[Samba] NT4 migration errors
Kevin B
kevin1a at varlog.net
Thu Jul 14 23:28:24 GMT 2005
Hi
I've setup samba 3.0.14 with the latest idealx scripts on FC3.
Now I have a test lab to migrate from NT4 box which different than the
standalone PDC I have running.
Here's the order I used and my ldap and samba configs are clean
as far as I can tell since I do get a partial migration.
When using 'net rpc vampire -S nt4 -W DOMAIN' it populates the
groups from NT4 and shows the group membership but the users fail to come
over.
Here's what I've done so far. BTW SLES9 server.
[continued below]
>From a clean ldap database I add in the top level ldif:
---------------------------------------------------------------------- dn:
dc=kblan,dc=com
o: kblan
objectClass: top
objectClass: dcObject
objectClass: organization
dc: kblan
Then ldapadd the preload ldif to be ready for the NT4 accounts:
--------------------------------------------------------------
dn: cn=admin,dc=kblan,dc=com
objectClass: organizationalRole
cn: admin
description: Directory Manager
dn: ou=People,dc=kblan,dc=com
objectClass: top
objectClass: organizationalUnit
ou:People
dn: ou=Groups,dc=kblan,dc=com
objectClass: top
objectClass: organizationalUnit
ou:Groups
dn: ou=Idmap,dc=kblan,dc=com
objectClass: top
objectClass: organizationalUnit
ou:Idmap
dn: ou=Domains,dc=kblan,dc=com
objectClass: top
objectClass: organizationalUnit
ou:Domains
Then ldapadd the NextFreeUnixID ldif:
-------------------------------------
dn: cn=NextFreeUnixId,dc=kblan,dc=com
objectClass: inetOrgPerson
objectClass: sambaUnixIdPool
uidNumber: 1000
gidNumber: 1000
cn: NextFreeUnixId
sn: NextFreeUnixId
Next add the smbpasswd to secrets.tdb.
Then grab the NT4 SID:
net rpc getsid -S nt4 -W DOMAIN [which succeeds and tdbdump shows it]
Now join the domain:
net rpc join -S nt4 -W DOMAIN -U Administrator%34567 [it joins]
Now we migrate: I'll show the 'net rpc vampire' first and then
show a slapcat dump of the ldap contents after migrating.
Comparing to the standalone PDC I setup before,
it seems I'm missing the sambaSamAccount object and all the relevant
attributes, but I don't know if in fact they are 'supposed' to existwhen
migrating from NT4 [??].
In any case, I need some help to get the migration done
whatever my mistakes are. I only have 2 groups and a couple of members in
each group. I don't have any local /etc/group entries other than for
services. [all gid less than 100]
Everything should be in ldap.
Any help is greatly appreciated.
Thanks in advance.
Kevin
--------------------------------------------------------
linux:~ # net rpc vampire -S nt4 -W DOMAIN
Fetching DOMAIN database Creating unix group: 'Domain Admins'
Creating unix group: 'Domain Users'
Creating unix group: 'Domain Guests'
Creating unix group: 'Sales'
Creating unix group: 'Accounting'
Creating account: Administrator
Error: SID not set for unix group 1001
check if your unix group is mapped to an NT group
[2005/07/14 12:18:55, 0] utils/net_rpc_samsync.c:fetch_account_info(527)
fetch_account: Running the command `/usr/local/sbin/smbldap-useradd -a
-m 'Administrator'' gave 7 Could not create posix account info for
'Administrator'
Creating account: Guest
Error: SID not set for unix group 1001
check if your unix group is mapped to an NT group
[2005/07/14 12:18:56, 0] utils/net_rpc_samsync.c:fetch_account_info(527)
fetch_account: Running the command `/usr/local/sbin/smbldap-useradd -a
-m 'Guest'' gave 7 Could not create posix account info for 'Guest'
Creating account: NT4$
Can't call method "get_value" on an undefined value at
/usr/local/sbin/smbldap-useradd line 171, <DATA> line 283.
