Hi I've setup samba 3.0.14 with the latest idealx scripts on FC3. Now I have a test lab to migrate from NT4 box which different than the standalone PDC I have running.
Here's the order I used and my ldap and samba configs are clean as far as I can tell since I do get a partial migration. When using 'net rpc vampire -S nt4 -W DOMAIN' it populates the groups from NT4 and shows the group membership but the users fail to come over. Here's what I've done so far. BTW SLES9 server. [continued below] >From a clean ldap database I add in the top level ldif: ---------------------------------------------------------------------- dn: dc=kblan,dc=com o: kblan objectClass: top objectClass: dcObject objectClass: organization dc: kblan Then ldapadd the preload ldif to be ready for the NT4 accounts: -------------------------------------------------------------- dn: cn=admin,dc=kblan,dc=com objectClass: organizationalRole cn: admin description: Directory Manager dn: ou=People,dc=kblan,dc=com objectClass: top objectClass: organizationalUnit ou:People dn: ou=Groups,dc=kblan,dc=com objectClass: top objectClass: organizationalUnit ou:Groups dn: ou=Idmap,dc=kblan,dc=com objectClass: top objectClass: organizationalUnit ou:Idmap dn: ou=Domains,dc=kblan,dc=com objectClass: top objectClass: organizationalUnit ou:Domains Then ldapadd the NextFreeUnixID ldif: ------------------------------------- dn: cn=NextFreeUnixId,dc=kblan,dc=com objectClass: inetOrgPerson objectClass: sambaUnixIdPool uidNumber: 1000 gidNumber: 1000 cn: NextFreeUnixId sn: NextFreeUnixId Next add the smbpasswd to secrets.tdb. Then grab the NT4 SID: net rpc getsid -S nt4 -W DOMAIN [which succeeds and tdbdump shows it] Now join the domain: net rpc join -S nt4 -W DOMAIN -U Administrator%34567 [it joins] Now we migrate: I'll show the 'net rpc vampire' first and then show a slapcat dump of the ldap contents after migrating. Comparing to the standalone PDC I setup before, it seems I'm missing the sambaSamAccount object and all the relevant attributes, but I don't know if in fact they are 'supposed' to existwhen migrating from NT4 [??]. In any case, I need some help to get the migration done whatever my mistakes are. I only have 2 groups and a couple of members in each group. I don't have any local /etc/group entries other than for services. [all gid less than 100] Everything should be in ldap. Any help is greatly appreciated. Thanks in advance. Kevin -------------------------------------------------------- linux:~ # net rpc vampire -S nt4 -W DOMAIN Fetching DOMAIN database Creating unix group: 'Domain Admins' Creating unix group: 'Domain Users' Creating unix group: 'Domain Guests' Creating unix group: 'Sales' Creating unix group: 'Accounting' Creating account: Administrator Error: SID not set for unix group 1001 check if your unix group is mapped to an NT group [2005/07/14 12:18:55, 0] utils/net_rpc_samsync.c:fetch_account_info(527) fetch_account: Running the command `/usr/local/sbin/smbldap-useradd -a -m 'Administrator'' gave 7 Could not create posix account info for 'Administrator' Creating account: Guest Error: SID not set for unix group 1001 check if your unix group is mapped to an NT group [2005/07/14 12:18:56, 0] utils/net_rpc_samsync.c:fetch_account_info(527) fetch_account: Running the command `/usr/local/sbin/smbldap-useradd -a -m 'Guest'' gave 7 Could not create posix account info for 'Guest' Creating account: NT4$ Can't call method "get_value" on an undefined value at /usr/local/sbin/smbldap-useradd line 171, <DATA> line 283. [2005/07/14 12:18:56, 0] utils/net_rpc_samsync.c:fetch_account_info(527) fetch_account: Running the command `/usr/local/sbin/smbldap-useradd -a -w 'NT4$'' gave 3 Could