Comprehensive re-write of the classicupgrade HowTo and other changes

Andrew Bartlett abartlet at samba.org
Thu May 29 15:38:50 MDT 2014 

On Thu, 2014-05-29 at 11:34 +0200, Marc Muehlfeld wrote:
> Hello Andrew,
> 
> 
> Am 29.05.2014 00:22, schrieb Andrew Bartlett:
> > One bug I noticed (and I would just fix, but I wanted to first
> > understand what made you say that) is:
> > 
> > "When using the passdb backends smbpasswd or tdbsam, it is not possible
> > to automatically import groups from /etc/group during the
> > classicupgrade. This has to be done manually afterwards."
> > 
> > This isn't meant to be the case.  It is meant to work, but it uses the
> > *new* systems /etc/group file, if you move between systems, except when
> > using ldap (where it forces the ldapsam:trusted option, so that we don't
> > use nss for groups).
> 
> 
> For writing the new HowTo, I setup a Samba PDC (4.1.7) with tdbsam (and
> later smbpasswd) backend. I add a group ("demo group") to /etc/group and
> did the mapping (net groupmap add ... type=domain).
> 
> I did the classicupgrade on the same machine. All users were imported,
> like expected. But not the groups.
> 
> Also the old version of the classicupgrade HowTo said: "At this point,
> there are some issues with the classicupgrade tool migrating groups and
> their members from the previous Samba3 instance if the domain is using
> the tdb backend.".

I don't know the authority for that statement.  It is a bug at most, not
a deliberate behaviour. 

> What are the requirements that groups are getting imported on
> installations with tdbsam and smbpasswd?
> 
> And which groups are choosen for importing from /etc/group? Only the
> ones that had groupmappings, I guess.

Yes, as those are the only groups Samba will do anything sensible with
(otherwise they become unix groups). 

> > What we could do is permit a 'group' file to be put in the dbdir on the
> > new server, and somehow use that to get group memberships. 
> 
> This sounds like a good idea. Then users don't have to replace
> /etc/group with the old file, if you do the upgrade on a new host.

Please file a wishlist bug for that, and a normal bug for it not working
at all if you can reproduce that with valid group mappings.

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list