[Samba] Domain Member Server passdb Migration/Change
Tom Robinson
trobinson at intelligentspace.com
Sat Jan 27 12:01:41 GMT 2007
That makes sense. I'm running on x86_64 and only see the i386 version on
samba.org. Anyway I found out my problem.
I should keep my trap shut until I gather the facts. And so, the missing
macros are in the redhat-rpm-config rpm. With that installed, the
rpmbuild -ba samba.spec worked perfectly without modification to the
spec file. I'm re-compiling again now with a new release number so I can
freshen up the system with the --with-ldapsam option enabled.
Later I may upgrade to 3.0.23d as you have done.
Thanks so far
Tom
Jason Baker wrote:
> I used a pre-packaged samba rpm for CentOs 4.4 (RHEL 4). The rpm is:
>
> samba3-3.0.23d-30
>
> I simply installed the rpm via rpm -Uvh and all worked fine. I used a
> pre-packaged version of LDAP also openldap2.3.
> I don't typically install from source unless there is no rpm available.
> I do much of my package management through YUM and find prepackaged
> rpm's very easy to deal with.
>
> *Jason Baker
> */IT Coordinator/
>
>
> *Glastender Inc.*
> 5400 North Michigan Road
> Saginaw, Michigan 48604 USA
> 800.748.0423
> Phone: 989.752.4275 ext. 228
> Fax: 989.752.4444
> www.glastender.com <http://www.glastender.com>
>
>
>
> Tom Robinson wrote:
>> Jason,
>>
>> I migrated the /etc/samba/smbpasswd, /etc/passwd, /etc/group and
>> shadow files and all is working great on the NEW Domain Member Server.
>> :-)
>>
>> Now I think it would be easier in the long run to use the PDC for
>> centralized authentication as we are contemplating adding a third
>> server later.
>>
>> I find I have to re-compile from src rpm to get the --with-ldapsam
>> option switched on. The only problem now is that the rpm spec file is
>> not clean and fails at the package at the install phase because some
>> directories are not created. %{_initrddir} is not defined and
>> /etc/samba is not created in the RPM_BUILD_ROOT during rpmbuild. I
>> defined these and got another error now about /etc/pam.d! It makes me
>> wonder about the people maintaining the rpms.
>>
>> Did you compile from source or build from rpm? (Actually, everything
>> compiles for me; just the rpmbuild won't do the final packaging due to
>> poorly maintained samba.spec file). :-( Anyone with a valid rpm
>> samba.spec file out there?
>>
>> This may take a bit longer than I want just to get the code compiled.
>> Later I may need some help with the settings in smb.conf.
>>
>> Cheers,
>>
>> Tom
>>
>> Jason Baker wrote:
>>> I used a combination of: Samba-3 by Example, The Official Samba How
>>> To, The Linux Samba Open LDAP How To (by IdealX) and lots of googling
>>> and asking questions on the Samba mailing list. It took about a week
>>> to get everything configured and working (but I had to setup the
>>> Samba PDC too). The LDAP portion should only take a couple days if
>>> you've already got a Samba PDC working. I would refer mostly to the
>>> Samba-3 by Example text (available on-line, just do a Google search).
>>> It may not take you as long if you have experience setting up LDAP
>>> and Samba as a PDC. I was basically starting from scratch. If you get
>>> stuck, post a message here or email me directly. Good luck.
>>>
>>> *Jason Baker
>>> */IT Coordinator/
>>>
>>>
>>> *Glastender Inc.*
>>> 5400 North Michigan Road
>>> Saginaw, Michigan 48604 USA
>>> 800.748.0423
>>> Phone: 989.752.4275 ext. 228
>>> Fax: 989.752.4444
>>> www.glastender.com <http://www.glastender.com>
>>>
>>>
>>>
>>> Tom Robinson wrote:
>>>> Thanks! Can you point me to any good HOWTO's?
>>>>
>>>> Jason Baker wrote:
>>>>> You might consider taking this moment to migrate to an LDAP
>>>>> backend, then you can change member servers and not have to worry
>>>>> about migrating the passdb file. I just built a new PDC and a
>>>>> member server as a file server. LDAP allows for single-sign-on. Its
>>>>> very challenging to implement, but you will be well rewarded.
>>>>>
>>>>> *Jason Baker
>>>>> */IT Coordinator/
>>>>>
>>>>>
>>>>> *Glastender Inc.*
>>>>> 5400 North Michigan Road
>>>>> Saginaw, Michigan 48604 USA
>>>>> 800.748.0423
>>>>> Phone: 989.752.4275 ext. 228
>>>>> Fax: 989.752.4444
>>>>> www.glastender.com <http://www.glastender.com>
>>>>>
>>>>>
>>>>>
>>>>> Tom Robinson wrote:
>>>>>> Hi,
>>>>>>
>>>>>> We have a linux/samba only domain serving files to about 16-18
>>>>>> Windows clients (mostly XP, a few W2K).
