[Samba] net rpc vampire not working

Mon Dec 5 17:09:05 GMT 2005

On Sunday 04 December 2005 18:25, Del wrote:
> > Use
> > http://www.samba.org/samba/docs/man/Samba-Guide/ntmigration.html
>
> Thanks, that is a great help.  I have it working now.
>
> > I would recommend that the user is familiar with setup, usage,
> > maintenance of LDAP prior to doing this.
>
> Oh, LDAP is no problem.   I'm the author of the LdapImport scripts
> which some of you may have seen
>
> http://wiki.babel.com.au/index.php?area=Linux_Projects&page=LdapImport
>
> The problem I was having was correct configuration of samba prior to
> running net rpc vampire.
>
> Just some notes on the migration guide above that you might want to
> incorporate into a later edition:
>
> --
>
> example 9.1:  "security = user" is missing?  Is this intentional?
> the "configure.pl" script from smbldap-tools adds it to smb.conf
> in any case.
>
> May be useful to mention extending the LDAP schema before attempting
> any of this, e.g. with the samba.schema file.
>
> Before Step 7:  You can't run ./configure.pl in the smbldap-tools directory
> unless samba is running.  So you need to do "service smb start" or
> your OS equivalent first.  In fact, before doing that you need to
> inform samba of your LDAP bind DN password using:
>
>   smbpasswd -w <password>
>
> Step 8:  Since you need to start samba before you run ./configure.pl, and
> since samba tries to connect to the LDAP server when it starts, you
> will need to start LDAP before you start samba.  So this probably belongs
> around step 4 or 5.
>
> Step 10:  You need to do this before starting Samba, so again this needs
> to happen earlier than step 7.
>
> Step 11:  Also, starting Samba will attempt to populate the LDAP directory.
> On Fedora Directory Server (and in fact any non-OpenLDAP server) you may
> hit troubles doing this because the entries aren't formatted correctly
> with the "top" objectClass (on OpenLDAP this parent object class is added
> automatically).  To fix this, what I did was:
>
> cd /opt/IDEALX/sbin
> /smbldap-populate -e /root/LDAP/smb-populate.ldif.
> vi /root/LDAP/smb-populate.ldif
>
> Change the last LDIF entry in this file to include "objectClass: top"
>
> ldapadd -x -c -D 'cn=Directory Manager' -W -f /root/LDAP/smb-populate.ldif
>
> .. and you will need to supply your root DN password to the above command..
>
> Step 12:  This should not actually be necessary on non-OpenLDAP servers.  A
> running LDAP server will notice that its directory has been populated.  It
> is, however, the case that the OpenLDAP directory is completely empty after
> installation so you may need to do this.
>
> Step 14:  It might be useful to test this using:
>
> net rpc testjoin
>
> Step 17:  This seems to take a long time.  Expect that -- nothing happens
> in the log file for a few seconds at least, don't panic.
>
> --
> Del

Del,

I will review your comments when I get an opportunity. 

If I recall correctly, Chapter 9 does say that you need to create a fully 
functional server per the example of chapter 5 before attempting to perform 
vapire migration.

One of the key challenges of prescriptive guidance documentation is the fact 
that most people want to short-circuit the learning process ignoring the fact 
that every short-cut has consequences. :-)

- John T.

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, 2 Ed., ISBN: 0131882228
Samba-3 by Example, 2 Ed., ISBN: 0131882221X
Hardening Linux, ISBN: 0072254971
Other books in production.