[Samba] Re: CentOS 3.6, samba-3.0.9-1.3E.5 tdbsam to ldapsam export

John H Terpstra jht at samba.org
Mon Dec 5 18:24:53 GMT 2005


First off, the Samba Technical mailing list is not a help facility. Its 
purpose is purely for discussion of samba design and code implementation 
issues. Please confine your email to the normal Samba list.

There are several avenues for Samba support:

1. The official documentation that consists of:

	Samba-3 by Example - a book that provides detailed deployment gudiance
	The Official Samba-3 HOWTO and Reference Guide - a book that provides
		detailed information regarding how the functional components of 
		samba function and may be configured. This book does NOT provide
		presecriptive deployment guidance - it is more like a mechanics maual.

Both books are available from:

For examples of how to deploy Samba please refer to:

Each example network provided in this book is fully documented in step-by-step 

2. The Samba mailing list:

The samba at samba.org mailing list is subscriber supported. Noone has a right to 
an answer, noone is owed an answer. All answers provided on the list are a 
privilege provided by users to each other. Any advice provided is free and 
there is no assurance that the advice given is correct. The mailing list is 
essentially a free-for-all, with attempts by Samba-Team members to moderate 
as time permits. Sometime we are all too busy to respond.

It is a fact that many postings go unanswered. The challenge posters face is 
one of gaining attention and winning someone over to help you.

3. Paid Support

When someone accepts payment for support they are responsible to provide the 
remedy sought. You can find paid support for Samba from:

The Samba-Team offers no assurances, guarrantees, or warrantys in respect of 
the companies and individuals whose names appear in the support pages of the 
Samba.Org web site.

Since I have obviously expended some time to answer your posting, and so that 
you will not have cause to complain of my reply, the answer to your problem 
is that before migrating the SambaSAMAccount information from the tdbsam file 
to the LDAP directory it is essential that you migrate the POSIX account 
information. The account for Andrea lacks the POSIX account data.

The POSIX account information is the data that is presently in 
your /etc/passwd file.

You can obtain a utility to migrate the POSIX account from 

Specifically, you must first execute one of the 
"migrate_all_{online,offline}.sh" scripts, then you can execute the "pdbedit 
-i tdbsam -e ldapsam" process.

The book, "The Official Samba-3 HOWTO and Reference Guide" specifically 
mentions the fact that the POSIX account information is essential to Samba in 
addition to the SAmbaSAMAccount information.

John T.

