Re: [Samba] LDAP (Schemas,Users) to Samba4 migration
Thanks for your help Andrew! It works perfectly. see messages: cat simpleuser2samba.ldif dn: cn=firstuser,cn=Users,dc=demo,dc=lan objectclass: user sAMAccountName: firstuser /usr/local/samba/bin/ldbadd -H /usr/local/samba/private/sam.ldb simpleuser2samba.ldif Added 1 records successfully /usr/local/samba/bin/samba-tool user list Administrator dns-ubsrv firstuser demouser testuser alxgrb krbtgt Guest alex Many thanks again, Alexander -- View this message in context: http://samba.2283325.n4.nabble.com/LDAP-Schemas-Users-to-Samba4-migration-tp4646168p4646806.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] LDAP (Schemas,Users) to Samba4 migration
Hi, please look at this:= alxgrb@ubsrv:~ sudo /usr/local/samba/bin/smbclient -L localhost -U% Domain=[DEMO] OS=[Unix] Server=[Samba 4.0.5] Sharename Type Comment - --- netlogonDisk sysvol Disk homeDisk Home drive dataDisk Data disk IPC$IPC IPC Service (Samba 4.0.5) Domain=[DEMO] OS=[Unix] Server=[Samba 4.0.5] Server Comment ---- WorkgroupMaster ---- The testuser.ldif file:= cat testuser.ldif dn: uid=bmontag,ou=Users,dc=demo,dc=lan objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: posixAccount objectClass: shadowAccount objectClass: top cn: Brigitte Montag gidNumber: 10001 homeDirectory: /home/bmontag sambaSID: -59220 sn: Montag uid: bmontag uidNumber: 29110 displayName: Brigitte Montag givenName: Brigitte loginShell: /bin/bash mail: brigitte.mon...@mailserver.com I have tried add the testuser.ldif file to sam.ldb:= sudo /usr/local/samba/bin/ldbadd -H /usr/local/samba/private/sam.ldb testuser.ldif ERR: No such object : objectclass: Cannot add uid=bmontag,ou=Users,dc=demo,dc=lan, parent does not exist! on DN uid=bmontag,ou=Users,dc=demo,dc=lan at block before line 18 Add failed after processing 0 records What do I have to do to make my ldbadd work?? Thanks, Alexander -- View this message in context: http://samba.2283325.n4.nabble.com/LDAP-Schemas-Users-to-Samba4-migration-tp4646168p4646559.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] LDAP (Schemas,Users) to Samba4 migration
On Thu, 2013-04-11 at 01:00 -0700, alxgrb wrote: Hi, please look at this:= alxgrb@ubsrv:~ sudo /usr/local/samba/bin/smbclient -L localhost -U% Domain=[DEMO] OS=[Unix] Server=[Samba 4.0.5] Sharename Type Comment - --- netlogonDisk sysvol Disk homeDisk Home drive dataDisk Data disk IPC$IPC IPC Service (Samba 4.0.5) Domain=[DEMO] OS=[Unix] Server=[Samba 4.0.5] Server Comment ---- WorkgroupMaster ---- The testuser.ldif file:= cat testuser.ldif dn: uid=bmontag,ou=Users,dc=demo,dc=lan objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: posixAccount objectClass: shadowAccount objectClass: top cn: Brigitte Montag gidNumber: 10001 homeDirectory: /home/bmontag sambaSID: -59220 sn: Montag uid: bmontag uidNumber: 29110 displayName: Brigitte Montag givenName: Brigitte loginShell: /bin/bash mail: brigitte.mon...@mailserver.com I have tried add the testuser.ldif file to sam.ldb:= sudo /usr/local/samba/bin/ldbadd -H /usr/local/samba/private/sam.ldb testuser.ldif ERR: No such object : objectclass: Cannot add uid=bmontag,ou=Users,dc=demo,dc=lan, parent does not exist! on DN uid=bmontag,ou=Users,dc=demo,dc=lan at block before line 18 Add failed after processing 0 records What do I have to do to make my ldbadd work?? change ou=users to cn=users. -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] LDAP (Schemas,Users) to Samba4 migration
I have changed... alxgrb@ubsrv:~ sudo /usr/local/samba/bin/ldbadd -H /usr/local/samba/private/sam.ldb testuser.ldif [sudo] password for alxgrb: ERR: No such attribute : objectclass_attrs: attribute 'sambaSID' on entry 'UID=bmontag,CN=Users,DC=demo,DC=lan' was not found in the schema! on DN uid=bmontag,cn=Users,dc=demo,dc=lan at block before line 18 Add failed after processing 0 records Must I create a schema? -- View this message in context: http://samba.2283325.n4.nabble.com/LDAP-Schemas-Users-to-Samba4-migration-tp4646168p4646568.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] LDAP (Schemas,Users) to Samba4 migration
On Thu, 2013-04-11 at 05:06 -0700, alxgrb wrote: I have changed... alxgrb@ubsrv:~ sudo /usr/local/samba/bin/ldbadd -H /usr/local/samba/private/sam.ldb testuser.ldif [sudo] password for alxgrb: ERR: No such attribute : objectclass_attrs: attribute 'sambaSID' on entry 'UID=bmontag,CN=Users,DC=demo,DC=lan' was not found in the schema! on DN uid=bmontag,cn=Users,dc=demo,dc=lan at block before line 18 Add failed after processing 0 records Must I create a schema? At this stage, the discussion is getting quite circular, because I think you need to go back and do some background research in the difference between AD and traditional openldap based LDAP configurations. You seem to be trying to have a bit of both, and that is really causing you trouble. If you don't have a Samba domain currently, why do you try and specify a sambaSID? If you do have a samba domain (why else do you have sambaSID values), then please use the classicupgrade script. In any case, you cannot specify specific SID values in active directory - except during upgrades that we very carefully handle, this is prohibited because it would interfere with the distributed allocation scheme. I do wish you the best with installing Samba 4.0, but please where possible follow the already established approaches, as it is that way that others can help you most, because it will be similar to what they have done. Find some examples of adding users via LDIF, and then make your LDIF look as similar to that as possible. Please specify as little as possible in your ldif. You actually only need objectclass: person. AD will fill the other bits, and that will skip the shadowAccount that also makes no sense. You should also be aware that the username in AD is samAccountName, not uid. Thanks, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] LDAP (Schemas,Users) to Samba4 migration
