Comprehensive re-write of the classicupgrade HowTo and other changes
abartlet at samba.org
Thu May 29 15:38:50 MDT 2014
On Thu, 2014-05-29 at 11:34 +0200, Marc Muehlfeld wrote:
> Hello Andrew,
> Am 29.05.2014 00:22, schrieb Andrew Bartlett:
> > One bug I noticed (and I would just fix, but I wanted to first
> > understand what made you say that) is:
> > "When using the passdb backends smbpasswd or tdbsam, it is not possible
> > to automatically import groups from /etc/group during the
> > classicupgrade. This has to be done manually afterwards."
> > This isn't meant to be the case. It is meant to work, but it uses the
> > *new* systems /etc/group file, if you move between systems, except when
> > using ldap (where it forces the ldapsam:trusted option, so that we don't
> > use nss for groups).
> For writing the new HowTo, I setup a Samba PDC (4.1.7) with tdbsam (and
> later smbpasswd) backend. I add a group ("demo group") to /etc/group and
> did the mapping (net groupmap add ... type=domain).
> I did the classicupgrade on the same machine. All users were imported,
> like expected. But not the groups.
> Also the old version of the classicupgrade HowTo said: "At this point,
> there are some issues with the classicupgrade tool migrating groups and
> their members from the previous Samba3 instance if the domain is using
> the tdb backend.".
I don't know the authority for that statement. It is a bug at most, not
a deliberate behaviour.
> What are the requirements that groups are getting imported on
> installations with tdbsam and smbpasswd?
> And which groups are choosen for importing from /etc/group? Only the
> ones that had groupmappings, I guess.
Yes, as those are the only groups Samba will do anything sensible with
(otherwise they become unix groups).
> > What we could do is permit a 'group' file to be put in the dbdir on the
> > new server, and somehow use that to get group memberships.
> This sounds like a good idea. Then users don't have to replace
> /etc/group with the old file, if you do the upgrade on a new host.
Please file a wishlist bug for that, and a normal bug for it not working
at all if you can reproduce that with valid group mappings.
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical