[Samba] Samba 3 Beta3 using LDAP and NT4 Migrate

Peter S. Calvert pcalvert at us.ibm.com
Fri Jul 18 03:01:04 GMT 2003 

Hi,

I am trying a test of migrating a NT4 Domain to Samba 3 Beta 3 configured to
use LDAP on Redhat 8.  Is this possible?

Details
-------
I previously had Beta 2 on LDAP running as it's own domain controller
without problem and could create users (in LDAP) with smbpasswd -a.  XP
clients could join and login OK.

Now I have flushed that setup and have loaded Beta 3 configured to use LDAP,
installed a test NT4 domain controller and tried the NT4 migration steps
(Samba (nmbd, smbd) was not running as per instructions).

(1) the LDAP schema changed from Beta2 -> Beta3, this was not mentioned in
the release notes.  This was relatively simple to fix.

(2) the "net getsid" command:
    net getsid -S NT4PDC -w DOMNAME -U Administrator%passwd
does not exist?  Is there an equivalent?

I skipped this step.

(3) "net getlocalsid" returns, none set!.  I ran "net setlocalsid" and gave
it the SID from "rpcclient NT4PDC -U Administrator%passwd".

(4) net join appeared to work well.

(5)  the net rpc vampire command fails:
Fetching DOMAIN database
SAM_DELTA_DOMAIN_INFO not handled
Creating unix group: 'Domain Admins'
Creating unix group: 'Domain Users'
Creating unix group: 'Domain Guests'
Creating account: Administrator
Creating account: Guest
Creating account: TESTPDC$
Creating account: user1
Creating account: user2
Creating account: admin1
Creating account: admin2
Creating account: CROAK$
Creating account: DEBBIE$
[2003/07/17 19:41:14, 0] utils/net_rpc_samsync.c:fetch_group_mem_info(583)
  Could not find global group 512
[2003/07/17 19:41:14, 0] utils/net_rpc_samsync.c:fetch_group_mem_info(583)
  Could not find global group 513
[2003/07/17 19:41:14, 0] utils/net_rpc_samsync.c:fetch_group_mem_info(583)
  Could not find global group 514
Fetching BUILTIN database
[2003/07/17 19:41:14, 0] rpc_client/cli_pipe.c:rpc_api_pipe_req(1026)
  SCHANNEL ERROR: seq_num must be even in client (seq_num=3)
SAM_DELTA_DOMAIN_INFO not handled
Creating unix group: 'Account Operators'
Creating unix group: 'Administrators'
Creating unix group: 'Backup Operators'
Creating unix group: 'Guests'
Creating unix group: 'Print Operators'
Creating unix group: 'Replicator'
Creating unix group: 'Server Operators'
Creating unix group: 'Users'

Nothing is put in LDAP, /etc/passwd., or /etc/group.  I was hoping my LDAP
would be populated :-(.

(6) I noticed that pdbedit -Lv did put the sambaDomain entry into LDAP.
This is the only change that occurred in LDAP.

(7) The migration instructions mention:
   Before attempting to migrate user and group accounts it is STRONGLY
   advised to create in Samba-3 the groups that are present on the MS
  Windows NT4 domain AND to connect these to suitable Unix/Linux groups

How does one create/connect these Samba-3 groups that work when using samba
with LDAP?

BTW I am using IBM's LDAP server 5.1 on Redhat 8

Thanks,
Peter

More information about the samba mailing list