[Samba] samba3 to samba4 // logon hours // server role secrets.tdb, secrets.ldb
Johannes Paechnatz
jpaechnatz at gmail.com
Tue Oct 16 00:45:45 MDT 2012
>> fyi - samba3 tdbsam backend. I removed/edited serveral user accounts
>> with Umlauts in Fullname/Displayname. (tdbdump/text editor/tdbrestore)
>> until all user accounts got migrated.
>
> What was your 'unix charset' (we may need to add a conversion here, as
> we assume UTF8 at the ldb layer).
old samba3 server:
LANG="de_DE"
LC_ALL="de_DE"
smb.conf:
display charset = ISO8859-1
unix charset = ISO8859-1
I remember the reason for this was a software that couldn't handle
UTF-8 (which is fixed meanwhile) - and I know that we need to convert
the whole content of the filesystem when we migrate...
>> 1. machine accounts: some machine accounts don't have Logon hours
>> FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF what seem to be a problem.
>> Could I manually change fields (which fields?) in the tdbsam dump? I
>> tried pdbedit -Z of the specific account, but that seems to change it
>> to an epoch style timestamp and migration fails again - so I removed
>> them in the tdbsam dump to get the migration working, after that
>> additional steps all user and machine accounts get migrated.
>
> Can you give me some more detail about what is wrong here? We generally
> do want to convert any valid samba3 account.
old samba3 server:
add machine script = /usr/sbin/useradd -c Machine -d /dev/null -g 1000
-s /bin/false %u
all machine accounts are added via this entry - so I thought they are the same.
example:
Failed to modify account record
CN=w-2000-007,CN=Computers,DC=SAMBA4SRV to set user attributes:
objectclass_attrs: attribute 'logonHours' on entry
'CN=w-2000-007,CN=Computers,DC=SAMBA4SRV' contains at least one
invalid value!
ERROR(<class 'passdb.error'>): uncaught exception - Unable to add sam
account 'w-2000-007$', (-1073741811,Unexpected information received)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line
1321, in run
useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
File "/usr/lib/python2.7/dist-packages/samba/upgrade.py", line 883,
in upgrade_from_samba3
s4_passdb.add_sam_account(userdata[username])
on samba3
pdbedit -Lv
Unix username: w-2000-007$
NT username:
Account Flags: [W ]
User SID: S-1-5-21-2800255703-2035631742-3861056042-3132
Primary Group SID: S-1-5-21-2800255703-2035631742-3861056042-513
Full Name: W-2000-007$
Home Directory: \\filesrv\w-2000-007_
HomeDir Drive: L:
Logon Script: logon-users.bat
Profile Path: ""
Domain: BFE
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: 9223372036854775807 seconds since the Epoch
Kickoff time: 9223372036854775807 seconds since the Epoch
Password last set: Mon, 19 Sep 2011 08:25:53 CEST
Password can change: Mon, 19 Sep 2011 08:25:53 CEST
Password must change: Sun, 18 Dec 2011 07:25:53 CET
Last bad password : 0
Bad password count : 0
Logon hours : 0000000000000000000000000000000030ACC81063
other successful migrated account:
Unix username: W-4000-026$
NT username:
Account Flags: [W ]
User SID: S-1-5-21-2800255703-2035631742-3861056042-2219
Primary Group SID: S-1-5-21-2800255703-2035631742-3861056042-513
Full Name: W-4000-026$
Home Directory: \\filesrv\w-4000-026_
HomeDir Drive: L:
Logon Script: logon-joh.bat
Profile Path: ""
Domain: BFE
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: 9223372036854775807 seconds since the Epoch
