[Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04
Vladimir Psenicka
vladimir.psenicka at prodeco.cz
Fri Mar 26 08:24:32 MDT 2010
try this:
ldapsearch -x -h localhost -D "cn=Manager,dc=WORKGROUP,dc=it" -W -b
"sambaDomainName=WORKGROUP,dc=WORKGROUP,dc=it"
Dne 26.3.2010 15:00, GG napsal(a):
> Hello!
>
> I'm stuck on getdomainsid: Net command is missing even though libs and
> smbclient are installed.
>
> I tried this:
> # ldapsearch -x -h localhost -D "cn=Manager,dc=domain,dc=it" -W -b
> "sambaDomainName=WORKGROUP,dc=domain,dc=it"
> Enter LDAP Password:
> # extended LDIF
> #
> # LDAPv3
> # base <sambaDomainName=WORKGROUP,dc=domain,dc=it> with scope sub
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # search result
> search: 2
> result: 34 Invalid DN syntax
> text: invalid DN
>
> # numResponses: 1
>
> So: I'm not sure what is sambaDomainName=domain,dc=domain,dc=it...
> I used WORKGROUP as it is the domain we use on pcs and the only one
> defined in smb.conf
>
> I also tried using my pdc HOSTNAME
>
> and this was returned
> # LDAPv3
> # base <sambaDomainName=hostname,dc=domain,dc=it> with scope sub
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # search result
> search: 2
> result: 34 Invalid DN syntax
> text: invalid DN
>
> # numResponses: 1
>
> Any way to get through this or how to use net command? Maybe updating
> samba-client?
>
> I tried rpm -i samba-client but it says
> file /usr/share/man/man1/smbclient.1.gz from install of
> samba-client-2.2.12-1.suse82 conflicts with file from package
> samba-client-2.2.7a-72 when trying to rpm -i samba-client-2.2.12-1.rpm
>
> I found also the original package but it says it is already installed.
>
> What happens if I remove samba-client and reinstall it soon after on
> the production pdc?
>
>
> Giorgio
>
> On 3/26/10, Vladimir Psenicka <vladimir.psenicka at prodeco.cz> wrote:
>> Dne 26.3.2010 13:50, GG napsal(a):
>>> Hello!
>>>
>>>>> Have you samba-client package installed?
>>>>>
>>>
>>> yes I do at least smbclient is there! but no net command :-/
>>>
>>>>> PAVOUK\psenicka at psenicka:~> rpm -qf `which net`
>>>>> samba-client-3.5.1-4.1.x86_64
>>>
>>> So here are the issues encountered...
>>> file /usr/share/man/man1/smbclient.1.gz from install of
>>> samba-client-2.2.12-1.suse82 conflicts with file from package
>>> samba-client-2.2.7a-72 when trying to rpm -i samba-client-2.2.12-1.rpm
>>> I found on net...
>>>
>>>>>
>>>>> or you can dig domainsid from ldap
>>>
>>> This sounds interesting! How do I do that?
>>>
>>
>> modify to your needs (domain):
>>
>> ldapsearch -x -h ldap -D "cn=admin,dc=domain,dc=cz" -W -b
>> "sambaDomainName=domain,dc=domain,dc=cz"
>>
>> sambaSID: is your domainsid
>>
>> or you can use phpldapadmin to manage you ldap from browser
>>
>>> Thanks very much!
>>> Giorgio
>>>
>>> On 3/26/10, GG <jojomi at gmail.com> wrote:
>>>> Hi!
>>>>
>>>> I'll be at it in a few minutes installing samba client / net command :-)
>>>>
>>>> I have a question about the samba sernet repos:
>>>> Shall I apt-get remove samba and use
>>>> http://enterprisesamba.com/index.php?id=148 +
>>>> http://enterprisesamba.com/index.php?id=56
>>>> instead from start?
>>>>
>>>> What is the real advantage of sernet? What about installing official
>>>> samba.org packages, are there differences with sernet (stability?) or
>>>> is it just a more liberal repository?
>>>>
>>>> Also I read
>>>>>>> Ensure that all local user and group accounts that are used by samba
>>>>>>> have the same uid/gid.
>>>>
>>>> Shall I copy /etc/shadow and /etc/passwd over? other files for groups
>>>> and users?
>>>>
>>>> I use rsync --verbose --progress --stats --compress --rsh=ssh \
>>>> --recursive --times --perms --links \
>>>> --owner --group --devices --specials \
>>>> --exclude-from '/root/exclude.txt (if any, not in this case as
>>>> I'm only syncing data dir)' \
>>>> root at old_PDC:/DATA /DATA
>>>>
>>>> This should bring over every attribute set on files... correct?