[2005/07/14 12:18:56, 0] utils/net_rpc_samsync.c:fetch_account_info(527)
fetch_account: Running the command `/usr/local/sbin/smbldap-useradd -a
-w 'NT4$'' gave 3 Could not create posix account info for 'NT4$'
Creating account: IUSR_NT4
Error: SID not set for unix group 1001
check if your unix group is mapped to an NT group
[2005/07/14 12:18:57, 0] utils/net_rpc_samsync.c:fetch_account_info(527)
fetch_account: Running the command `/usr/local/sbin/smbldap-useradd -a
-m 'IUSR_NT4'' gave 7 Could not create posix account info for 'IUSR_NT4'
Creating account: sales1
Error: SID not set for unix group 1001
check if your unix group is mapped to an NT group
[2005/07/14 12:18:58, 0] utils/net_rpc_samsync.c:fetch_account_info(527)
fetch_account: Running the command `/usr/local/sbin/smbldap-useradd -a
-m 'sales1'' gave 7 Could not create posix account info for 'sales1'
Creating account: sales2
Error: SID not set for unix group 1001
check if your unix group is mapped to an NT group
[2005/07/14 12:18:58, 0] utils/net_rpc_samsync.c:fetch_account_info(527)
fetch_account: Running the command `/usr/local/sbin/smbldap-useradd -a
-m 'sales2'' gave 7 Could not create posix account info for 'sales2'
Creating account: acct1
Error: SID not set for unix group 1001
check if your unix group is mapped to an NT group
[2005/07/14 12:18:59, 0] utils/net_rpc_samsync.c:fetch_account_info(527)
fetch_account: Running the command `/usr/local/sbin/smbldap-useradd -a
-m 'acct1'' gave 7 Could not create posix account info for 'acct1'
Creating account: acct2
Error: SID not set for unix group 1001
check if your unix group is mapped to an NT group
[2005/07/14 12:18:59, 0] utils/net_rpc_samsync.c:fetch_account_info(527)
fetch_account: Running the command `/usr/local/sbin/smbldap-useradd -a
-m 'acct2'' gave 7 Could not create posix account info for 'acct2'
Creating account: sles9$
Can't call method "get_value" on an undefined value at
/usr/local/sbin/smbldap-useradd line 171, <DATA> line 283.
[2005/07/14 12:19:00, 0] utils/net_rpc_samsync.c:fetch_account_info(527)
fetch_account: Running the command `/usr/local/sbin/smbldap-useradd -a
-w 'sles9$'' gave 3 Could not create posix account info for 'sles9$'
[2005/07/14 12:19:00, 0]
utils/net_rpc_samsync.c:fetch_group_mem_info(675)
Could not find global group 512
[2005/07/14 12:19:00, 0]
utils/net_rpc_samsync.c:fetch_group_mem_info(675)
Could not find global group 513
[2005/07/14 12:19:00, 0]
utils/net_rpc_samsync.c:fetch_group_mem_info(675)
Could not find global group 514
[2005/07/14 12:19:00, 0]
utils/net_rpc_samsync.c:fetch_group_mem_info(675)
Could not find global group 1006
[2005/07/14 12:19:00, 0]
utils/net_rpc_samsync.c:fetch_group_mem_info(675)
Could not find global group 1007
Fetching BUILTIN database
skipping SAM_DOMAIN_INFO delta for 'Builtin' (is not my domain) Creating
unix group: 'Account Operators'
Creating unix group: 'Administrators'
Creating unix group: 'Backup Operators'
Creating unix group: 'Guests'
Creating unix group: 'Print Operators'
Creating unix group: 'Replicator'
Creating unix group: 'Server Operators'
Creating unix group: 'Users'
-----------------------------------------------------
-----------------------------------------------------
-----------------------------------------------------
dn: dc=kblan,dc=com
o: kblan
objectClass: top
objectClass: dcObject
objectClass: organization
dc: kblan
structuralObjectClass: organization
entryUUID: 687e7638-88fe-1029-9da2-f722ce3ce348
creatorsName: cn=admin,dc=kblan,dc=com
createTimestamp: 20050714220017Z
entryCSN: 20050714220017Z#000001#00#000000
modifiersName: cn=admin,dc=kblan,dc=com
modifyTimestamp: 20050714220017Z
dn: cn=admin,dc=kblan,dc=com
objectClass: organizationalRole
cn: admin
description: Directory Manager