Thank you for support. OK. If one has 10 users, it goes by hand, but we have ca. 110 users. Maybe there for it an automatic solution? -- View this message in context: http://samba.2283325.n4.nabble.com/LDAP-Schemas-Users-to-Samba4-migration-tp4646168p4646470.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] LDAP (Schemas,Users) to Samba4 migration
2013-04-09 14:56 keltezéssel, alxgrb írta: Thank you for support. OK. If one has 10 users, it goes by hand, but we have ca. 110 users. Maybe there for it an automatic solution? -- View this message in context: http://samba.2283325.n4.nabble.com/LDAP-Schemas-Users-to-Samba4-migration-tp4646168p4646470.html Sent from the Samba - General mailing list archive at Nabble.com. The problem is: If you have users with only posixAccount (or similar) objectClasses (without samba 3.x aka classic attributes) you could add them by an ldapsearch ldbadd based script, but you won't be able to transfer the passwords, as OpenLDAP (with posixAccount and similar objectClasses) uses a differently encrypted userPassword attribute, than Samba as an AD controller (kerberos keys) can use. As the passwords are one way encrypted without having an NTPassword attribute (which correspond to a arcfour-hmac-md5 enctype) you will lose the password during //migration. Regards Geza Gemes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] LDAP (Schemas,Users) to Samba4 migration
On Fri, 2013-04-05 at 12:10 +1100, Andrew Bartlett wrote: On Thu, 2013-04-04 at 01:15 -0700, alxgrb wrote: I've tried with Apache Directory Studio to export LDAP (Schema) into LDIF file. Its works. But convert to (AD ldif) with oLschema2ldif don't work. S. message: sudo /usr/local/samba/bin/oLschema2ldif -b DN=domainname -I /home/alxgrb/ldapschemas/old_ldap_schema_250313.ldif -O converted.ldif malformed entry on line 1265 Converted 0 records with 1 failures Any Idea? (The line 1265 is empty) Can I use ldbadd? We really need to drop this tool, it has never really worked well, the parsing text schema with a C tool was always a bad idea. It would be faster and more effective to have someone rewrite it in python. I should however be clear: To convert existing users and groups, use samba-tool domain classicupgrade. This is different to if you can convert specific schema extensions, which you may need to re-create by hand, and then import the data for. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] LDAP (Schemas,Users) to Samba4 migration
Ok is clear, but samba-tool domain classicupgrade works only if samba instance is installed. Is it right? Our old server has only LDAP/Automount services without any samba's instances. I would like to migrate only the LDAP users in the new samba4 server. Greetings, Alexander -- View this message in context: http://samba.2283325.n4.nabble.com/LDAP-Schemas-Users-to-Samba4-migration-tp4646168p4646419.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] LDAP (Schemas,Users) to Samba4 migration
On Mon, 2013-04-08 at 07:07 -0700, alxgrb wrote: Ok is clear, but samba-tool domain classicupgrade works only if samba instance is installed. Is it right? Correct Our old server has only LDAP/Automount services without any samba's instances. Then you won't be able to migrate passwords in any case. I would like to migrate only the LDAP users in the new samba4 server. For simple user accounts, you shouldn't need to add any new schema anyway. Just migrate the users, manually translating the required attributes. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] LDAP (Schemas,Users) to Samba4 migration
I've tried with Apache Directory Studio to export LDAP (Schema) into LDIF file. Its works. But convert to (AD ldif) with oLschema2ldif don't work. S. message: sudo /usr/local/samba/bin/oLschema2ldif -b DN=domainname -I /home/alxgrb/ldapschemas/old_ldap_schema_250313.ldif -O converted.ldif malformed entry on line 1265 Converted 0 records with 1 failures Any Idea? (The line 1265 is empty) Can I use ldbadd? Thanks, Alex -- View this message in context: http://samba.2283325.n4.nabble.com/LDAP-Schemas-Users-to-Samba4-migration-tp4646168p4646274.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] LDAP (Schemas,Users) to Samba4 migration
On Thu, 2013-04-04 at 01:15 -0700, alxgrb wrote: I've tried with Apache Directory Studio to export LDAP (Schema) into LDIF file. Its works. But convert to (AD ldif) with oLschema2ldif don't work. S. message: sudo /usr/local/samba/bin/oLschema2ldif -b DN=domainname -I /home/alxgrb/ldapschemas/old_ldap_schema_250313.ldif -O converted.ldif malformed entry on line 1265 Converted 0 records with 1 failures Any Idea? (The line 1265 is empty) Can I use ldbadd? We really need to drop this tool, it has never really worked well, the parsing text schema with a C tool was always a bad idea. It would be faster and more effective to have someone rewrite it in python. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
