New user passwords?

Charles Tryon charles.tryon at gmail.com
Tue Oct 18 13:16:20 MDT 2011


UPDATE:

On Tue, Oct 18, 2011 at 2:40 PM, Charles Tryon <charles.tryon at gmail.com>wrote:

> ...
> -------------------SECOND VARIATION (where "--libdir" points to the
> /etc/samba3 database directory):
>
> <samba4:dev>? sudo /usr/local/samba/sbin/samba-tool domain samba3upgrade
>  --libdir /etc/samba3 -d 256 /etc/samba3/smb.conf
>    (...snip...)
>


> WARNING: The "null passwords" option is deprecated
> WARNING: The "password level" option is deprecated
> WARNING: The "share modes" option is deprecated
> WARNING: The "share modes" option is deprecated
> Provisioning
> ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception -
> ProvisioningError: No realm specified in smb.conf file and being a DC. That
> upgrade path doesn't work! Please add a 'realm' directive to your old
> smb.conf to let us know which one you want to use (it is the DNS name of the
> AD domain you wish to create.
>   File
> "/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py",
> line 135, in _run
>     return self.run(*args, **kwargs)
>   File
> "/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/domain.py", line
> 629, in run
>     useeadb=eadb)
>   File "/usr/local/samba/lib/python2.6/site-packages/samba/upgrade.py",
> line 484, in upgrade_from_samba3
>     raise ProvisioningError("No realm specified in smb.conf file and being
> a DC. That upgrade path doesn't work! Please add a 'realm' directive to your
> old smb.conf to let us know which one you want to use (it is the DNS name of
> the AD domain you wish to create.")
>
> ---------------------------------
> This looks like an error in how my old domain was set up in the original
> system ("No realm specified in smb.conf"), which wouldn't surprise me in the
> least!  This seems strange though, since according to the notes in the
> smb.conf file, the "realm" parameter is only supposed to be used when you
> are using "security=ads".
>


Going on the hint that the "libdir" isn't actually the Lib directory, I
pointed it to my copied samba3 directory.  I added a "realm = USA.OM.ORG"
parameter to the old smb.conf file, and removed my previous
"/usr/local/samba/etc/smb.conf file.

The results are much more encouraging, though still incomplete:

--------------------
<samba4:dev>? sudo /usr/local/samba/sbin/samba-tool domain samba3upgrade
 --libdir /etc/samba3 -d 256 /etc/samba3/smb.conf
INFO: Current debug levels:
  all: 256
  tdb: 256
  printdrivers: 256
  lanman: 256
  smb: 256
  rpc_parse: 256
  rpc_srv: 256
  rpc_cli: 256
  passdb: 256
  sam: 256
  auth: 256
  winbind: 256
  vfs: 256
  idmap: 256
  quota: 256
  acls: 256
  locking: 256
  msdfs: 256
  dmapi: 256
  registry: 256
Reading smb.conf
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
params.c:pm_process() - Processing configuration file "/etc/samba3/smb.conf"
Processing section "[global]"
doing parameter wins support = yes
doing parameter dns proxy = yes
doing parameter message command = bash -c 'cat %s | logger -t %f' &
doing parameter name resolve order = wins bcast
doing parameter security = user
doing parameter time server = yes
doing parameter server string = ""
doing parameter interfaces = 10.4.1.1/23
doing parameter realm = USA.OM.ORG
doing parameter username map = /etc/samba/smbusermap
doing parameter printing = lprng
doing parameter load printers = yes
doing parameter printcap = /etc/printcap
doing parameter cups options = "raw"
doing parameter printer admin = @dom_admin
WARNING: The "printer admin" option is deprecated
doing parameter print command = /usr/bin/lpr -P%p -Ccut.no_ff %s; rm %s
doing parameter socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
SO_RCVBUF=8192 SO_SNDBUF=8192
doing parameter read raw = no
doing parameter large readwrite = yes
doing parameter kernel oplocks = yes
doing parameter veto oplock files = /*.mdb/*.MDB/*.dbf/*.DBF
doing parameter smb ports = 139 445
doing parameter force create mode = 660
doing parameter directory mask = 2770
doing parameter force directory mode = 2000
doing parameter dos filetimes = yes
doing parameter min print space = 2048
doing parameter veto files = lost+found/proc/dev
doing parameter read only = no
doing parameter dos filetime resolution = yes
doing parameter passdb backend = tdbsam guest
doing parameter encrypt passwords = yes
doing parameter unix password sync = yes
doing parameter passwd program = /usr/local/sbin/sysadm-samba.pl--changepw=%u
doing parameter passwd chat = *new*password* %n\n *changed*
doing parameter passdb backend = tdbsam
doing parameter add machine script = /usr/sbin/adduser -n -g machines -c
Machine -d /dev/null -s /bin/false %u
doing parameter logon drive = N:
doing parameter logon home = \\%L\%U
doing parameter logon path =
doing parameter netbios name = ADAM
doing parameter netbios aliases = NTINSTALL
doing parameter name cache timeout = 60
doing parameter workgroup = OMUSA
doing parameter dos charset = CP850
doing parameter debug level = 1
WARNING: The "null passwords" option is deprecated
WARNING: The "password level" option is deprecated
WARNING: The "share modes" option is deprecated
WARNING: The "share modes" option is deprecated
Provisioning
Exporting account policy
Exporting groups
Exporting users
  Skipping wellknown rid=501 (for username=nobody)
Next rid = 3523
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=usa,DC=om,DC=org
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Adding DNS accounts
Populating CN=MicrosoftDNS,CN=System,DC=usa,DC=om,DC=org
rndc: connect failed: 127.0.0.1#953: connection refused
rndc: connect failed: 127.0.0.1#953: connection refused
See /usr/local/samba/private/named.conf for an example configuration include
file for BIND
and /usr/local/samba/private/named.txt for further documentation required
for secure DNS updates
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated at
/usr/local/samba/private/krb5.conf
Please install the phpLDAPadmin configuration located at
/usr/local/samba/private/phpldapadmin-config.php into
/etc/phpldapadmin/config.php
Once the above files are installed, your Samba4 server will be ready to use
Server Role:           domain controller
Hostname:              ADAM
NetBIOS Domain:        OMUSA
DNS Domain:            usa.om.org
DOMAIN SID:            S-1-5-21-2981240901-159909458-1447877300
Admin password:        None
Importing WINS database
ERROR(<type 'exceptions.IOError'>): uncaught exception - [Errno 2] No such
file or directory: '/etc/samba3/wins.dat'
  File
"/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py",
line 135, in _run
    return self.run(*args, **kwargs)
  File
"/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/domain.py", line
629, in run
    useeadb=eadb)
  File "/usr/local/samba/lib/python2.6/site-packages/samba/upgrade.py", line
638, in upgrade_from_samba3
    import_wins(Ldb(result.paths.winsdb), samba3.get_wins_db())
  File
"/usr/local/samba/lib/python2.6/site-packages/samba/samba3/__init__.py",
line 402, in get_wins_db
    return WinsDatabase(self.statedir_path("wins.dat"))
  File
"/usr/local/samba/lib/python2.6/site-packages/samba/samba3/__init__.py",
line 323, in __init__
    f = open(file, 'r')





-- 
    Charles Tryon
_________________________________________________________________________
      "It's the job that's never started that takes longest to finish."
                                 -- Samwise Gamgee


More information about the samba-technical mailing list