[Samba] Does or doesn't vampiring users add them into multipl
e groups at the same time?
Geoff Scott
geoffs at guestshire.com
Wed May 11 02:29:10 GMT 2005
John H Terpstra wrote:
> On Tuesday 10 May 2005 01:33, Geoff Scott wrote:
>> Hi all,
>>
>> The new NT migration chapter of Samba guide seems to indicate in the
>> migration Log Validation (section 9.3.1.1) that users get added to
>> all
>> the same groups that they were in under the NT4 domain. However I am
>> not seeing this despite having had a seemingly successful migration.
>> All my users get added into the Domain User group but not into any
>> other group. Is the text below now wrong or right????
>
> If you use version 3.0.12 or later, for most migrations the
> multi-group info should transfer OK. I am now aware that if the NT4
> domain is post SP5 on some migrations multi-group info is not
> transferred and some account (both user and machine) password entries
> are not transferred either.
>
> Maybe Andrew Bartlett will chime in on this?
OK. After testing this out on a vanilla system that I built to test out the
changes to chapter 9 for you John, it appears that on a system configured
like this:
Ubuntu Hoary
All ldap, nss_ldap, etc obtained from Ubuntu sources
Samba 3.0.13 Debian stable from samba.planetmirror.com
smbldap-tools-0.8.7.tgz
Users in ou=People,dc=guestshire,dc=com etc
And the adduser script like this:
add user script = /opt/IDEALX/sbin/smbldap-useradd -m '%u'
NT4 server system SP6a
vampiring users works %100, there are absolutely no errors in the error log,
and the vampire log show the users being added to the multiple groups
successfully. The users all have sambaLMPassword & sambaNTPassword set
properly and *all* old settings are brought across.
So what is the difference between the 2 servers? The differences are these:
The "add user script =" has "smbldap-useradd -a -m '%u'" I added a "-a"
after looking at the output of "smbldap-useradd -?" as that coupled with The
*OLD* version of the NT migration chapter (I thought that the omission of
that in the NEW sample chapter 9 smb.conf was a typo) seemed to indicate
that only POSIX attributes would be added if the "-a" was left out.
However, adding the "-a" to the smbldap-useradd script in the smb.conf
results in errors along the lines of "user already exists with samba
attributes" in the vampire error log and no multiple group membership, no
passwords, no sambaHomeDrive, no sambaMungedDial and so on.
My users are in ou=Users,ou=OxObjects,dc=guestsfurniturehire,dc=com,dc=au to
fit in with OpenExchange.
I am using samba 3.0.14a
I am using smbldap-tools-0.8.8.tgz (which as you mentioned to me recently
appear to be broken)
The questions I now ask are these:
Is the subtraction of "-a" for the smbldap-useradd script only for the
migration? Does it need to be added back in later?
Can the smbldap-tools cope with an extra "ou" ?
If after testing some of my findings on the non-vanilla server and finding
them to work can I set the NetBIOS aliases to include the old server name as
the sambaHomeDrive directive in LDAP after vampiring lists the path as
\\oldserver\username . How can I work around old settings such as these?
I will now go and test against the non-vanilla server.
Regards Geoff Scott
More information about the samba
mailing list