S3/S4 migration tool -- server hostname?

Charles Tryon charles.tryon at gmail.com
Thu Jan 26 10:08:40 MST 2012


On Wed, Jan 25, 2012 at 5:20 PM, Amitay Isaacs <amitay at gmail.com> wrote:

> Hi Charles,
>
> On Thu, Jan 26, 2012 at 8:27 AM, Charles Tryon <charles.tryon at gmail.com>
> wrote:
> >  -- When I run the samba-tool domain migration tool, HOW does the script
> > determine the name of the host when it created the netbios name in the
> > config file, and as the base of all the DNS information?
>
> netbios name is picked up from samba3 configuration file specified.
>
> >
> >  -- Is it possible to override this name as the new domain is
> provisioned,
> > and in particular, as the domain is generated in DNS?
>
> The only way you can override the netbios name is by changing it in
> smb.conf.
>
> DNS domain is specified by --realm option to samba3upgrade.
>
> >
> >  -- If I change the hostname (and DNS entries) for the server, what sort
> of
> > impact is this going to have on the clients?  One thing I know for sure
> is
> > that any mapped folders which point to the old host name will be broken,
> > but that I can deal with through the login script, or manually fixing the
> > clients.
> >
> > I'm guessing that the hostname must come out of the Samba3 database, such
> > as the secrets.tdb file.  I changed the "netbios" name in the old Samba3
> > config file before running the conversion, and that didn't have any
> effect
> > on the migration output.  My problem is that I run the tool and it
> renames
> > everything on the host to the old host's name rather than using the
> current
> > server hostname or the netbios name from the config.  I can change this
> > afterwards in the generated smb.conf file to change the name of the
> server,
> > but then the DNS information is all still pointing to the wrong place,
> > which means the kerberos lookups and such will be wrong.  If it were flat
> > files it would again be trivial to change it back, but with DLZ it's not
> so
> > easy.  There are also the generated secrets and dns keytab files which
> > contain the old server's name.
> >
> > (I'm trying to track through the source, but not making a lot of
> > progress...)
>
> Does the "netbios name" in smb.conf and the current server name match?
>


I've changed the netbios name in the Samba3 config (copied from the
production server to /etc/samba3 on the box where I am doing the Samba4
conversion).  The name of the domain (usa.om.org) is being set correctly,
but the hostname of the server is being set to the old hostname of the
samba3 server, presumably from the secrets.tdb file, since that's the ONLY
place I can actually see it still in the Samba3 database, rather than the
netbios name I changed in the Samba3 config file, or from the host name of
the server I'm doing the conversion on.

? hostname
adam2.usa.om.org

? cat /etc/hosts
127.0.0.1 localhost.localdomain localhost
10.4.1.83 adam2.usa.om.org adam2
::1 localhost6.localdomain6 localhost6
fe80::20c:29ff:feca:296d adam2.usa.om.org adam2


? sudo grep -ri adam /etc/samba3
Binary file /etc/samba3/secrets.tdb matches
/etc/samba3/smb.conf:netbios name=ADAM2

When I do the samba3upgrade conversion:

    /usr/local/samba/bin/samba-tool domain
samba3upgrade --dbdir=/etc/samba3  --use-xattrs=yes  --realm=usa.om.org
 /etc/samba3/smb.conf

... the generated smb.conf file in /usr/local/samba/etc has the old name
("ADAM"),
... the generated DNS tables in /usr/local/etc/private/dns all point to "
adam.usa.om.org" as the name of the Samba/Kerberos/AD server.
... the generated Keytab files contain the old host name HOST/
adam at USA.OM.ORG
... the diagnostic output telling you what the values are used by the
provisioning step actually gives the NEW name, rather than the actual name
used.
... all of the LDAP domain controller entries are based off of the old
hostname


(snipped from the migration output....)
Object CN=ADAM,OU=Domain Controllers,DC=usa,DC=om,DC=org created with
desriptor O:DAG:DUD:AI(A;;RPWPCRC ...

