Fwd: I need some help with migration (from Apple OpenDirectory)

Максим Мельников m.melnikov at teorema.info
Thu Jan 10 04:44:48 MST 2013

Hi Mike, Andrew ,thanks for your replying and for useful links.

Actually my general point is to save users and their SIDs and other attributes and thus do not reset ACLs. 
I can loose passwords, I'll just force all users to change them to new ones.
I have over 350 users and groups and very complicated tree of shared recourses and ACLs on it.
Also there are several MS Remote Desktop servers with some services, they have lots of ACLs too.
The work to be made to repopulate existing users with new passwords and emails and other attributes is much more easier than to repopulate the new AD with new users and to reset all of ACLs.
And I cannot get users and SIDs from Apple OD to Samba 4 AD or to any other AD using presented tools.

Let me describe it briefly.

The classic upgrade method didn't get users and SIDs from *.tdb files copied from Apple samba 3 server.
Then I used the pdbedit.
The #pdbedit -Lv    listed me all my users with attributes.
The #pdbedit -e tdbsam:/tmp/my_smb3_passdb.tdb    did this file successfully.
Next I copied my_smb3_passdb.tdb to folder with *.tdb for classic upgrade and put the line " passdb backend = /path/to/my_smb3_passdb.tdb " into the source smb3.conf.
And started the classic upgrade again. 
It gave me the following:
"Setting password for administrator
ERROR(<type 'exceptions.TypeError'>): uncaught exception - expected string or Unicode object, NoneType found
File "/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py", line 175, in _run
  return self.run(*args, **kwargs)
File "/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/domain.py", line 1318, in run
  useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
File "/usr/local/samba/lib/python2.6/site-packages/samba/upgrade.py", line 914, in upgrade_from_samba3
  logger.info("Administrator password has been set to password of user '%s'", admin_user)"
If I run the #pdbedit -L  on samba4 server I can see the list of importer users with correct usernames and full names, but all they have the same UID.
If I run the #pdbedit -Lv  on samba4 server | can see the SIDs which differs from the original ones.

What did I do wrong?
What should I try to do to save the original SIDs in the result of migration?

Maksim Melnikov

More information about the samba-technical mailing list