On Sunday 04 December 2005 18:25, Del wrote: > > Use > > http://www.samba.org/samba/docs/man/Samba-Guide/ntmigration.html > > Thanks, that is a great help. I have it working now. > > > I would recommend that the user is familiar with setup, usage, > > maintenance of LDAP prior to doing this. > > Oh, LDAP is no problem. I'm the author of the LdapImport scripts > which some of you may have seen > > http://wiki.babel.com.au/index.php?area=Linux_Projects&page=LdapImport > > The problem I was having was correct configuration of samba prior to > running net rpc vampire. > > Just some notes on the migration guide above that you might want to > incorporate into a later edition: > > -- > > example 9.1: "security = user" is missing? Is this intentional? > the "configure.pl" script from smbldap-tools adds it to smb.conf > in any case. > > May be useful to mention extending the LDAP schema before attempting > any of this, e.g. with the samba.schema file. > > Before Step 7: You can't run ./configure.pl in the smbldap-tools directory > unless samba is running. So you need to do "service smb start" or > your OS equivalent first. In fact, before doing that you need to > inform samba of your LDAP bind DN password using: > > smbpasswd -w <password> > > Step 8: Since you need to start samba before you run ./configure.pl, and > since samba tries to connect to the LDAP server when it starts, you > will need to start LDAP before you start samba. So this probably belongs > around step 4 or 5. > > Step 10: You need to do this before starting Samba, so again this needs > to happen earlier than step 7. > > Step 11: Also, starting Samba will attempt to populate the LDAP directory. > On Fedora Directory Server (and in fact any non-OpenLDAP server) you may > hit troubles doing this because the entries aren't formatted correctly > with the "top" objectClass (on OpenLDAP this parent object class is added > automatically). To fix this, what I did was: > > cd /opt/IDEALX/sbin > /smbldap-populate -e /root/LDAP/smb-populate.ldif. > vi /root/LDAP/smb-populate.ldif > > Change the last LDIF entry in this file to include "objectClass: top" > > ldapadd -x -c -D 'cn=Directory Manager' -W -f /root/LDAP/smb-populate.ldif > > .. and you will need to supply your root DN password to the above command.. > > Step 12: This should not actually be necessary on non-OpenLDAP servers. A > running LDAP server will notice that its directory has been populated. It > is, however, the case that the OpenLDAP directory is completely empty after > installation so you may need to do this. > > Step 14: It might be useful to test this using: > > net rpc testjoin > > Step 17: This seems to take a long time. Expect that -- nothing happens > in the log file for a few seconds at least, don't panic. > > -- > Del
Del, I will review your comments when I get an opportunity. If I recall correctly, Chapter 9 does say that you need to create a fully functional server per the example of chapter 5 before attempting to perform vapire migration. One of the key challenges of prescriptive guidance documentation is the fact that most people want to short-circuit the learning process ignoring the fact that every short-cut has consequences. :-) - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, 2 Ed., ISBN: 0131882228 Samba-3 by Example, 2 Ed., ISBN: 0131882221X Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