>>>>
>>>> [[[did only partially in one case: I set up a twin install (fresh
>>>> install then live cd and full rsync and after that I kept mbr, but
>>>> changed /boot and the /ect/fstab settings) and the server started
>>>> etc.. LDAP did not work though: authentication was not available...
>>>> So I must be missing something or this rsync parameter set must be
>>>> missing something.. I had disconnected old PDC, set same IP and
>>>> hostname to the VM well this worked well for other virtualizations and
>>>> in this PDC I need to upgrade to win7 compatible samba version anyway
>>>> :-)
>>>> This was another story but just to share it as it is an excellent way
>>>> of migrating sometimes specially for machines you do not master and
>>>> this is my case very often.]]]
>>>>
>>>> Cheers,
>>>> Giorgio
>>>>
>>>> On Fri, Mar 26, 2010 at 9:14 AM, Vladimir Psenicka
>>>> <vladimir.psenicka at prodeco.cz> wrote:
>>>>> Hi
>>>>>
>>>>> Dne 25.3.2010 17:41, GG napsal(a):
>>>>>> Hello Vladimir, John and all the NG :-)
>>>>>> Thanks so much for answering. I really hoped someone would :-)
>>>>>>
>>>>>> So I installed Debian latest stable netinst on the future production
>>>>>> server and here are my issues in the quotes :-( no net command on my
>>>>>> suse 8.2
>>>>>>
>>>>>> Cheers :-)
>>>>>> Giorgio
>>>>>>
>>>>>>
>>>>>>> On Thu, Mar 25, 2010 at 14:00, John H Terpstra <*@samba.org> wrote:
>>>>>>>> On 03/25/2010 03:33 AM, Vladimir Psenicka wrote:
>>>>>>>> What about Debian Stable with Sernet samba repo, where you can choose
>>>>>>>> Samba 3.4.x or 3.5.x
>>>>>>>>
>>>>>>>> My hints on migrating to new server:
>>>>>>>>
>>>>>>>> 1. install new server (Samba,ldap etc.)
>>>>>>
>>>>>> done :-) Debian Stable netinst
>>>>>>
>>>>>>>> 2. set same hostname on new server
>>>>>> My ignorance comes out :-)
>>>>>> Must I set it different from the production server as FW points
>>>>>> production.domain.com - I have clients using DNS=oldPDC and PDC
>>>>>> forwards queries to FW. FW has pdc.domain.com defined to point to lan
>>>>>> ip.
>>>>>>
>>>>>
>>>>> Ok, can be changed later
>>>>>
>>>>>>>> 3. export ldap data from old server and import them to new server
>>>>>>
>>>>>> slapcat -f /etc/openldap/ldap.conf -l /ldap.ldif
>>>>>> OK
>>>>>>
>>>>>>> Ensure that all local user and group accounts that are used by samba
>>>>>>> have the same uid/gid.
>>>>>> my ignorance again... another hint?
>>>>>>>
>>>>>>>> 4. export SID (net getlocalsid) and set it on new server (net
>>>>>>>> setlocalsid oldsid)
>>>>>>>
>>>>>>> Note:
>>>>>>> net getdomainsid (on old server)
>>>>>>> net setdomainsid (on new server)
>>>>>> thanks :-)
>>>>>>
>>>>>> # net getdomainsid
>>>>>> -bash: net: command not found :-( and not found in yast
>>>>>>
>>>>>> I understand it has to do with extracting the sid from
>>>>>> /etc/samba/secrets.tdb but how do I install the command? suse 8.2 yast
>>>>>> has now net package and googling net is.. well wow!
>>>>>>
>>>>>
>>>>> Have you samba-client package installed?
>>>>>
>>>>> PAVOUK\psenicka at psenicka:~> rpm -qf `which net`
>>>>> samba-client-3.5.1-4.1.x86_64
>>>>>
>>>>> or you can dig domainsid from ldap
>>>>>
>>>>>>>> 5. configure samba on new server as PDC with ldap and shares in smb.conf
>>>>>>>> from old samba smb.conf (check with testparm)
>>>>>>
>>>>>> I see it only contains shares so I bet smb.conf would just keep all
>>>>>> the old settings rigth? /DATA will be rsynced
>>>>>>
>>>>>
>>>>> Maybe smb.conf from Samba2 is too different from Samba 3. I will keep
>>>>> current smb.conf on new server and add only shares from old smb.conf to
>>>>> new smb.conf.
>>>>>
>>>>>>>> 6. stop samba on old server
>>>>>>>> 7. copy all data (with perms) and netlogon share to new server
>>>>>>>> 8. stop old server
>>>>>>>> 9. start samba on new server a check everything is working fine (domain
>>>>>>>> logon from windows box, shares and perms)
>>>>>>>>
>>>>>>>> This can be done best when no users are logged in samba (maybe at weekend?)