>>>>>>
>>>>>> PDC:
>>>>>> SuSE OpenXchange 4.4
>>>>>> samba 2.2.8a
>>>>>> openldap 2.1.4
>>>>>>
>>>>>> Domain Member Server
>>>>>> Fedora Core 1
>>>>>> samba 3.0.10
>>>>>>
>>>>>> Currently the Domain Member Server uses the default passdb backend
>>>>>> (/etc/samba/smbpasswd). Each user in the ldap directory on the PDC
>>>>>> has a duplicate entry in both the /etc/samba/smbpasswd and
>>>>>> /etc/passwd on the Domain Member Server. All this works great. ;-)
>>>>>>
>>>>>> We're migrating to a new server to replace the Domain Member Server.
>>>>>>
>>>>>> NEW Domain Member Server
>>>>>> CentOS 4.4
>>>>>> samba 3.0.10
>>>>>>
>>>>>> I'm assuming I can just copy the /etc/samba/smbpasswd and
>>>>>> /etc/passwd from the old Domain Member Server to the new one. Will
>>>>>> this work?
>>>>>>
>>>>>> What would I have to do to activate the domain membership of the
>>>>>> NEW Domain Member Server?
>>>>>>
>>>>>> Another question is, is there a way to link directly into the PDC
>>>>>> for authentication so that I don't have to use the
>>>>>> /etc/samba/smbpasswd and /etc/passwd databases?
>>>>>>
>>>>>>
>>>>>> Thanks in advance,
>>>>>>
>>>>>> Tom Robinson
>>>>>>
>>>>>> -----
>>>>>> PDC smb.conf
>>>>>> [global]
>>>>>> server string = pdc
>>>>>> add user script = /usr/sbin/addsmbmachine2ldap %m
>>>>>> username map = /etc/samba/smbusers
>>>>>> admin users = administrator root
>>>>>> domain admin group = @domaingroup
>>>>>> domain logons = yes
>>>>>> domain master = yes
>>>>>> hosts allow = xxx.xxx.xxx.
>>>>>> bind interfaces only = yes
>>>>>> interfaces = xxx.xxx.xxx.xxx
>>>>>> encrypt passwords = yes
>>>>>> ldap admin dn = uid=user,dc=somedomain,dc=com
>>>>>> ldap del only sam attr = Yes
>>>>>> ldap filter = (&(uid=%u)(objectclass=sambaAccount))
>>>>>> ldap port = 389
>>>>>> ldap server = localhost
>>>>>> ldap ssl = No
>>>>>> ldap suffix = dc=somedomain,dc=com
>>>>>> log file = /var/log/samba/%m.log
>>>>>> log level = 1
>>>>>> max log size = 0
>>>>>> logon script = logon.bat
>>>>>> logon home = \\%L\%U
>>>>>> logon path = \\%L\profiles\%U
>>>>>> os level = 255
>>>>>> preferred master = yes
>>>>>> printcap name = CUPS
>>>>>> printing = CUPS
>>>>>> security = user
>>>>>> socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
>>>>>> syslog = 0
>>>>>> time server = yes
>>>>>> unix extensions = yes
>>>>>> veto files = /*.eml/*.nws/riched20.dll/*.{*}/
>>>>>> wins support = yes
>>>>>> workgroup = DOMAIN
>>>>>> netbios aliases = pdc
>>>>>> netbios name = pdc
>>>>>>
>>>>>> Domain Member Server smb.conf
>>>>>> [global]
>>>>>> server string = %h :-)
>>>>>> netbios name = dms
>>>>>> workgroup = DOMAIN
>>>>>>
>>>>>> security = server
>>>>>> password server = pdc
>>>>>> encrypt passwords = Yes
>>>>>> null passwords = yes
>>>>>>
>>>>>> guest ok = no
>>>>>>
>>>>>> wins support = no
>>>>>> wins proxy = no
>>>>>> wins server = xxx.xxx.xxx.xxx
>>>>>>
>>>>>> domain master = no
>>>>>> local master = no
>>>>>> preferred master = no
>>>>>> os level = 0
>>>>>>
>>>>>> log level = 0
>>>>>> log file = /var/log/samba/%m.log
>>>>>> max log size = 0
>>>>>>
>>>>>> bind interfaces only = yes
>>>>>> interfaces = xxx.xxx.xxx.xxx
>>>>>> smb ports = 139
>>>>>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>>>>>>
>>>>>>
>>>>
>>>>
>>
>>
More information about the samba
mailing list