Sorting rpmd with attid exception 3 rDN=CN DN=CN=ADAM,OU=Domain
Controllers,DC=usa,DC=om,DC=org
...
Opened keytab FILE:/usr/local/samba/private/secrets.keytab
Added HOST/adam at USA.OM.ORG(kvno 1) to keytab (enctype 1)
Added HOST/adam.usa.om.org at USA.OM.ORG(kvno 1) to keytab (enctype 1)
Added ADAM$@USA.OM.ORG(kvno 1) to keytab (enctype 1)
Added HOST/adam at USA.OM.ORG(kvno 1) to keytab (enctype 3)
Added HOST/adam.usa.om.org at USA.OM.ORG(kvno 1) to keytab (enctype 3)
Added ADAM$@USA.OM.ORG(kvno 1) to keytab (enctype 3)
Added HOST/adam at USA.OM.ORG(kvno 1) to keytab (enctype 23)
Added HOST/adam.usa.om.org at USA.OM.ORG(kvno 1) to keytab (enctype 23)
Added ADAM$@USA.OM.ORG(kvno 1) to keytab (enctype 23)
Added HOST/adam at USA.OM.ORG(kvno 1) to keytab (enctype 17)
Added HOST/adam.usa.om.org at USA.OM.ORG(kvno 1) to keytab (enctype 17)
Added ADAM$@USA.OM.ORG(kvno 1) to keytab (enctype 17)
Added HOST/adam at USA.OM.ORG(kvno 1) to keytab (enctype 18)
Added HOST/adam.usa.om.org at USA.OM.ORG(kvno 1) to keytab (enctype 18)
Added ADAM$@USA.OM.ORG(kvno 1) to keytab (enctype 18)
Opened keytab FILE:/usr/local/samba/private/dns.keytab
Added DNS/adam.usa.om.org at USA.OM.ORG(kvno 1) to keytab (enctype 1)
Added dns-ADAM2 at USA.OM.ORG(kvno 1) to keytab (enctype 1)
Added DNS/adam.usa.om.org at USA.OM.ORG(kvno 1) to keytab (enctype 3)
Added dns-ADAM2 at USA.OM.ORG(kvno 1) to keytab (enctype 3)
Added DNS/adam.usa.om.org at USA.OM.ORG(kvno 1) to keytab (enctype 23)
Added dns-ADAM2 at USA.OM.ORG(kvno 1) to keytab (enctype 23)
Added DNS/adam.usa.om.org at USA.OM.ORG(kvno 1) to keytab (enctype 17)
Added dns-ADAM2 at USA.OM.ORG(kvno 1) to keytab (enctype 17)
Added DNS/adam.usa.om.org at USA.OM.ORG(kvno 1) to keytab (enctype 18)
Added dns-ADAM2 at USA.OM.ORG(kvno 1) to keytab (enctype 18)
A phpLDAPadmin configuration file suitable for administering the Samba 4
LDAP server has been created in
/usr/local/samba/private/phpldapadmin-config.php .
Once the above files are installed, your Samba4 server will be ready to use
Server Role:           domain controller
Hostname:              ADAM2
NetBIOS Domain:        OMUSA
DNS Domain:            usa.om.org
DOMAIN SID:            S-1-5-21-2981240901-159909458-1447877300
Admin password:        None
Importing WINS database
Cannot open wins database, Ignoring: [Errno 2] No such file or directory:
'/etc/samba3/wins.dat'
Importing Account policy
ldb:acl_modify: minPwdLength
Sorting rpmd with attid exception 1376281 rDN=DC DN=DC=usa,DC=om,DC=org
Importing idmap database
...





> Amitay.
>



-- 
    Charles Tryon
_________________________________________________________________________
  “Risks are not to be evaluated in terms of the probability of success,
but in terms of the value of the goal.”
                - Ralph D. Winter


More information about the samba-technical mailing list