[Samba] NT4 migration errors

Geoffrey Scott geoffs at guestshire.com
Fri Jul 15 00:31:07 GMT 2005 

Kevin B wrote:
> Hi
> I've setup samba 3.0.14 with the latest idealx scripts on FC3.
> Now I have a test lab to migrate from NT4 box which different than
> the standalone PDC I have running. 
> 
> Here's the order I used and my ldap and samba configs are clean as
> far as I can tell since I do get a partial migration. 
> When using 'net rpc vampire -S nt4 -W DOMAIN' it populates the groups
> from NT4 and shows the group membership but the users fail to come
> over.  
> 
> Here's what I've done so far. BTW SLES9 server.
> [continued below]
> 
>> From a clean ldap database I add in the top level ldif:
> ----------------------------------------------------------------------
> Then ldapadd the preload ldif to be ready for the NT4 accounts:
> --------------------------------------------------------------

It kind of looks like you are working off an old copy of the "Samba3 by
example" book.  Would that be right?

I just checked through some of the output in you post, and think that I am
spot on with that assumption.  You are using:
add user script = /usr/local/sbin/smbldap-useradd -a -m '%u'
In you smb.conf aren't you?
It should be:
add user script = /usr/local/sbin/smbldap-useradd -m '%u'
No *-a* flag.  Samba now takes care of the samba attributes for a user.  You
only need the *-a* flag set if you are adding a user on the command line
using the smbldap-adduser script.  Tah dah! ;-)  John T very kindly pointed
this out to me when I was having problems.  It's one of the small but
infuriatingly important changes made to the book

Without looking too hard at what you are doing, I would suggest that you
follow the online version where you'll see that the smbldap-tools make it
very easy to set up the initial groups by doing the following:
Set up your smb.conf
Go to the smbldap-tools directory and run the configure.pl to configure the
tools.
The tools now pick up most of your settings from the smb.conf
Run the smbldap-populate script as per JHT's example  (the reason that I
suggest this is that it will reduce any human errors made in creating the
initial ldif)

Then follow on as before, checking against the examples shown in the "samba3
By Example" book online:

Next add the smbpasswd to secrets.tdb.

Then grab the NT4 SID:
net rpc getsid -S nt4 -W DOMAIN [which succeeds and tdbdump shows it]

Now join the domain:
net rpc join -S nt4 -W DOMAIN -U Administrator%34567 [it joins]

Now we migrate:  net rpc vampire -S nt4 -W DOMAIN

I'd be interested to see if you still had problems after that.

> Thanks in advance.
> 
> Kevin
Happy samba-ing, Geoff

More information about the samba mailing list