[Samba] Re: CentOS 3.6, samba-3.0.9-1.3E.5 tdbsam to ldapsam export
John H Terpstra
jht at samba.org
Mon Dec 5 18:24:53 GMT 2005
Robert,
First off, the Samba Technical mailing list is not a help facility. Its
purpose is purely for discussion of samba design and code implementation
issues. Please confine your email to the normal Samba list.
There are several avenues for Samba support:
1. The official documentation that consists of:
Samba-3 by Example - a book that provides detailed deployment gudiance
The Official Samba-3 HOWTO and Reference Guide - a book that provides
detailed information regarding how the functional components of
samba function and may be configured. This book does NOT provide
presecriptive deployment guidance - it is more like a mechanics maual.
Both books are available from:
http://www.samba.org/samba/docs
For examples of how to deploy Samba please refer to:
http://www.samba.org/samba/docs/Samba3-ByExample.pdf
Each example network provided in this book is fully documented in step-by-step
mode.
2. The Samba mailing list:
The samba at samba.org mailing list is subscriber supported. Noone has a right to
an answer, noone is owed an answer. All answers provided on the list are a
privilege provided by users to each other. Any advice provided is free and
there is no assurance that the advice given is correct. The mailing list is
essentially a free-for-all, with attempts by Samba-Team members to moderate
as time permits. Sometime we are all too busy to respond.
It is a fact that many postings go unanswered. The challenge posters face is
one of gaining attention and winning someone over to help you.
3. Paid Support
When someone accepts payment for support they are responsible to provide the
remedy sought. You can find paid support for Samba from:
httP//www.samba.org/samba/support/
The Samba-Team offers no assurances, guarrantees, or warrantys in respect of
the companies and individuals whose names appear in the support pages of the
Samba.Org web site.
Since I have obviously expended some time to answer your posting, and so that
you will not have cause to complain of my reply, the answer to your problem
is that before migrating the SambaSAMAccount information from the tdbsam file
to the LDAP directory it is essential that you migrate the POSIX account
information. The account for Andrea lacks the POSIX account data.
The POSIX account information is the data that is presently in
your /etc/passwd file.
You can obtain a utility to migrate the POSIX account from
http://www.padl.com/OSS/MigrationTools.html
Specifically, you must first execute one of the
"migrate_all_{online,offline}.sh" scripts, then you can execute the "pdbedit
-i tdbsam -e ldapsam" process.
The book, "The Official Samba-3 HOWTO and Reference Guide" specifically
mentions the fact that the POSIX account information is essential to Samba in
addition to the SAmbaSAMAccount information.
Cheers,
John T.
On Monday 05 December 2005 06:16, Robert Becskei wrote:
> NOTE: Since I haven't gotten any replies to my questions lately, maybe they
> were stupid or something, or I've written them to the wrong mailing list.
> If this e-mail is on the wrong mailing list THEN PLEASE tell
> me, where to write.
>
> Dear List,
>
> I've setup a samba domain controller with ldap backend, work okay , users
> like root and nobody show up correctly with smbldap-usershow root , or
> smbldap-usershow nobody, or via usrmgr.exe from winXX client.
>
> Now since I have some old users on the other samba 3.0.9-1.3E.5 server
> which uses tdbsam backend I've decieded to import the users from there. So
> I've setup a test server.
> I've coppied over passdb.tdb file and /var/cache/samba expect browse.dat
> and wins.dat.
>
> I did a pdbedit -v -i tdbsam -e ldapsam
>
> but it seems something went wrong because even tough I see the user in
> slapcat > old.ldif , smbldap-usershow andrea says no such user, id andrea
> says no such user.Please note I did not add these users on this computer
> via adduser.