On Monday 05 December 2005 06:16, Robert Becskei wrote:
> NOTE: Since I haven't gotten any replies to my questions lately, maybe they
> were stupid or something, or I've written them to the wrong mailing list.
>             If this e-mail is on the wrong mailing list THEN PLEASE tell
> me, where to write.
> Dear List,
> I've setup a samba domain controller with ldap backend, work okay , users
> like root and nobody show up correctly with smbldap-usershow root , or
> smbldap-usershow nobody, or via usrmgr.exe from winXX client.
> Now since I have some old users on the other samba 3.0.9-1.3E.5 server
> which uses tdbsam backend I've decieded to import the users from there. So
> I've setup a test server.
> I've coppied over passdb.tdb file and /var/cache/samba expect browse.dat
> and wins.dat.
> I did a pdbedit -v -i tdbsam -e ldapsam
> but it seems something went wrong because even tough I see the user in
> slapcat > old.ldif , smbldap-usershow andrea says no such user, id andrea
> says no such user.Please note I did not add these users on this computer
> via adduser.
> here is the working entry for root :
> dn: uid=root,ou=Users,dc=capriolobike,dc=com
> cn: root
> sn: root
> objectClass: inetOrgPerson
> objectClass: sambaSamAccount
> objectClass: posixAccount
> objectClass: shadowAccount
> gidNumber: 512
> uid: root
> uidNumber: 0
> homeDirectory: /home/root
> sambaLogonTime: 0
> sambaLogoffTime: 2147483647
> sambaKickoffTime: 2147483647
> sambaPwdMustChange: 2147483647
> sambaHomePath: \\PDC-SERVER\homes\root
> sambaHomeDrive: X:
> sambaProfilePath: \\PDC-SERVER\profiles\root\
> sambaPrimaryGroupSID: S-1-5-21-4026663590-1589568591-1594268601-512
> sambaAcctFlags: [U ]
> sambaSID: S-1-5-21-4026663590-1589568591-1594268601-2996
> loginShell: /bin/false
> gecos: Netbios Domain Administrator
> structuralObjectClass: inetOrgPerson
> entryUUID: fdc5834c-f9da-1029-8b52-823807df0058
> creatorsName: cn=Manager,dc=capriolobike,dc=com
> createTimestamp: 20051205130127Z
> sambaPwdCanChange: 1133787703
> sambaLMPassword: 8540236CBC8AD7364207FD0DF35A59A8
> sambaNTPassword: 8F82C6BCFD826B95532C25AA1A9C2DC5
> sambaPasswordHistory:
> 00000000000000000000000000000000000000000000000000000000
> 00000000
> sambaPwdLastSet: 1133787703
> userPassword:: e1NNRDV9UVZmUjJhSWpxeDlzMFVwOU11QTcyV1lIdWdzPQ==
> entryCSN: 20051205130143Z#000002#00#000000
> modifiersName: cn=Manager,dc=capriolobike,dc=com
> modifyTimestamp: 20051205130143Z
> and here is the entry that is not working for andrea
> dn: uid=andrea,ou=Users,dc=capriolobike,dc=com
> uid: andrea
> sambaSID: S-1-5-21-4026663590-1589568591-1594268601-2082
> sambaPrimaryGroupSID: S-1-5-21-4026663590-1589568591-1594268601-512
> sambaUserWorkstations: ANDREA-1700256,TERMINAL
> sambaLogonScript: scripts\andrea-1700256.bat
> sambaLogonTime: 0
> sambaLogoffTime: 2147483647
> sambaKickoffTime: 0
> sambaPwdCanChange: 1100346635
> sambaPwdMustChange: 2147483647
> sambaLMPassword: B131BE87BEF31C7EAAD3B435B51404EE
> sambaNTPassword: DF425DB9C2BBCE2C0CD839CEC4DB8AA2
> sambaPasswordHistory:
> 00000000000000000000000000000000000000000000000000000000
> 00000000
> sambaPwdLastSet: 1100346635
> sambaAcctFlags: [UX ]
> sambaBadPasswordCount: 0
> sambaBadPasswordTime: 0
> objectClass: sambaSamAccount
> objectClass: account
> structuralObjectClass: account
> entryUUID: 65bf5c02-f9db-1029-8b73-823807df0058
> creatorsName: cn=Manager,dc=capriolobike,dc=com
> createTimestamp: 20051205130422Z
> entryCSN: 20051205130422Z#000001#00#000000
> modifiersName: cn=Manager,dc=capriolobike,dc=com
> modifyTimestamp: 20051205130422Z
> dn: uid=andrea-1700256$,ou=Computers,dc=capriolobike,dc=com
> uid: andrea-1700256$
> sambaSID: S-1-5-21-4026663590-1589568591-1594268601-2132
> sambaPrimaryGroupSID: S-1-5-21-4026663590-1589568591-1594268601-2133
> displayName: ANDREA-1700256$
> sambaLogonTime: 0
> sambaLogoffTime: 2147483647
> sambaKickoffTime: 2147483647
> sambaPwdCanChange: 1133758337
> sambaPwdMustChange: 2147483647
> sambaNTPassword: 1CC3B41967DB4DB5B0248894360B628C
> sambaPasswordHistory:
> 00000000000000000000000000000000000000000000000000000000
> 00000000
> sambaPwdLastSet: 1133758337
> sambaAcctFlags: [W ]
> sambaBadPasswordCount: 0
> sambaBadPasswordTime: 0
> objectClass: sambaSamAccount
> objectClass: account
> structuralObjectClass: account
> entryUUID: 65eecb4a-f9db-1029-8b74-823807df0058
> creatorsName: cn=Manager,dc=capriolobike,dc=com
> createTimestamp: 20051205130422Z
> entryCSN: 20051205130422Z#000002#00#000000
> modifiersName: cn=Manager,dc=capriolobike,dc=com
> modifyTimestamp: 20051205130422Z
> Someone please tell me how do you do this correctly, I must keep the old
> users, so I need to import them from tdb to ldap backend.
> Sincerely
> Robert Becskei

John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

The Official Samba-3 HOWTO & Reference Guide, 2 Ed., ISBN: 0131882228
Samba-3 by Example, 2 Ed., ISBN: 0131882221X
Hardening Linux, ISBN: 0072254971
Other books in production.

More information about the samba mailing list