[Samba] SAMBA4: pdbedit not changing SID
Andrew Bartlett
abartlet at samba.org
Mon Apr 1 17:02:05 MDT 2013
On Mon, 2013-04-01 at 15:59 -0700, Simon Matthews wrote:
>
> On Tue, 2 Apr 2013, Andrew Bartlett wrote:
>
> > On Mon, 2013-04-01 at 09:26 +0200, Gémes Géza wrote:
> >> 2013-04-01 02:36 keltezéssel, simon+samba at matthews.eu írta:
> >> > Since I don't seem to be having any luck with the classicupgrade, I
> >> > decided to try starting from scratch and then adding users.
> >> >
> >> > I ran the command:
> >> > /usr/local/samba/bin/samba-tool domain provision --realm=<my realm> \
> >> > --domain=<mydomain> --adminpass 'mypass' --server-role=dc \
> >> > --dns-backend=BIND9_DLZ
> >> >
> >> > Then I tried both adding and changing users. In neither case can I
> >> > change the SID with pdbedit. It seems to be added with a
> >> > system-defined SID, irrespective of what I specify. pdbedit -v is able
> >> > to list the user's parameters, including the SID.
> >> >
> >> > Any suggestions? I am pretty much stuck here trying to figure out how
> >> > to migrate from an existing SAMBA3 domain to SAMBA4.
> >> >
> >> >
> >> Hi,
> >>
> >> Trying to add users one by one (preserving SID) is IMHO a lot harder
> >> (you would probably need to ldbmodify the user record of each one) to
> >> do, than fixing your samba3 install to have it classicupgraded.
> >
> > Indeed. The only way to safely import a list of users who already have
> > SIDs is to migrate them to Samba 4.0's AD DC using one of the supported
> > migration tools.
> >
> > These are 'samba-tool domain join dc' and 'samba-tool domain
> > classicupgrade'.
>
> Perhaps I need to address why the "classicupgrade" did not work. I see now
> that I did not pass the --dbdir option when running it before. I'll try
> again.
Thanks. Please work with our tools rather than trying to work around
them.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba
mailing list