Kickoff time: 9223372036854775807 seconds since the Epoch
Password last set: Mon, 14 Mar 2011 08:54:54 CET
Password can change: Mon, 14 Mar 2011 08:54:54 CET
Password must change: Sun, 12 Jun 2011 09:54:54 CEST
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
tdbdump of both (made on the samba4 machine, if tdbtools version matters?):
{
key(17) = "USER_w-2000-007$\00"
data(199) = "\00\00\00\00\FF\FF\FF\7F\FF\FF\FF\7F\00\00\00\00q\E0vN\8F\19zFq\87\EDN\0C\00\00\00w-2000-007$\00\04\00\00\00BFE\00\01\00\00\00\00\0C\00\00\00W-2000-007$\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\01\00\00\00\00\01\00\00\00\00\01\00\00\00\00\01\00\00\00\00<\0C\00\00\01\02\00\00\00\00\00\00\10\00\00\00\8C\9A\F1\16\AA@\90\1Ef\0E\95\B2\CAW\7F\97\00\00\00\00\80\00\00\00\00\00\00\00\00\00
\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\000\AC\C8\10c\7F\00\00\00\80\00\10\00\00\00\00\00\00\00\00\00\00\00\00"
}
{
key(13) = "RID_00000c3c\00"
data(12) = "w-2000-007$\00"
}
{
key(17) = "USER_w-4000-026$\00"
data(199) = "\00\00\00\00\FF\FF\FF\7F\FF\FF\FF\7F\00\00\00\00\CE\C9}M\00\00\00\00\CEp\F4M\0C\00\00\00W-4000-026$\00\04\00\00\00BFE\00\01\00\00\00\00\0C\00\00\00W-4000-026$\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\01\00\00\00\00\01\00\00\00\00\01\00\00\00\00\01\00\00\00\00\AB\08\00\00\01\02\00\00\00\00\00\00\10\00\00\00\90\13\ADS\0FBn\F8j\99
\03\C5Dy\E1\00\00\00\00\80\00\00\00\A8\00\15\00\00\00
\00\00\00\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\EC\04\00\00"
}
{
key(13) = "RID_000008ab\00"
data(12) = "w-4000-026$\00"
}
>> 2. The server role of samba3 is ROLE_DOMAIN_PDC after migration the
>> samba4 server is stand alone and starting of smbd works without error.
>> BUT if I change the server role to active directory domain controller
>> and try samba instead of smbd, I get an error: Failed to find record
>> for MYDOMAIN-HERE in /var/lib/samba/private/secrets.ldb: No such
>> object: Have you provisioned the MYDOMAIN-HERE domain? Provisioning an
>> new and empty ADS from scratch does work - but I need the migration
>> ;-)
>> I tried to modify the secrets.tdb before I start the classicupgrade
>> without success.
>>
>> This is a show-stopper ;-)
>
> Exactly what command did you run?
samba-tool domain classicupgrade --dbdir=/root/daten --use-xattrs=yes
--realm=BFETV.BFE-SYSTEMHAUS.DE /root/daten/smb.conf
> We should upgrade a ROLE_DOMAIN_PDC into an 'server role = active
> directory domain controller'. Are you sure you are using the smb.conf
> produced by the upgrade?
yes. I made a small script that removes all old data before I try a
new migration run:
rm /etc/samba/smb.conf
rm /var/lib/samba/private/*.ldb
rm /var/lib/samba/private/*.tdb
rm /var/lib/samba/private/sam.ldb.d/*
samba-tool domain classicupgrade --dbdir=/root/daten --use-xattrs=yes
--realm=BFETV.BFE-SYSTEMHAUS.DE /root/daten/smb.conf
Please let me know if you need more data/information.
cu Joh.Paechnatz
--
Johannes Paechnatz
--> googleplus: http://goo.gl/GVNoM
--> facebook: http://www.facebook.com/jpaechnatz
--> jabber/xmpp: jpaechnatz at gmail.com
--> icq: 22621122
--> skype: jpaechnatz
--> blog: http://simplyroot.blogspot.com/
amazon wishlist:
--> http://www.amazon.de/registry/wishlist/3L6U7SE47GQ1Z
Backup u. Sync sicher via Wuala:
http://www.wuala.com/referral/BBN3CFN4HKFF74HN3B7M
Encfs4win:
http://goo.gl/djpLB
Callsign: DO2PJ
Try JT65a: http://jt65.w6cqz.org/
More information about the samba
mailing list