[Samba] net vampire and WIn2003 AD

Liutauras Adomaitis liutauras.adomaitis at gmail.com
Sat May 9 15:05:57 GMT 2009 

Hello Samba People,

it is my first letter to Samba ML, so first of all - thanks Samba team for a
great SW.

Now the question:
I want to migrate from Win2003 AD to Samba 3.3.2. I want to use net vampire
feature to import all account information (is there any other way to do
it?). Net vampire works partly - in the direct meaning of this word - it is
importing only 131 objects. How come?

Full story:
Samba is configured with OpenLdap and smbldap-tools. They are working. Then
I launch:
net rpc vampire ldif <connection parameters to win server>
it instantly gives me:
Fetching (to ldif) DOMAIN database
Failed to fetch DOMAIN database: NT_STATUS_SYNCHRONIZATION_REQUIRED
nothing is vampired.

if I run command without ldif, it imports 131 objects and then gives me the
same:
..... 131 time ....
Creating account: lalalala
Failed to fetch DOMAIN database: NT_STATUS_SYNCHRONIZATION_REQUIRED

Windows server gives me two event messages after that:
Event ID: 5713:
The full synchronization request from the server SERVER completed
successfully. 131 object(s) has(have) been returned to the caller.
And the other Warning:
Event ID 5714
The full synchronization request from the server SERVER failed with the
following error:
This replicant database is outdated; synchronization is required.

If I check LDAP database - it is filled with imported data. The only thing I
miss is LM password, but this is not a problem, since I can reset passwords.

What is interesting - I thought there is some objects with national
characters and I tried to deleted some unused objects from AD. I did this
kind of cleaning several times and every time I do vampire i have imported
131 objects (atleast windows say that, I did not count). After each cleaning
vampire fails on the different object, but on 131st. I tried sorting AD
objects by modification date, but this did not give me  a clue about why
import stops after 131 objects.

I can provide full info of my samba setup, but I guess my setup is ok, since
some objects are imported. (where some things net rpc vampire command said
to me,like: smb_set_primary_group: gave 1, but I don't think this is a
problem, because import doesn't stop on this mesages.

There is a porblem, why vampire imports just part of the accounts.
Why net rpc vampire ldif give error instantly and doesn't import anything,
but net rpc vampire (without keyword ldif0 starts working?

thanks for your time
Liutauras

More information about the samba mailing list