structuralObjectClass: organizationalRole
entryUUID: 6de29668-88fe-1029-9da3-f722ce3ce348
creatorsName: cn=admin,dc=kblan,dc=com
createTimestamp: 20050714220026Z
entryCSN: 20050714220026Z#000001#00#000000
modifiersName: cn=admin,dc=kblan,dc=com
modifyTimestamp: 20050714220026Z
dn: ou=People,dc=kblan,dc=com
objectClass: top
objectClass: organizationalUnit
ou: People
structuralObjectClass: organizationalUnit
entryUUID: 6de4661e-88fe-1029-9da4-f722ce3ce348
creatorsName: cn=admin,dc=kblan,dc=com
createTimestamp: 20050714220026Z
entryCSN: 20050714220026Z#000002#00#000000
modifiersName: cn=admin,dc=kblan,dc=com
modifyTimestamp: 20050714220026Z
dn: ou=Groups,dc=kblan,dc=com
objectClass: top
objectClass: organizationalUnit
ou: Groups
structuralObjectClass: organizationalUnit
entryUUID: 6de7c412-88fe-1029-9da5-f722ce3ce348
creatorsName: cn=admin,dc=kblan,dc=com
createTimestamp: 20050714220026Z
entryCSN: 20050714220026Z#000003#00#000000
modifiersName: cn=admin,dc=kblan,dc=com
modifyTimestamp: 20050714220026Z
dn: ou=Idmap,dc=kblan,dc=com
objectClass: top
objectClass: organizationalUnit
ou: Idmap
structuralObjectClass: organizationalUnit
entryUUID: 6de9274e-88fe-1029-9da6-f722ce3ce348
creatorsName: cn=admin,dc=kblan,dc=com
createTimestamp: 20050714220026Z
entryCSN: 20050714220026Z#000004#00#000000
modifiersName: cn=admin,dc=kblan,dc=com
modifyTimestamp: 20050714220026Z
dn: ou=Domains,dc=kblan,dc=com
objectClass: top
objectClass: organizationalUnit
ou: Domains
structuralObjectClass: organizationalUnit
entryUUID: 6dea3954-88fe-1029-9da7-f722ce3ce348
creatorsName: cn=admin,dc=kblan,dc=com
createTimestamp: 20050714220026Z
entryCSN: 20050714220026Z#000005#00#000000
modifiersName: cn=admin,dc=kblan,dc=com
modifyTimestamp: 20050714220026Z
dn: cn=NextFreeUnixId,dc=kblan,dc=com
objectClass: inetOrgPerson
objectClass: sambaUnixIdPool
cn: NextFreeUnixId
sn: NextFreeUnixId
structuralObjectClass: inetOrgPerson
entryUUID: 70fd6fa8-88fe-1029-9da8-f722ce3ce348
creatorsName: cn=admin,dc=kblan,dc=com
createTimestamp: 20050714220031Z
uidNumber: 1009
gidNumber: 1013
entryCSN: 20050714220152Z#000001#00#000000
modifiersName: cn=admin,dc=kblan,dc=com
modifyTimestamp: 20050714220152Z
dn: sambaDomainName=DOMAIN,dc=kblan,dc=com
sambaDomainName: DOMAIN
sambaSID: S-1-5-21-1348277581-813059936-1947940980
sambaAlgorithmicRidBase: 1000
objectClass: sambaDomain
structuralObjectClass: sambaDomain
entryUUID: 952711c2-88fe-1029-9da9-f722ce3ce348
creatorsName: cn=admin,dc=kblan,dc=com
createTimestamp: 20050714220132Z
entryCSN: 20050714220132Z#000001#00#000000
modifiersName: cn=admin,dc=kblan,dc=com
modifyTimestamp: 20050714220132Z
dn: cn=Domain Admins,ou=Groups,dc=kblan,dc=com
objectClass: posixGroup
cn: Domain Admins
gidNumber: 1000
structuralObjectClass: posixGroup
entryUUID: 95b0fffe-88fe-1029-9daa-f722ce3ce348
creatorsName: cn=admin,dc=kblan,dc=com
createTimestamp: 20050714220133Z
entryCSN: 20050714220133Z#000002#00#000000
modifiersName: cn=admin,dc=kblan,dc=com
modifyTimestamp: 20050714220133Z
dn: cn=Domain Users,ou=Groups,dc=kblan,dc=com
objectClass: posixGroup
cn: Domain Users
gidNumber: 1001
structuralObjectClass: posixGroup
entryUUID: 96454ccc-88fe-1029-9dab-f722ce3ce348
creatorsName: cn=admin,dc=kblan,dc=com
createTimestamp: 20050714220134Z
entryCSN: 20050714220134Z#000002#00#000000
modifiersName: cn=admin,dc=kblan,dc=com
modifyTimestamp: 20050714220134Z
dn: cn=Domain Guests,ou=Groups,dc=kblan,dc=com
objectClass: posixGroup
cn: Domain Guests
gidNumber: 1002
structuralObjectClass: posixGroup
entryUUID: 96d6d426-88fe-1029-9dac-f722ce3ce348
creatorsName: cn=admin,dc=kblan,dc=com
createTimestamp: 20050714220135Z
entryCSN: 20050714220135Z#000002#00#000000
modifiersName: cn=admin,dc=kblan,dc=com
modifyTimestamp: 20050714220135Z
