A successful Samba 4 deployment

Mark Rutherford mark at lowcountrybilling.com
Tue Nov 9 15:43:54 MST 2010 

This is the last one Luk sent me, I know they were in the process of 
finding a better name for it as well as making it
work with Python 2.4
I believe this one requires Python 2.6 so my only solution was 
installing Debian Squeeze in a virtual machine to run it.
I also never got it to work from an ldiff, but it works when pulling 
from an existing ldap server.
Machine accounts? well..... no... I had to rejoin mine.

Another way I know to change a SID is using ldbedit
Someone will have to pipe up - this may break things and I only did this 
in a test environment.
bin/wbinfo --name-to-sid=mark
(returns current SID)
bin/ldbedit -e nano -H /path/to/sam.ldb objectsid=SID from previous search
Then you just edit the file and change the SID
Be careful!!



On 11/9/2010 3:26 PM, Charles Tryon wrote:
> Urk...  :-(  I appear to have subscribed to the "technical" list a 
> couple of days after Luk published his myldap-pub.py script, and the 
> archives scrubbed the text attachment.  I found it in another archive, 
> but for some reason, much of the indenting is goofed up, which then 
> confuses python.
>
> I've been trying to do a S3 to S4 migration for some time now, and my 
> big hurdle seems to be assigning the SID to the users so the client 
> computers don't try to create the local profile all over again.
>
> Do you have the most recent copy of the script, and if so, would you 
> be so kind as to send me a copy of the latest version?
>
> Thanks!
>
>
>
> On Tue, Nov 9, 2010 at 11:00 AM, Mark Rutherford 
> <mark at lowcountrybilling.com <mailto:mark at lowcountrybilling.com>> wrote:
>
>     We have been running for almost 2 weeks now without any major
>     problems.
>     All the problems I have encountered have been minor and fixed
>     fairly quickly.
>
>     We have 1 Samba 4 running as a domain controller With 3 more Samba
>     3.5.6 file/print servers
>     joined to it. (winbind, etc) and just under 40 Windows 7/XP clients.
>     The samba 3 machines are doing all of the heavy lifting and are
>     quite happy.
>     What can I say - 'it just works'.
>     We migrated users with the 'myldap-pub.py' script but machines had
>     to be 'joined' again :(
>
>     Some headaches still exist such as:
>     First issue (probably on everyone's mind) - DNS.... this has been
>     a BIG ouch.
>     I have found some really creative ways to upset it.
>     Not only could I never get clients to update the zones but our
>     nameserver is on a totally different machine with
>     several zones in views - this appears to confuse the windows
>     clients and they put an entry in the event log about it.
>     I even compiled Bind 9 from the latest source and never got it to
>     work.... Samba could update the zone just not clients.
>     Right now I 'get around it' because the DHCP server updates the
>     zones just fine.
>     That opens up a question that I have: do you have to run Bind on
>     the same machine that Samba 4 is running on or can
>     I somehow get it to update an external server?
>     Right now it complains that it can't connect to the server running
>     locally.
>
>     The second issue has been time on clients.
>     I have ntpd running on the DC but windows clients just throw event
>     logs about not being able to get time from the domain controller
>     for the
>     last 8 times, etc etc.
>     I have read some places that Windows uses sntp instead of ntp so I
>     am not really sure about what I should be doing.
>     Running 'net time /set /y' seems to work - it contacts the domain
>     controller and gets the time.
>
>     Otherwise everything works!
>     If anyone has some suggestions about DNS and time, that would be
>     great.
>     You guys sure Samba 4 is alpha? It's not that hard to get working. <g>
>     I appreciate all of your hard work in making this a reality.
>
>
>
>
>
>
>
>
> -- 
>     Charles Tryon
> _________________________________________________________________________
>       "It's the job that's never started that takes longest to finish."
>                                  -- Samwise Gamgee

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: myldap-pub.py
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20101109/465908dd/attachment.ksh>

More information about the samba-technical mailing list