>
> here is the working entry for root :
>
> dn: uid=root,ou=Users,dc=capriolobike,dc=com
> cn: root
> sn: root
> objectClass: inetOrgPerson
> objectClass: sambaSamAccount
> objectClass: posixAccount
> objectClass: shadowAccount
> gidNumber: 512
> uid: root
> uidNumber: 0
> homeDirectory: /home/root
> sambaLogonTime: 0
> sambaLogoffTime: 2147483647
> sambaKickoffTime: 2147483647
> sambaPwdMustChange: 2147483647
> sambaHomePath: \\PDC-SERVER\homes\root
> sambaHomeDrive: X:
> sambaProfilePath: \\PDC-SERVER\profiles\root\
> sambaPrimaryGroupSID: S-1-5-21-4026663590-1589568591-1594268601-512
> sambaAcctFlags: [U ]
> sambaSID: S-1-5-21-4026663590-1589568591-1594268601-2996
> loginShell: /bin/false
> gecos: Netbios Domain Administrator
> structuralObjectClass: inetOrgPerson
> entryUUID: fdc5834c-f9da-1029-8b52-823807df0058
> creatorsName: cn=Manager,dc=capriolobike,dc=com
> createTimestamp: 20051205130127Z
> sambaPwdCanChange: 1133787703
> sambaLMPassword: 8540236CBC8AD7364207FD0DF35A59A8
> sambaNTPassword: 8F82C6BCFD826B95532C25AA1A9C2DC5
> sambaPasswordHistory:
> 00000000000000000000000000000000000000000000000000000000
> 00000000
> sambaPwdLastSet: 1133787703
> userPassword:: e1NNRDV9UVZmUjJhSWpxeDlzMFVwOU11QTcyV1lIdWdzPQ==
> entryCSN: 20051205130143Z#000002#00#000000
> modifiersName: cn=Manager,dc=capriolobike,dc=com
> modifyTimestamp: 20051205130143Z
>
> and here is the entry that is not working for andrea
>
> dn: uid=andrea,ou=Users,dc=capriolobike,dc=com
> uid: andrea
> sambaSID: S-1-5-21-4026663590-1589568591-1594268601-2082
> sambaPrimaryGroupSID: S-1-5-21-4026663590-1589568591-1594268601-512
> sambaUserWorkstations: ANDREA-1700256,TERMINAL
> sambaLogonScript: scripts\andrea-1700256.bat
> sambaLogonTime: 0
> sambaLogoffTime: 2147483647
> sambaKickoffTime: 0
> sambaPwdCanChange: 1100346635
> sambaPwdMustChange: 2147483647
> sambaLMPassword: B131BE87BEF31C7EAAD3B435B51404EE
> sambaNTPassword: DF425DB9C2BBCE2C0CD839CEC4DB8AA2
> sambaPasswordHistory:
> 00000000000000000000000000000000000000000000000000000000
> 00000000
> sambaPwdLastSet: 1100346635
> sambaLogonHours: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> sambaAcctFlags: [UX ]
> sambaBadPasswordCount: 0
> sambaBadPasswordTime: 0
> objectClass: sambaSamAccount
> objectClass: account
> structuralObjectClass: account
> entryUUID: 65bf5c02-f9db-1029-8b73-823807df0058
> creatorsName: cn=Manager,dc=capriolobike,dc=com
> createTimestamp: 20051205130422Z
> entryCSN: 20051205130422Z#000001#00#000000
> modifiersName: cn=Manager,dc=capriolobike,dc=com
> modifyTimestamp: 20051205130422Z
>
> dn: uid=andrea-1700256$,ou=Computers,dc=capriolobike,dc=com
> uid: andrea-1700256$
> sambaSID: S-1-5-21-4026663590-1589568591-1594268601-2132
> sambaPrimaryGroupSID: S-1-5-21-4026663590-1589568591-1594268601-2133
> displayName: ANDREA-1700256$
> sambaLogonTime: 0
> sambaLogoffTime: 2147483647
> sambaKickoffTime: 2147483647
> sambaPwdCanChange: 1133758337
> sambaPwdMustChange: 2147483647
> sambaNTPassword: 1CC3B41967DB4DB5B0248894360B628C
> sambaPasswordHistory:
> 00000000000000000000000000000000000000000000000000000000
> 00000000
> sambaPwdLastSet: 1133758337
> sambaLogonHours: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> sambaAcctFlags: [W ]
> sambaBadPasswordCount: 0
> sambaBadPasswordTime: 0
> objectClass: sambaSamAccount
> objectClass: account
> structuralObjectClass: account
> entryUUID: 65eecb4a-f9db-1029-8b74-823807df0058
> creatorsName: cn=Manager,dc=capriolobike,dc=com
> createTimestamp: 20051205130422Z
> entryCSN: 20051205130422Z#000002#00#000000
> modifiersName: cn=Manager,dc=capriolobike,dc=com
> modifyTimestamp: 20051205130422Z
>
> Someone please tell me how do you do this correctly, I must keep the old
> users, so I need to import them from tdb to ldap backend.
>
> Sincerely
> Robert Becskei
--
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668
Author:
The Official Samba-3 HOWTO & Reference Guide, 2 Ed., ISBN: 0131882228
Samba-3 by Example, 2 Ed., ISBN: 0131882221X
Hardening Linux, ISBN: 0072254971
Other books in production.
More information about the samba
mailing list