dn: cn=Sales,ou=Groups,dc=kblan,dc=com
objectClass: posixGroup
cn: Sales
gidNumber: 1003
structuralObjectClass: posixGroup
entryUUID: 9768ff90-88fe-1029-9dad-f722ce3ce348
creatorsName: cn=admin,dc=kblan,dc=com
createTimestamp: 20050714220136Z
entryCSN: 20050714220136Z#000002#00#000000
modifiersName: cn=admin,dc=kblan,dc=com
modifyTimestamp: 20050714220136Z
dn: cn=Accounting,ou=Groups,dc=kblan,dc=com
objectClass: posixGroup
cn: Accounting
gidNumber: 1004
structuralObjectClass: posixGroup
entryUUID: 97f9c0e8-88fe-1029-9dae-f722ce3ce348
creatorsName: cn=admin,dc=kblan,dc=com
createTimestamp: 20050714220137Z
entryCSN: 20050714220137Z#000002#00#000000
modifiersName: cn=admin,dc=kblan,dc=com
modifyTimestamp: 20050714220137Z
dn: cn=Account Operators,ou=Groups,dc=kblan,dc=com
objectClass: posixGroup
cn: Account Operators
gidNumber: 1005
structuralObjectClass: posixGroup
entryUUID: 9d829eea-88fe-1029-9db1-f722ce3ce348
creatorsName: cn=admin,dc=kblan,dc=com
createTimestamp: 20050714220146Z
entryCSN: 20050714220146Z#000002#00#000000
modifiersName: cn=admin,dc=kblan,dc=com
modifyTimestamp: 20050714220146Z
dn: cn=Administrators,ou=Groups,dc=kblan,dc=com
objectClass: posixGroup
cn: Administrators
gidNumber: 1006
structuralObjectClass: posixGroup
entryUUID: 9e0738a8-88fe-1029-9db2-f722ce3ce348
creatorsName: cn=admin,dc=kblan,dc=com
createTimestamp: 20050714220147Z
entryCSN: 20050714220147Z#000002#00#000000
modifiersName: cn=admin,dc=kblan,dc=com
modifyTimestamp: 20050714220147Z
dn: cn=Backup Operators,ou=Groups,dc=kblan,dc=com
objectClass: posixGroup
cn: Backup Operators
gidNumber: 1007
structuralObjectClass: posixGroup
entryUUID: 9e8cb58c-88fe-1029-9db3-f722ce3ce348
creatorsName: cn=admin,dc=kblan,dc=com
createTimestamp: 20050714220148Z
entryCSN: 20050714220148Z#000002#00#000000
modifiersName: cn=admin,dc=kblan,dc=com
modifyTimestamp: 20050714220148Z
dn: cn=Guests,ou=Groups,dc=kblan,dc=com
objectClass: posixGroup
cn: Guests
gidNumber: 1008
structuralObjectClass: posixGroup
entryUUID: 9f10d934-88fe-1029-9db4-f722ce3ce348
creatorsName: cn=admin,dc=kblan,dc=com
createTimestamp: 20050714220149Z
entryCSN: 20050714220149Z#000001#00#000000
modifiersName: cn=admin,dc=kblan,dc=com
modifyTimestamp: 20050714220149Z
dn: cn=Print Operators,ou=Groups,dc=kblan,dc=com
objectClass: posixGroup
cn: Print Operators
gidNumber: 1009
structuralObjectClass: posixGroup
entryUUID: 9f95926e-88fe-1029-9db5-f722ce3ce348
creatorsName: cn=admin,dc=kblan,dc=com
createTimestamp: 20050714220150Z
entryCSN: 20050714220150Z#000001#00#000000
modifiersName: cn=admin,dc=kblan,dc=com
modifyTimestamp: 20050714220150Z
dn: cn=Replicator,ou=Groups,dc=kblan,dc=com
objectClass: posixGroup
cn: Replicator
gidNumber: 1010
structuralObjectClass: posixGroup
entryUUID: a01da9ec-88fe-1029-9db6-f722ce3ce348
creatorsName: cn=admin,dc=kblan,dc=com
createTimestamp: 20050714220150Z
entryCSN: 20050714220150Z#000003#00#000000
modifiersName: cn=admin,dc=kblan,dc=com
modifyTimestamp: 20050714220150Z
dn: cn=Server Operators,ou=Groups,dc=kblan,dc=com
objectClass: posixGroup
cn: Server Operators
gidNumber: 1011
structuralObjectClass: posixGroup
entryUUID: a0a17bbe-88fe-1029-9db7-f722ce3ce348
creatorsName: cn=admin,dc=kblan,dc=com
createTimestamp: 20050714220151Z
entryCSN: 20050714220151Z#000002#00#000000
modifiersName: cn=admin,dc=kblan,dc=com
modifyTimestamp: 20050714220151Z
dn: cn=Users,ou=Groups,dc=kblan,dc=com
objectClass: posixGroup
cn: Users
gidNumber: 1012
structuralObjectClass: posixGroup
entryUUID: a12aca0e-88fe-1029-9db8-f722ce3ce348
creatorsName: cn=admin,dc=kblan,dc=com
createTimestamp: 20050714220152Z
entryCSN: 20050714220152Z#000002#00#000000
modifiersName: cn=admin,dc=kblan,dc=com
modifyTimestamp: 20050714220152Z
More information about the samba
mailing list