Comprehensive re-write of the classicupgrade HowTo and other changes

Andrew Bartlett abartlet at
Thu May 29 15:38:50 MDT 2014

On Thu, 2014-05-29 at 11:34 +0200, Marc Muehlfeld wrote:
> Hello Andrew,
> Am 29.05.2014 00:22, schrieb Andrew Bartlett:
> > One bug I noticed (and I would just fix, but I wanted to first
> > understand what made you say that) is:
> > 
> > "When using the passdb backends smbpasswd or tdbsam, it is not possible
> > to automatically import groups from /etc/group during the
> > classicupgrade. This has to be done manually afterwards."
> > 
> > This isn't meant to be the case.  It is meant to work, but it uses the
> > *new* systems /etc/group file, if you move between systems, except when
> > using ldap (where it forces the ldapsam:trusted option, so that we don't
> > use nss for groups).
> For writing the new HowTo, I setup a Samba PDC (4.1.7) with tdbsam (and
> later smbpasswd) backend. I add a group ("demo group") to /etc/group and
> did the mapping (net groupmap add ... type=domain).
> I did the classicupgrade on the same machine. All users were imported,
> like expected. But not the groups.
> Also the old version of the classicupgrade HowTo said: "At this point,
> there are some issues with the classicupgrade tool migrating groups and
> their members from the previous Samba3 instance if the domain is using
> the tdb backend.".

I don't know the authority for that statement.  It is a bug at most, not
a deliberate behaviour. 

> What are the requirements that groups are getting imported on
> installations with tdbsam and smbpasswd?
> And which groups are choosen for importing from /etc/group? Only the
> ones that had groupmappings, I guess.

Yes, as those are the only groups Samba will do anything sensible with
(otherwise they become unix groups). 

> > What we could do is permit a 'group' file to be put in the dbdir on the
> > new server, and somehow use that to get group memberships. 
> This sounds like a good idea. Then users don't have to replace
> /etc/group with the old file, if you do the upgrade on a new host.

Please file a wishlist bug for that, and a normal bug for it not working
at all if you can reproduce that with valid group mappings.


Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team
Samba Developer, Catalyst IT

More information about the samba-technical mailing list