>>>>>>>>
>>>>>>>> P.S. We have ubuntu 8.04 as PDC and Windows 7 can't join to domain
>>>>>>
>>>>>> thanks I move to Debian with ease :-) ubuntu is a great deb derived right?
>>>>>>
>>>>> Ubuntu 8.04 LTS is now older than Debian Stable. When Ubuntu 10.04 LTS
>>>>> comes out this will be no longer truth.
>>>>>
>>>>>>> Check http://wiki.samba.org for info regarding Windows 7.
>>>>>>>
>>>>>>> Cheers,
>>>>>>> John T.
>>>>>>>
>>>>>>>> Dne 25.3.2010 01:05, GG napsal(a):
>>>>>>>>> Hello Vladimir and hi all,
>>>>>>>>>
>>>>>>>>> Thanks very much for replying!
>>>>>>>>>
>>>>>>>>> Any suggested os? I'd go for debian or what advised, I just happen to
>>>>>>>>> know ubuntu more...
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Any strategy or hint on migrating from ancient ldap + samba to a new server?
>>>>>>>>> Already tried rsyncing (using all options to keep perms and attributes
>>>>>>>>> grp own mod etc) on a twin v-machine but server starts and the ldap
>>>>>>>>> auth fails to work :-(
>>>>>>>>>
>>>>>>>>> I'm a bit stuck at the moment :-( and I have posponed the problem for
>>>>>>>>> too long grrr
>>>>>>>>>
>>>>>>>>> Giorgio
>>>>>>>>>
>>>>>>>>> On Wed, Mar 24, 2010 at 9:20 AM, Vladimir Psenicka
>>>>>>>>> <vladimir.psenicka at prodeco.cz> wrote:
>>>>>>>>>> Dne 23.3.2010 15:48, Giorgio napsal(a):
>>>>>>>>>>> Hello,
>>>>>>>>>>> Hopefully I'm in the right place asking for help :-)
>>>>>>>>>>>
>>>>>>>>>>> I need to move from an old physical Suse 8.2 - samba 2.2.7 + ldap - to
>>>>>>>>>>> latest samba versions, I would like to use an ubuntu 8.04 virtual machine.
>>>>>>>>>>>
>>>>>>>>>>> The domain is in production on the physical server, to be dismissed after
>>>>>>>>>>> migration. It is also the file server!!! so /DATA/ has all shared and
>>>>>>>>>>> permission driven file access..
>>>>>>>>>>>
>>>>>>>>>>> I was following https://help.ubuntu.com/8.10/serverguide/C/samba-dc.html but
>>>>>>>>>>> I realize I am in a different scenario...
>>>>>>>>>>>
>>>>>>>>>>> Production so no errors are admitted :-(, migration to new os and versions..
>>>>>>>>>>> all at once?
>>>>>>>>>>>
>>>>>>>>>>> I have a dump of the physical server (dd sda mbr and single partitions :)
>>>>>>>>>>> plus an rsync with all permissions daily backup, just to be safe ;)
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> What would you guru's suggest as a strategy?
>>>>>>>>>>>
>>>>>>>>>>> Can I create a new server and add it as secondary domain controller and then
>>>>>>>>>>> once the replica is up? I'd feel quite comfortable with this method.
>>>>>>>>>>>
>>>>>>>>>>> BTW I need a new version of samba as they have already bought Windows 7
>>>>>>>>>>> boxes (without asking if they were supported arrgh).
>>>>>>>>>>>
>>>>>>>>>>> Thanks to all of you who read or answered :-)
>>>>>>>>>>>
>>>>>>>>>>> Gio
>>>>>>>>>>
>>>>>>>>>> Hi.
>>>>>>>>>>
>>>>>>>>>> Ubuntu 8.10 is bad idea if you will be connecting Windows 7 into domain,
>>>>>>>>>> because of old Samba version. Samba 3.4.x or 3.5.x is recommended for
>>>>>>>>>> Win7. Wait for Ubuntu 10.04 LTS (next month) if you want Ubuntu.
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Vladimir Psenicka
>>>>>>>>>> --
>>>>>>>>>> To unsubscribe from this list go to the following URL and read the
>>>>>>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> To unsubscribe from this list go to the following URL and read the
>>>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>>
>>>>>
>>>>> --
>>>>> Vladimir Psenicka
>>>>> IT system engineer
>>>>> PRODECO, a.s.
>>>>> Tel.: 417 633 762
>>>>> --
>>>>> To unsubscribe from this list go to the following URL and read the
>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>>
>>>>
>>
>>
>> --
>> Vladimir Psenicka
>> IT system engineer
>> PRODECO, a.s.
>> Tel.: 417 633 762
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
--
Vladimir Psenicka
IT system engineer
PRODECO, a.s.
Tel.: 417 633 762
More information about the samba
mailing list