[Samba] Smbldap tools blocks when using net rpc vampire to migrate
accounts from the NT4 PDC to the SambaLdap BDC
Ioan Caltun
Ioan.Caltun at aptoa.fr
Tue Aug 10 12:04:51 GMT 2004
Hello,
I am trying to migrate a NT4 PDC server to a linux PDC Samba3.0+openLDAP backend
I have followed all the instructions in the Samba manual "The Linux Samba-openLDAP How to V.1.6.
However my efforts are in vain when I have to use net rpc. It hangs up and I' m trying to find out why...
So.. Here is what I did:
[root at SERVRHAS smbldap-tools]# net rpc vampire -l -d 4 -S servpdc -U Administrateur%------
[2004/08/06 17:17:05, 3] param/loadparm.c:lp_load(3926)
lp_load: refreshing parameters
[2004/08/06 17:17:05, 3] param/loadparm.c:init_globals(1303)
Initialising global parameters
[2004/08/06 17:17:05, 3] param/params.c:pm_process(566)
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
[2004/08/06 17:17:05, 3] param/loadparm.c:do_section(3429)
Processing section "[global]"
doing parameter name resolve order = wins lmhosts bcast
doing parameter delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
doing parameter hosts allow = 127. 172.
doing parameter netbios name = srvrhas
[2004/08/06 17:17:05, 4] param/loadparm.c:handle_netbios_name(2721)
handle_netbios_name: set global_myname to: SRVRHAS
doing parameter ldap passwd sync = Yes
doing parameter printing = bsd
doing parameter dos charset = ISO8859-1
doing parameter display charset = ISO8859-1
doing parameter remote announce = 192.168.1.255 192.168.2.44 172.2.0.2
doing parameter local master = no
doing parameter workgroup = domaine
doing parameter os level = 40
doing parameter ldap admin dn = cn=manager,dc=mediteranee,dc=com
doing parameter printcap name = /etc/printcap
doing parameter add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
doing parameter max log size = 500
doing parameter log file = /var/log/samba/%m.log
doing parameter load printers = yes
doing parameter guest account = pcguest
doing parameter ldap user suffix = ou=Users
doing parameter add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
doing parameter socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
doing parameter add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
doing parameter domain master = no
doing parameter passdb backend = ldapsam:ldap://127.0.0.1
doing parameter wins support = true
doing parameter ldap delete dn = Yes
doing parameter server string = Red Hat AS Server Samba-Ldap Server
doing parameter ldap group suffix = ou=Groups
doing parameter ldap machine suffix = ou=Computers
doing parameter ldap suffix = dc=mediteranee,dc=com
doing parameter logon path = \\%L\Profiles\%U
doing parameter add user script = /usr/local/sbin/smbldap-useradd -m "%u"
doing parameter set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
doing parameter unix charset = ISO8859-1
doing parameter preferred master = no
[2004/08/06 17:17:05, 4] param/loadparm.c:lp_load(3958)
pm_process() returned Yes
[2004/08/06 17:17:05, 2] lib/interface.c:add_interface(79)
added interface ip=172.2.0.5 bcast=172.2.255.255 nmask=255.255.0.0
[2004/08/06 17:17:05, 3] libsmb/cliconnect.c:cli_start_connection(1290)
Connecting to host=servpdc
[2004/08/06 17:17:05, 3] lib/util_sock.c:open_socket_out(690)
Connecting to 172.2.0.2 at port 445
[2004/08/06 17:17:05, 2] lib/util_sock.c:open_socket_out(726)
error connecting to 172.2.0.2:445 (Connexion refusée)
[2004/08/06 17:17:05, 3] lib/util_sock.c:open_socket_out(690)
Connecting to 172.2.0.2 at port 139
[2004/08/06 17:17:05, 4] lib/time.c:get_serverzone(122)
Serverzone is -7200
[2004/08/06 17:17:05, 4] passdb/secrets.c:secrets_fetch_trust_account_password(255)
Using cleartext machine password
[2004/08/06 17:17:05, 4] rpc_client/cli_netlogon.c:cli_net_req_chal(45)
cli_net_req_chal: LSA Request Challenge from SRVRHAS to servpdc: F8F60FC15E8B943C
[2004/08/06 17:17:05, 4] libsmb/credentials.c:cred_session_key(59)
cred_session_key
[2004/08/06 17:17:05, 4] libsmb/credentials.c:cred_create(90)
cred_create
[2004/08/06 17:17:05, 4] rpc_client/cli_netlogon.c:cli_net_auth2(102)
cli_net_auth2: srv:\\SERVPDC acct:SRVRHAS$ sc:6 mc: SRVRHAS chal F944E654EF209FCA neg: 400701ff
[2004/08/06 17:17:05, 4] libsmb/credentials.c:cred_create(90)
cred_create
[2004/08/06 17:17:05, 4] libsmb/credentials.c:cred_assert(121)
cred_assert
Fetching DOMAIN database
[2004/08/06 17:17:05, 4] libsmb/credentials.c:cred_create(90)
cred_create
[2004/08/06 17:17:06, 4] libsmb/credentials.c:cred_create(90)
cred_create
[2004/08/06 17:17:06, 4] libsmb/credentials.c:cred_assert(121)
cred_assert
SAM_DELTA_DOMAIN_INFO not handled
[2004/08/06 17:17:06, 2] lib/smbldap.c:smbldap_search_domain_info(1295)
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=SRVRHAS))]
[2004/08/06 17:17:06, 2] lib/smbldap.c:smbldap_search_suffix(1066)
smbldap_search_suffix: searching for:[(&(objectClass=sambaDomain)(sambaDomainName=SRVRHAS))]
[2004/08/06 17:17:06, 2] lib/smbldap.c:smbldap_open_connection(623)
smbldap_open_connection: connection opened
[2004/08/06 17:17:06, 3] lib/smbldap.c:smbldap_connect_system(785)
ldap_connect_system: succesful connection to the LDAP server
[2004/08/06 17:17:06, 4] lib/smbldap.c:smbldap_open(836)
The LDAP server is succesful connected
[2004/08/06 17:17:06, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1597)
ldapsam_search_one_group: searching for:[(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-375199814-1253531362-1423778804-512))]
[2004/08/06 17:17:06, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1612)
ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object)ldapsam_search_one_group: Query was: ou=Groups, (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-375199814-1253531362-1423778804-512))
Creating unix group: 'Admins du domaine'
Here is a question... here,in the research he usees SID sambaSID=S-1-5-21-375199814-1253531362-1423778804-512
However, in smbldap.cong, the SID I obtained after
net rpc getlocalsid -S servpdc
is
SID="S-1-5-21-375199814-1253531362-1423778804"
I also have a feeling that smbldap-useradd or groupadd do not support spaces in the Group name or accents...
Did anyone encounter these problems.
Thank you in advance for your help
Best Regards
Ioan Caltun
More information about the samba
mailing list