[Samba] Samba4 migration issues (wbinfo errors and UPNs)
I migrated over a Samba 3/LDAP domain to Samba 4 in a test environment. After a few bumps due to not having all my machine accounts as posixAccounts and clashing user/group names, the migration went relatively smoothly. Great work, Samba team! I have a few standing issues that I haven't been able to shake out: 1. wbinfo returns various errors when run on the DC. wbinfo -D MYDOMAIN returns a SID of S-1-2-3-4. Typing gibberish for the domain name yields the same results. wbinfo --dc-info= returns Could not find dc info example.com. Using the short name doesn't work either. wbinfo -u/-g does work. As does getent passwd/group for domain users. The `net` command generally works for the equivalent queries however. For instance `net ads info` returns the correct information. Running wbinfo queries from a member server DOES seem to always work. 2. UPNs don't work on the DC (wbinfo -i, getent, pam, etc). wbinfo -i user@domain fails with: failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for user u...@example.com UPNs do work on Samba 4 members however. I did spotted this interesting bit in the log: [2013/07/16 12:37:05.642113, 6, pid=6033, effective(0, 0), real(0, 0)] ../lib/u til/util_ldb.c:60(gendb_search_v) gendb_search_v: DC=ad,DC=tsasinc,DC=com ((sAMAccountName= rb...@example.com )(objectSid=*)) - 0 [2013/07/16 12:37:05.642192, 1, pid=6033, effective(0, 0), real(0, 0)] ../librp c/ndr/ndr.c:282(ndr_print_function_debug) lsa_LookupNames: struct lsa_LookupNames out: struct lsa_LookupNames domains : * domains : * domains: struct lsa_RefDomainList count: 0x (0) domains : NULL max_size : 0x (0) sids : * sids: struct lsa_TransSidArray count: 0x0001 (1) sids : * sids: ARRAY(1) sids: struct lsa_TranslatedSid sid_type : SID_NAME_UNKNOWN (8 ) rid : 0x (0) sid_index: 0x (4294967 295) count: * count: 0x (0) result : NT_STATUS_NONE_MAPPED That message only comes up when running wbinfo -i on the server, not on a member. It feels a little off that its searching for the UPN in sAMAccountName. I'm using the sernet 4.0.7-4 packages on Centos 6.4 64bit, no Samba 3 binaries in sight. Samba logs all look clean. DNS, LDAP and Kerberos all works as expected. I have a feeling that both issues have a common cause, but have been unable to find it. Any ideas on either of these issues? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 migration
Follow the classic upgrade howto: https://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO On Tue, Apr 2, 2013 at 10:28 AM, alxgrb alexander.gro...@nowcast.de wrote: I have a question ... How can I migrate existing LDAP users ( or schemas) on Ubuntu 10.04.2 to the new Samba4 (Ubuntu 12.04.2) server? Does anyone have an idea? Thanks for support Alex -- View this message in context: http://samba.2283325.n4.nabble.com/Samba4-migration-tp4646168.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Atentamente, Andreas Calvo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 migration
I have a question ... How can I migrate existing LDAP users ( or schemas) on Ubuntu 10.04.2 to the new Samba4 (Ubuntu 12.04.2) server? Does anyone have an idea? Thanks for support Alex -- View this message in context: http://samba.2283325.n4.nabble.com/Samba4-migration-tp4646168.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 migration
I've tried with Apache Directory Studio to export LDAP (Schema) into LDIF file. Its works. But convert to (AD ldif) with oLschema2ldif don't work. S. message: sudo /usr/local/samba/bin/oLschema2ldif -b DN=domainname -I /home/alxgrb/ldapschemas/old_ldap_schema_250313.ldif -O converted.ldif malformed entry on line 1265 Converted 0 records with 1 failures Any Idea? (The line 1265 is empty) Can I use ldbadd? Thanks, Alex -- View this message in context: http://samba.2283325.n4.nabble.com/Samba4-migration-tp4646168p4646272.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 migration problems
Am 09.05.2012 06:19, schrieb Andrew Bartlett: I also found old postings with the information, that samba creates the sambaSID entry (http://lists.samba.org/archive/samba/2007-June/10.html). So could it be a bug in samba? Currently we run 3.5.15. It could be a bug in whatever created a sambaNextRid value of 1000. Yesterday I created a machine account by hand (with the command samba uses). After that in LDAP is no attribute sambaSID. Then I enabled level 10 debug log and joined this machine. In the log I saw, that samba looks in LDAP for an attribute sambaNextRid in sambaDomainName=MUC,dc=mr,dc=lfmg,dc=de. Then it takes this number as RID for the new machine and write the old RID value incremented back to the attribute. I don't know who or what filled this attribute initially with a value 1000. But maybe it's a good idea if samba doesn't use values 1000 if that makes problems in AD later. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 migration problems
Am 09.05.2012 06:19, schrieb Andrew Bartlett: I also found old postings with the information, that samba creates the sambaSID entry (http://lists.samba.org/archive/samba/2007-June/10.html). So could it be a bug in samba? Currently we run 3.5.15. It could be a bug in whatever created a sambaNextRid value of 1000. Yesterday I created a machine account by hand (with the command samba uses). After that in LDAP is no attribute sambaSID. Then I enabled level 10 debug log and joined this machine. In the log I saw, that samba looks in LDAP for an attribute sambaNextRid in sambaDomainName=MUC,dc=mr,dc=lfmg,dc=de. Then it takes this number as RID for the new machine and write the old RID value incremented back to the attribute. I don't know who or what filled this attribute initially with a value 1000. But maybe it's a good idea if samba doesn't use values 1000 if that makes problems in AD later. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
