Previous question was regarding the passwords was not migrated ... Well, I find one error, at least that was what happened to me.
In the smb.conf file, I had add user script = /var/lib/samba/sbin/smbldap-useradd.pl -a -m "%u" while it should have been add user script = /var/lib/samba/sbin/smbldap-useradd.pl -m "%u" The add user script only suppose to add a posix account. The windows account is migrated and mapped to that posix account. with "-a" option on, a windows account is also created together with the Posix account. The migration failed because a windows account, with all the default atrributes from smbldap.conf, already exists. I hope this helps to others with similar problems. -- Kang "Mike Brodbelt" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Kang Sun wrote: > > >> Hello Mike, > >> > >> I did similar things and have similar problems. > >> I looked at the ldap database, the migration did nothing but get all > >> the names of users and machines. > >> If the smbldap-* scripts are the only things vampire process is > >> calling, I don't see how would it would get anything else. > > > Agreed, although when migrating with a tdbsam backend, the vampire > process will populate the tdbsam with NT passwords and suchlike, but > also runs the useradd scripts to add the posix users, so I thought that > there may be some other data that Samba puts into LDAP directly, not via > invoking the scripts. > > The documentation from John Terpstra's book (available online at > http://de.samba.org/samba/docs/man/Samba-Guide/migration.html#id2549828) > suggests that the process should work with an LDAP backend, but I'm > currently at a loss to see howm and I'm unable to replicate this, even > on a test network, with various versions of the Idealx smbldap-tools. It > doesn't appear to work as advertised at the moment. > > > >> After vampiring, > >> > >> 1. All the computer accounts and user accounts (posixAccount as well) > Kang Sun wrote: > > >> Hello Mike, > >> > >> I did similar things and have similar problems. > >> I looked at the ldap database, the migration did nothing but get all the > >> names of users and machines. > >> If the smbldap-* scripts are the only things vampire process is > calling, I > >> don't see how would it would get anything else. > > > Agreed, although when migrating with a tdbsam backend, the vampire > process will populate the tdbsam with NT passwords and suchlike, but > also runs the useradd scripts to add the posix users, so I thought that > there may be some other data that Samba puts into LDAP directly, not via > invoking the scripts. > > The documentation from John Terpstra's book (available online at > http://de.samba.org/samba/docs/man/Samba-Guide/migration.html#id2549828) > suggests that the process should work with an LDAP backend, but I'm > currently at a loss to see howm and I'm unable to replicate this, even > on a test network, with various versions of the Idealx smbldap-tools. It > doesn't appear to work as advertised at the moment. > > > >> After vampiring, > >> > >> 1. All the computer accounts and user accounts (posixAccount as well) > >> are created just like being created by by smbldap-useradd, with the > >> default parameters as defined in the smbldap.conf or > >> smbldap_config.pm, eg, profiles, logon scripts, etc, user name, etc. > > > Yes, this seems to work when run from the command line. Vampiring seems > to throw up some errors that I've not tracked down yet though. > > > >> 2. Users lost its domain membership. Every user accounts are now > >> belonging to "Domain Users" group. No one in "Domain Admins" group > >> except Administrator. > >> > >> The migration process must have done more than just calling these > >> smbldap-tools scripts, but I just don't see the effect. > >> > >> What do you see if you do > >> smbldap-usershow <userid> or <machinename>$ ? > > > # smbldap-usershow detritus > dn: uid=rwind,ou=People,dc=acu,dc=ac,dc=uk > objectClass: top,inetOrgPerson,posixAccount,shadowAccount,sambaSAMAccount > cn: rwind > sn: rwind > uid: rwind > uidNumber: 1006 > gidNumber: 513 > homeDirectory: /home/rwind > loginShell: /bin/bash > gecos: System User > description: System User > userPassword: {crypt}x > sambaPwdLastSet: 0 > sambaLogonTime: 0 > sambaLogoffTime: 2147483647 > sambaKickoffTime: 2147483647 > sambaPwdCanChange: 0 > sambaPwdMustChange: 2147483647 > displayName: System User > sambaAcctFlags: [UX] > sambaSID: S-1-5-21-2704678572-2069052080-1039482078-3012 > sambaLMPassword: XXX > sambaPrimaryGroupSID: S-1-5-21-2704678572-2069052080-1039482078-513 > sambaProfilePath: \\TALITHA\profiles\rwind > sambaHomePath: \\TALITHA\home\rwind > sambaHomeDrive: M: > sambaNTPassword: XXX > > # smbldap-usershow "quirm$" > dn: uid=quirm$,ou=Computers,dc=acu,dc=ac,dc=uk > objectClass: top,inetOrgPerson,posixAccount > cn: quirm$ > sn: quirm$ > uid: quirm$ > uidNumber: 1013 > gidNumber: 515 > homeDirectory: /dev/null > loginShell: /bin/false > description: Computer > > > >> or smbldap-groupshow <groupid> ? > > > # smbldap-groupshow "Domain Admins" > dn: cn=Domain Admins,ou=Groups,dc=acu,dc=ac,dc=uk > objectClass: posixGroup,sambaGroupMapping > gidNumber: 512 > cn: Domain Admins > memberUid: Administrator > description: Netbios Domain Administrators > sambaSID: S-1-5-21-2704678572-2069052080-1039482078-512 > sambaGroupType: 2 > displayName: Domain Admins > > > So all that seems to have worked. It's just that some of the information > hasn't migrated across, and in the context of a transparent migration > off the NT4 server, the information that hasn't propagated is a > showstopper. Despite reading all the docs I can lay hands on, I still > can't see why, and the vampire process is not transparent to me - the > docs just assume it'll work completely or not at all - there's nothing > to tell one how to try and troubleshoot it if it half works, which is > what's happening for me. > > Mike. > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
