s3 - s4 conversion
Aaron E.
ssureshot at gmail.com
Wed Apr 13 11:24:20 MDT 2011
On 04/13/2011 01:12 PM, Aaron E. wrote:
>
>>> I was able to get the script to run on the Users I had to change Line #
>>> 1083 to read,
>>> assert rid >= 500, "sid[%s] rid < 1000" % (sid) instead of
>>> assert rid >= 1000, "sid[%s] rid < 1000" % (sid)..
>> This is not a good idea. You should not bypass this check - the imported
>> account's sid will conflict with existing Administrator account in samba4
>>>
>>> Computer/Groups still does not work.. If I come up with anything Ill let
>>> you know.
>>>
>>> I was not able to import the users.ldif using the following command..
>>> ./ldbmodify -H ldap://172.20.1.15 --user=CONVERT/administrator%xxxxxxxx
>>> /root/users.ldif
>> To import accounts use:
>> $targetdir/bin/ldbadd -H $targetdir/private/sam.ldb --nosync --verbose
>> --controls=relax:0 --controls=local_oid:1.3.6.1.4.1.7165.4.3.7:0
>> --controls=local_oid:1.3.6.1.4.1.7165.4.3.12:0 users.ldif
>> where targetdir=/usr/local/samba
>> I do not think the accounts can be imported through ldap interface this
>> way (defenately not hashed passwords)
>>>
>>> It gave me this error for all 408 users...
>>> ERR: (Unwilling to perform) "LDAP error 53 LDAP_UNWILLING_TO_PERFORM -
>>> <00002035: Unwilling to perform - The primary group isn't settable on
>>> add operations!> <>" on DN CN=aaron.e,OU=Imported
>>> Users,dc=convert,dc=com
>>>
>>
>>
>
>
> Luke,
>
> Would I import the Groups and Computers with the same command? It is not
> importing the computers or groups exports I have created using the
> script. The grouptype attribute in my export is as follows.. groupType:
> 2147483650 ...I get the following error.
>
> ERR: Invalid attribute syntax : "objectclass_attrs: attribute
> 'groupType' on entry 'CN=Quality,OU=Imported Groups,DC=convert,DC=com'
> contains at least one invalid value!" on DN CN=Quality,OU=Imported
> Groups,dc=convert,dc=com
>
>
> Also, I'm trying to decipher why it is splitting my computer accounts
> into user accounts.. It is only doing this for certain accounts. They
> all have the W flag set for sambaAcctFlags so I'm not sure why they
> aren't working. If this is they attribute that is being looked at to
> filter?
>
> I think thats all I have.. for now,, I had to clean up my ldap dump
> error by error to get the script to work. But those were all
> discrepancies from the 15 years of data there..
>
> As always thank you for your assistance, I know you don't have to do
> it... sorry to be a bother to you..
I believe if I import the Computers first then the users I get the
proper results.. I believe the Groups are my issue
More information about the samba-technical
mailing list