not create posix account info for 'NT4$' Creating account: IUSR_NT4 Error: SID not set for unix group 1001 check if your unix group is mapped to an NT group [2005/07/14 12:18:57, 0] utils/net_rpc_samsync.c:fetch_account_info(527) fetch_account: Running the command `/usr/local/sbin/smbldap-useradd -a -m 'IUSR_NT4'' gave 7 Could not create posix account info for 'IUSR_NT4' Creating account: sales1 Error: SID not set for unix group 1001 check if your unix group is mapped to an NT group [2005/07/14 12:18:58, 0] utils/net_rpc_samsync.c:fetch_account_info(527) fetch_account: Running the command `/usr/local/sbin/smbldap-useradd -a -m 'sales1'' gave 7 Could not create posix account info for 'sales1' Creating account: sales2 Error: SID not set for unix group 1001 check if your unix group is mapped to an NT group [2005/07/14 12:18:58, 0] utils/net_rpc_samsync.c:fetch_account_info(527) fetch_account: Running the command `/usr/local/sbin/smbldap-useradd -a -m 'sales2'' gave 7 Could not create posix account info for 'sales2' Creating account: acct1 Error: SID not set for unix group 1001 check if your unix group is mapped to an NT group [2005/07/14 12:18:59, 0] utils/net_rpc_samsync.c:fetch_account_info(527) fetch_account: Running the command `/usr/local/sbin/smbldap-useradd -a -m 'acct1'' gave 7 Could not create posix account info for 'acct1' Creating account: acct2 Error: SID not set for unix group 1001 check if your unix group is mapped to an NT group [2005/07/14 12:18:59, 0] utils/net_rpc_samsync.c:fetch_account_info(527) fetch_account: Running the command `/usr/local/sbin/smbldap-useradd -a -m 'acct2'' gave 7 Could not create posix account info for 'acct2' Creating account: sles9$ Can't call method "get_value" on an undefined value at /usr/local/sbin/smbldap-useradd line 171, <DATA> line 283. [2005/07/14 12:19:00, 0] utils/net_rpc_samsync.c:fetch_account_info(527) fetch_account: Running the command `/usr/local/sbin/smbldap-useradd -a -w 'sles9$'' gave 3 Could not create posix account info for 'sles9$' [2005/07/14 12:19:00, 0] utils/net_rpc_samsync.c:fetch_group_mem_info(675) Could not find global group 512 [2005/07/14 12:19:00, 0] utils/net_rpc_samsync.c:fetch_group_mem_info(675) Could not find global group 513 [2005/07/14 12:19:00, 0] utils/net_rpc_samsync.c:fetch_group_mem_info(675) Could not find global group 514 [2005/07/14 12:19:00, 0] utils/net_rpc_samsync.c:fetch_group_mem_info(675) Could not find global group 1006 [2005/07/14 12:19:00, 0] utils/net_rpc_samsync.c:fetch_group_mem_info(675) Could not find global group 1007 Fetching BUILTIN database skipping SAM_DOMAIN_INFO delta for 'Builtin' (is not my domain) Creating unix group: 'Account Operators' Creating unix group: 'Administrators' Creating unix group: 'Backup Operators' Creating unix group: 'Guests' Creating unix group: 'Print Operators' Creating unix group: 'Replicator' Creating unix group: 'Server Operators' Creating unix group: 'Users' ----------------------------------------------------- ----------------------------------------------------- ----------------------------------------------------- dn: dc=kblan,dc=com o: kblan objectClass: top objectClass: dcObject objectClass: organization dc: kblan structuralObjectClass: organization entryUUID: 687e7638-88fe-1029-9da2-f722ce3ce348 creatorsName: cn=admin,dc=kblan,dc=com createTimestamp: 20050714220017Z entryCSN: 20050714220017Z#000001#00#000000 modifiersName: cn=admin,dc=kblan,dc=com modifyTimestamp: 20050714220017Z dn: cn=admin,dc=kblan,dc=com objectClass: organizationalRole cn: admin description: Directory Manager structuralObjectClass: organizationalRole entryUUID: 6de29668-88fe-1029-9da3-f722ce3ce348 creatorsName: cn=admin,dc=kblan,dc=com createTimestamp: 20050714220026Z entryCSN: 20050714220026Z#000001#00#000000 modifiersName: cn=admin,dc=kblan,dc=com modifyTimestamp: 20050714220026Z dn: ou=People,dc=kblan,dc=com objectClass: top objectClass: organizationalUnit ou: People structuralObjectClass: organizationalUnit entryUUID: 6de4661e-88fe-1029-9da4-f722ce3ce348 creatorsName: cn=admin,dc=kblan,dc=com createTimestamp: 20050714220026Z entryCSN: 20050714220026Z#000002#00#000000 modifiersName: cn=admin,dc=kblan,dc=com modifyTimestamp: 20050714220026Z dn: ou=Groups,dc=kblan,dc=com objectClass: top objectClass: organizationalUnit ou: Groups structuralObjectClass: organizationalUnit entryUUID: 6de7c412-88fe-1029-9da5-f722ce3ce348 creatorsName: cn=admin,dc=kblan,dc=com createTimestamp: 20050714220026Z entryCSN: 20050714220026Z#000003#00#000000 modifiersName: cn=admin,dc=kblan,dc=com modifyTimestamp: 20050714220026Z dn: ou=Idmap,dc=kblan,dc=com objectClass: top objectClass: organizationalUnit ou: Idmap structuralObjectClass: organizationalUnit entryUUID: 6de9274e-88fe-1029-9da6-f722ce3ce348 creatorsName: cn=admin,dc=kblan,dc=com createTimestamp: 20050714220026Z entryCSN: 20050714220026Z#000004#00#000000 modifiersName: cn=admin,dc=kblan,dc=com modifyTimestamp: 20050714220026Z dn: ou=Domains,dc=kblan,dc=com objectClass: top objectClass: organizationalUnit ou: Domains structuralObjectClass: organizationalUnit entryUUID: 6dea3954-88fe-1029-9da7-f722ce3ce348 creatorsName: cn=admin,dc=kblan,dc=com createTimestamp: 20050714220026Z entryCSN: 20050714220026Z#000005#00#000000 modifiersName: cn=admin,dc=kblan,dc=com modifyTimestamp: 20050714220026Z dn: cn=NextFreeUnixId,dc=kblan,dc=com objectClass: inetOrgPerson objectClass: sambaUnixIdPool cn: NextFreeUnixId sn: NextFreeUnixId structuralObjectClass: inetOrgPerson entryUUID: 70fd6fa8-88fe-1029-9da8-f722ce3ce348 creatorsName: cn=admin,dc=kblan,dc=com createTimestamp: 20050714220031Z uidNumber: 1009 gidNumber: 1013 entryCSN: 20050714220152Z#000001#00#000000 modifiersName: cn=admin,dc=kblan,dc=com modifyTimestamp: 20050714220152Z dn: sambaDomainName=DOMAIN,dc=kblan,dc=com sambaDomainName: DOMAIN sambaSID: S-1-5-21-1348277581-813059936-1947940980 sambaAlgorithmicRidBase: 1000 objectClass: sambaDomain structuralObjectClass: sambaDomain entryUUID: 952711c2-88fe-1029-9da9-f722ce3ce348 creatorsName: cn=admin,dc=kblan,dc=com createTimestamp: 20050714220132Z entryCSN: 20050714220132Z#000001#00#000000 modifiersName: cn=admin,dc=kblan,dc=com modifyTimestamp: 20050714220132Z dn: cn=Domain Admins,ou=Groups,dc=kblan,dc=com objectClass: posixGroup cn: Domain Admins gidNumber: 1000 structuralObjectClass: posixGroup entryUUID: 95b0fffe-88fe-1029-9daa-f722ce3ce348 creatorsName: cn=admin,dc=kblan,dc=com createTimestamp: 20050714220133Z entryCSN: 20050714220133Z#000002#00#000000 modifiersName: cn=admin,dc=kblan,dc=com modifyTimestamp: 20050714220133Z dn: cn=Domain Users,ou=Groups,dc=kblan,dc=com objectClass: posixGroup cn: Domain Users gidNumber: 1001 structuralObjectClass: posixGroup entryUUID: 96454ccc-88fe-1029-9dab-f722ce3ce348 creatorsName: cn=admin,dc=kblan,dc=com createTimestamp: 20050714220134Z entryCSN: 20050714220134Z#000002#00#000000 modifiersName: cn=admin,dc=kblan,dc=com modifyTimestamp: 20050714220134Z dn: cn=Domain Guests,ou=Groups,dc=kblan,dc=com objectClass: posixGroup cn: Domain Guests gidNumber: 1002 structuralObjectClass: posixGroup entryUUID: 96d6d426-88fe-1029-9dac-f722ce3ce348 creatorsName: cn=admin,dc=kblan,dc=com createTimestamp: 20050714220135Z entryCSN: 20050714220135Z#000002#00#000000 modifiersName: cn=admin,dc=kblan,dc=com modifyTimestamp: 20050714220135Z dn: cn=Sales,ou=Groups,dc=kblan,dc=com objectClass: posixGroup cn: Sales gidNumber: 1003 structuralObjectClass: posixGroup entryUUID: 9768ff90-88fe-1029-9dad-f722ce3ce348 creatorsName: cn=admin,dc=kblan,dc=com createTimestamp: 20050714220136Z entryCSN: 20050714220136Z#000002#00#000000 modifiersName: cn=admin,dc=kblan,dc=com modifyTimestamp: 20050714220136Z dn: cn=Accounting,ou=Groups,dc=kblan,dc=com objectClass: posixGroup cn: Accounting gidNumber: 1004 structuralObjectClass: posixGroup entryUUID: 97f9c0e8-88fe-1029-9dae-f722ce3ce348 creatorsName: cn=admin,dc=kblan,dc=com createTimestamp: 20050714220137Z entryCSN: 20050714220137Z#000002#00#000000 modifiersName: cn=admin,dc=kblan,dc=com modifyTimestamp: 20050714220137Z dn: cn=Account Operators,ou=Groups,dc=kblan,dc=com objectClass: posixGroup cn: Account Operators gidNumber: 1005 structuralObjectClass: posixGroup entryUUID: 9d829eea-88fe-1029-9db1-f722ce3ce348 creatorsName: cn=admin,dc=kblan,dc=com createTimestamp: 20050714220146Z entryCSN: 20050714220146Z#000002#00#000000 modifiersName: cn=admin,dc=kblan,dc=com modifyTimestamp: 20050714220146Z dn: cn=Administrators,ou=Groups,dc=kblan,dc=com objectClass: posixGroup cn: Administrators gidNumber: 1006 structuralObjectClass: posixGroup entryUUID: 9e0738a8-88fe-1029-9db2-f722ce3ce348 creatorsName: cn=admin,dc=kblan,dc=com createTimestamp: 20050714220147Z entryCSN: 20050714220147Z#000002#00#000000 modifiersName: cn=admin,dc=kblan,dc=com modifyTimestamp: 20050714220147Z dn: cn=Backup Operators,ou=Groups,dc=kblan,dc=com objectClass: posixGroup cn: Backup Operators gidNumber: 1007 structuralObjectClass: posixGroup entryUUID: 9e8cb58c-88fe-1029-9db3-f722ce3ce348 creatorsName: cn=admin,dc=kblan,dc=com createTimestamp: 20050714220148Z entryCSN: 20050714220148Z#000002#00#000000 modifiersName: cn=admin,dc=kblan,dc=com modifyTimestamp: 20050714220148Z dn: cn=Guests,ou=Groups,dc=kblan,dc=com objectClass: posixGroup cn: Guests gidNumber: 1008 structuralObjectClass: posixGroup entryUUID: 9f10d934-88fe-1029-9db4-f722ce3ce348 creatorsName: cn=admin,dc=kblan,dc=com createTimestamp: 20050714220149Z entryCSN: 20050714220149Z#000001#00#000000 modifiersName: cn=admin,dc=kblan,dc=com modifyTimestamp: 20050714220149Z dn: cn=Print Operators,ou=Groups,dc=kblan,dc=com objectClass: posixGroup cn: Print Operators gidNumber: 1009 structuralObjectClass: posixGroup entryUUID: 9f95926e-88fe-1029-9db5-f722ce3ce348 creatorsName: cn=admin,dc=kblan,dc=com createTimestamp: 20050714220150Z entryCSN: 20050714220150Z#000001#00#000000 modifiersName: cn=admin,dc=kblan,dc=com modifyTimestamp: 20050714220150Z dn: cn=Replicator,ou=Groups,dc=kblan,dc=com objectClass: posixGroup cn: Replicator gidNumber: 1010 structuralObjectClass: posixGroup entryUUID: a01da9ec-88fe-1029-9db6-f722ce3ce348 creatorsName: cn=admin,dc=kblan,dc=com createTimestamp: 20050714220150Z entryCSN: 20050714220150Z#000003#00#000000 modifiersName: cn=admin,dc=kblan,dc=com modifyTimestamp: 20050714220150Z dn: cn=Server Operators,ou=Groups,dc=kblan,dc=com objectClass: posixGroup cn: Server Operators gidNumber: 1011 structuralObjectClass: posixGroup entryUUID: a0a17bbe-88fe-1029-9db7-f722ce3ce348 creatorsName: cn=admin,dc=kblan,dc=com createTimestamp: 20050714220151Z entryCSN: 20050714220151Z#000002#00#000000 modifiersName: cn=admin,dc=kblan,dc=com modifyTimestamp: 20050714220151Z dn: cn=Users,ou=Groups,dc=kblan,dc=com objectClass: posixGroup cn: Users gidNumber: 1012 structuralObjectClass: posixGroup entryUUID: a12aca0e-88fe-1029-9db8-f722ce3ce348 creatorsName: cn=admin,dc=kblan,dc=com createTimestamp: 20050714220152Z entryCSN: 20050714220152Z#000002#00#000000 modifiersName: cn=admin,dc=kblan,dc=com modifyTimestamp: 20050714220152Z -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba