S3/S4 migration tool -- server hostname?

Charles Tryon charles.tryon at gmail.com
Thu Jan 26 12:58:54 MST 2012 

OK, I'm an idiot....

Well, maybe not an *idiot*, but I just discovered a key assumption I have
been making which is NOT true.

My assumption was, when you run the samba-tool domain samba3upgrade, IT
OVERWRITES THE GENERATED CONFIG FILE IN /usr/local/samba/etc/smb.conf

This is *not* the case.  Originally, if the script found an existing
smb.conf file, it would complain and abort.  Now, it is reading in the
config file and apparently using some of the parameters.  I'm not exactly
sure what happens from that point on, but apparently that's what was
causing the old host name to show up.

I removed that smb.conf file and re-ran my migration, and from my quick
testing, at least the DNS entries look like they are correct.  I'm still
testing with my old client XP box to see if it can still find the
"converted" DC when I log in.

(One more step forward... I think.)



On Thu, Jan 26, 2012 at 12:08 PM, Charles Tryon <charles.tryon at gmail.com>wrote:

>
>
> On Wed, Jan 25, 2012 at 5:20 PM, Amitay Isaacs <amitay at gmail.com> wrote:
>
>> Hi Charles,
>>
>> On Thu, Jan 26, 2012 at 8:27 AM, Charles Tryon <charles.tryon at gmail.com>
>> wrote:
>> >  -- When I run the samba-tool domain migration tool, HOW does the script
>> > determine the name of the host when it created the netbios name in the
>> > config file, and as the base of all the DNS information?
>>
>> netbios name is picked up from samba3 configuration file specified.
>>
>> >
>> >  -- Is it possible to override this name as the new domain is
>> provisioned,
>> > and in particular, as the domain is generated in DNS?
>>
>> The only way you can override the netbios name is by changing it in
>> smb.conf.
>>
>> DNS domain is specified by --realm option to samba3upgrade.
>>
>> >
>> >  -- If I change the hostname (and DNS entries) for the server, what
>> sort of
>> > impact is this going to have on the clients?  One thing I know for sure
>> is
>> > that any mapped folders which point to the old host name will be broken,
>> > but that I can deal with through the login script, or manually fixing
>> the
>> > clients.
>> >
>> > I'm guessing that the hostname must come out of the Samba3 database,
>> such
>> > as the secrets.tdb file.  I changed the "netbios" name in the old Samba3
>> > config file before running the conversion, and that didn't have any
>> effect
>> > on the migration output.  My problem is that I run the tool and it
>> renames
>> > everything on the host to the old host's name rather than using the
>> current
>> > server hostname or the netbios name from the config.  I can change this
>> > afterwards in the generated smb.conf file to change the name of the
>> server,
>> > but then the DNS information is all still pointing to the wrong place,
>> > which means the kerberos lookups and such will be wrong.  If it were
>> flat
>> > files it would again be trivial to change it back, but with DLZ it's
>> not so
>> > easy.  There are also the generated secrets and dns keytab files which
>> > contain the old server's name.
>> >
>> > (I'm trying to track through the source, but not making a lot of
>> > progress...)
>>
>> Does the "netbios name" in smb.conf and the current server name match?
>>
>
>
> I've changed the netbios name in the Samba3 config (copied from the
> production server to /etc/samba3 on the box where I am doing the Samba4
> conversion).  The name of the domain (usa.om.org) is being set correctly,
> but the hostname of the server is being set to the old hostname of the
> samba3 server, presumably from the secrets.tdb file, since that's the ONLY
> place I can actually see it still in the Samba3 database, rather than the
> netbios name I changed in the Samba3 config file, or from the host name of
> the server I'm doing the conversion on.
>
> ? hostname
> adam2.usa.om.org
>
> ? cat /etc/hosts
> 127.0.0.1 localhost.localdomain localhost
> 10.4.1.83 adam2.usa.om.org adam2
> ::1 localhost6.localdomain6 localhost6
> fe80::20c:29ff:feca:296d adam2.usa.om.org adam2
>
>
> ? sudo grep -ri adam /etc/samba3
> Binary file /etc/samba3/secrets.tdb matches
