind,ou=People,dc=acu,dc=ac,dc=uk objectClass: top,inetOrgPerson,posixAccount,shadowAccount,sambaSAMAccount cn: rwind sn: rwind uid: rwind uidNumber: 1006 gidNumber: 513 homeDirectory: /home/rwind loginShell: /bin/bash gecos: System User description: System User userPassword: {crypt}x sambaPwdLastSet: 0 sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 displayName: System User sambaAcctFlags: [UX] sambaSID: S-1-5-21-2704678572-2069052080-1039482078-3012 sambaLMPassword: XXX sambaPrimaryGroupSID: S-1-5-21-2704678572-2069052080-1039482078-513 sambaProfilePath: \\TALITHA\profiles\rwind sambaHomePath: \\TALITHA\home\rwind sambaHomeDrive: M: sambaNTPassword: XXX # smbldap-usershow "quirm$" dn: uid=quirm$,ou=Computers,dc=acu,dc=ac,dc=uk objectClass: top,inetOrgPerson,posixAccount cn: quirm$ sn: quirm$ uid: quirm$ uidNumber: 1013 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer >> or smbldap-groupshow <groupid> ? # smbldap-groupshow "Domain Admins" dn: cn=Domain Admins,ou=Groups,dc=acu,dc=ac,dc=uk objectClass: posixGroup,sambaGroupMapping gidNumber: 512 cn: Domain Admins memberUid: Administrator description: Netbios Domain Administrators sambaSID: S-1-5-21-2704678572-2069052080-1039482078-512 sambaGroupType: 2 displayName: Domain Admins So all that seems to have worked. It's just that some of the information hasn't migrated across, and in the context of a transparent migration off the NT4 server, the information that hasn't propagated is a showstopper. Despite reading all the docs I can lay hands on, I still can't see why, and the vampire process is not transparent to me - the docs just assume it'll work completely or not at all - there's nothing to tell one how to try and troubleshoot it if it half works, which is what's happening for me. Mike. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
