[Samba] Problems in SAMBA 3.3 to 4.0 migration

[Rowland Penny]

On 11/02/15 17:42, soonerdave wrote:
> I am migrating an old but functional Samba 3.3.4 smbpasswd-based PDC to a new
> Samba 4.0-based VM. I planned to build the 4.0 as a BDC and then simply
> dcpromo it to my PDC, and then retire the old server. But I've come across
> two problems for which I'm needing some guidance.
>
> I've built the 4.0 box, extracted the original domain SID, and joined the
> machine to the domain. I can log into shares hosted on the DC, and all
> appears well. I then attempted to simply net rpc vampire the PDC's groups
> and users, but doing so results in a Segmentation Fault immediately after
> net attempts to get the domain database ("Fetching (to passdb) DOMAIN
> database").
>
> In looking at the SAMBA server logs on the PDC, there's a clear credential
> failure from the BDC machine on the vampire attempt. Two log entries with
> "BAD SIG... expected SMB signature of (empty)" appear, indicating an empty
> payload was sent as part of the SMB signature during the credential check.
> That implies to me some sort of problem in the session setup or machine
> key/account - yet net rpc testjoin says the join of the BDC is OK. I've
> already removed and rejoined the machine to the domain with the same result
> ,so at this point, I don't know what's going wrong with the machine
> credential check from the BDC to the PDC.
>
> The second issue is in generating a list of users and groups off the PDC.
> Right now, wbinfo simply won't work. wbinfo -p can't even ping winbindd even
> when I can see that it is, in fact, running. An strace run against wbinfo
> seems to indicate wbinfo can't communicate with the winbindd pipe, and I
> have no clue why. So it would seem to me that even if I fix the credential
> exchange issue above, I've got another issue on the PDC with group and user
> enumeration.
>
> Although I've found several issues roughly similar to this, none of the
> fixes I've seen so far apply. I thought perhaps the "BAD SIG" messages in
> the log in the failed credential check might ring a bell for someone, but
> the wbinfo failure really has thrown me for a loop. There's no reason I can
> see why it won't work. Any suggestions appreciated.
>
>
>
>
>
> --
> View this message in context: http://samba.2283325.n4.nabble.com/Problems-in-SAMBA-3-3-to-4-0-migration-tp4680653.html
> Sent from the Samba - General mailing list archive at Nabble.com.

It might help if you post your smb.conf, what OS you are using and the 
reason to use samba 4.0 when 4.2 is about to come out.

Rowland