[Samba] Problems in SAMBA 3.3 to 4.0 migration

[soonerdave]

I am migrating an old but functional Samba 3.3.4 smbpasswd-based PDC to a new
Samba 4.0-based VM. I planned to build the 4.0 as a BDC and then simply
dcpromo it to my PDC, and then retire the old server. But I've come across
two problems for which I'm needing some guidance.

I've built the 4.0 box, extracted the original domain SID, and joined the
machine to the domain. I can log into shares hosted on the DC, and all
appears well. I then attempted to simply net rpc vampire the PDC's groups
and users, but doing so results in a Segmentation Fault immediately after
net attempts to get the domain database ("Fetching (to passdb) DOMAIN
database"). 

In looking at the SAMBA server logs on the PDC, there's a clear credential
failure from the BDC machine on the vampire attempt. Two log entries with
"BAD SIG... expected SMB signature of (empty)" appear, indicating an empty
payload was sent as part of the SMB signature during the credential check.
That implies to me some sort of problem in the session setup or machine
key/account - yet net rpc testjoin says the join of the BDC is OK. I've
already removed and rejoined the machine to the domain with the same result
,so at this point, I don't know what's going wrong with the machine
credential check from the BDC to the PDC.

The second issue is in generating a list of users and groups off the PDC.
Right now, wbinfo simply won't work. wbinfo -p can't even ping winbindd even
when I can see that it is, in fact, running. An strace run against wbinfo
seems to indicate wbinfo can't communicate with the winbindd pipe, and I
have no clue why. So it would seem to me that even if I fix the credential
exchange issue above, I've got another issue on the PDC with group and user
enumeration. 

Although I've found several issues roughly similar to this, none of the
fixes I've seen so far apply. I thought perhaps the "BAD SIG" messages in
the log in the failed credential check might ring a bell for someone, but
the wbinfo failure really has thrown me for a loop. There's no reason I can
see why it won't work. Any suggestions appreciated.





--
View this message in context: http://samba.2283325.n4.nabble.com/Problems-in-SAMBA-3-3-to-4-0-migration-tp4680653.html
Sent from the Samba - General mailing list archive at Nabble.com.