> /etc/samba3/smb.conf:netbios name=ADAM2
>
> When I do the samba3upgrade conversion:
>
>     /usr/local/samba/bin/samba-tool domain
> samba3upgrade --dbdir=/etc/samba3  --use-xattrs=yes  --realm=usa.om.org
>  /etc/samba3/smb.conf
>
> ... the generated smb.conf file in /usr/local/samba/etc has the old name
> ("ADAM"),
> ... the generated DNS tables in /usr/local/etc/private/dns all point to "
> adam.usa.om.org" as the name of the Samba/Kerberos/AD server.
> ... the generated Keytab files contain the old host name HOST/
> adam at USA.OM.ORG
> ... the diagnostic output telling you what the values are used by the
> provisioning step actually gives the NEW name, rather than the actual name
> used.
> ... all of the LDAP domain controller entries are based off of the old
> hostname
>
>
> (snipped from the migration output....)
> Object CN=ADAM,OU=Domain Controllers,DC=usa,DC=om,DC=org created with
> desriptor O:DAG:DUD:AI(A;;RPWPCRC ...
>
> Sorting rpmd with attid exception 3 rDN=CN DN=CN=ADAM,OU=Domain
> Controllers,DC=usa,DC=om,DC=org
> ...
> Opened keytab FILE:/usr/local/samba/private/secrets.keytab
> Added HOST/adam at USA.OM.ORG(kvno 1) to keytab (enctype 1)
> Added HOST/adam.usa.om.org at USA.OM.ORG(kvno 1) to keytab (enctype 1)
> Added ADAM$@USA.OM.ORG(kvno 1) to keytab (enctype 1)
> Added HOST/adam at USA.OM.ORG(kvno 1) to keytab (enctype 3)
> Added HOST/adam.usa.om.org at USA.OM.ORG(kvno 1) to keytab (enctype 3)
> Added ADAM$@USA.OM.ORG(kvno 1) to keytab (enctype 3)
> Added HOST/adam at USA.OM.ORG(kvno 1) to keytab (enctype 23)
> Added HOST/adam.usa.om.org at USA.OM.ORG(kvno 1) to keytab (enctype 23)
> Added ADAM$@USA.OM.ORG(kvno 1) to keytab (enctype 23)
> Added HOST/adam at USA.OM.ORG(kvno 1) to keytab (enctype 17)
> Added HOST/adam.usa.om.org at USA.OM.ORG(kvno 1) to keytab (enctype 17)
> Added ADAM$@USA.OM.ORG(kvno 1) to keytab (enctype 17)
> Added HOST/adam at USA.OM.ORG(kvno 1) to keytab (enctype 18)
> Added HOST/adam.usa.om.org at USA.OM.ORG(kvno 1) to keytab (enctype 18)
> Added ADAM$@USA.OM.ORG(kvno 1) to keytab (enctype 18)
> Opened keytab FILE:/usr/local/samba/private/dns.keytab
> Added DNS/adam.usa.om.org at USA.OM.ORG(kvno 1) to keytab (enctype 1)
> Added dns-ADAM2 at USA.OM.ORG(kvno 1) to keytab (enctype 1)
> Added DNS/adam.usa.om.org at USA.OM.ORG(kvno 1) to keytab (enctype 3)
> Added dns-ADAM2 at USA.OM.ORG(kvno 1) to keytab (enctype 3)
> Added DNS/adam.usa.om.org at USA.OM.ORG(kvno 1) to keytab (enctype 23)
> Added dns-ADAM2 at USA.OM.ORG(kvno 1) to keytab (enctype 23)
> Added DNS/adam.usa.om.org at USA.OM.ORG(kvno 1) to keytab (enctype 17)
> Added dns-ADAM2 at USA.OM.ORG(kvno 1) to keytab (enctype 17)
> Added DNS/adam.usa.om.org at USA.OM.ORG(kvno 1) to keytab (enctype 18)
> Added dns-ADAM2 at USA.OM.ORG(kvno 1) to keytab (enctype 18)
> A phpLDAPadmin configuration file suitable for administering the Samba 4
> LDAP server has been created in
> /usr/local/samba/private/phpldapadmin-config.php .
> Once the above files are installed, your Samba4 server will be ready to use
> Server Role:           domain controller
> Hostname:              ADAM2
> NetBIOS Domain:        OMUSA
> DNS Domain:            usa.om.org
> DOMAIN SID:            S-1-5-21-2981240901-159909458-1447877300
> Admin password:        None
> Importing WINS database
> Cannot open wins database, Ignoring: [Errno 2] No such file or directory:
> '/etc/samba3/wins.dat'
> Importing Account policy
> ldb:acl_modify: minPwdLength
> Sorting rpmd with attid exception 1376281 rDN=DC DN=DC=usa,DC=om,DC=org
> Importing idmap database
> ...
>
>
>
>
>
>> Amitay.
>>
>
>
>
> --
>     Charles Tryon
> _________________________________________________________________________
>   “Risks are not to be evaluated in terms of the probability of success,
> but in terms of the value of the goal.”
>                 - Ralph D. Winter
>
>


-- 
    Charles Tryon
_________________________________________________________________________
  “Risks are not to be evaluated in terms of the probability of success,
but in terms of the value of the goal.”
                - Ralph D. Winter

More information about the samba-technical mailing list