[Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04
Vladimir Psenicka
vladimir.psenicka at prodeco.cz
Thu Apr 8 05:57:04 MDT 2010
You have in gg-edited.ldif (first error on line 52):
dn: uid=Christian Sanvi,dc=Sistemi
Informativi,dc=People,dc=GG-s-Domain,dc=it
structuralObjectClass: inetOrgPerson
entryUUID: e969a5fc-584e-1027-9dc7-fa88d05ed16f
creatorsName: cn=Manager,dc=GG-s-Domain,dc=it
createTimestamp: 20030801093311Z
objectClass: inetOrgPerson
objectClass: person
objectClass: sambaAccount
objectClass: qmailUser
objectClass: posixAccount
objectClass: shadowAccount
Dou you have all apropriate schemas in your slapd.conf and in
/etc/ldap/schema/ on your new server? You should have all schemas in new
slapd.conf as you had in slapd.conf on old server...qmail schema etc...
Dne 8.4.2010 11:44, GG napsal(a):
> Hello Vladimir and NG,
>
> I added samba.schema and removed the "" and it imported ldif without
> saying anything about groups now :-)
>
> There are some warnings I am attaching.
>
> It moans about
> str2entry: invalid value for attributeType objectClass #3 (syntax
> 1.3.6.1.4.1.1466.115.121.1.38)
> slapadd: could not parse entry (line=11937)
> and if I look at the ldif I find this
> dn: uid=someuid,dc=Filiali,dc=People,dc=domain,dc=it
>
> and other error
> slapadd: could not parse entry (line=11116)
> <= str2entry: str2ad(mailHost): attribute type undefined
> this is the line in ldfi...
>
> dn: uid=otheruid,dc=Esterni,dc=People,dc=domain,dc=it
> cn: otheruid
>
> But the line is always the dn:
> uid=someuid,dc=SomeSubDc,dc=People,dc=domain,dc=it
>
> but reading mailHost: I have a line in many accounts with maildir and
> mail host etc that I don't need any more; shall I remove lines
> containing mail attributes? (mytextools.com <http://mytextools.com> is
> great but I suppose there must be some regular expression too)
>
> I did a slapcat from destination server and it imported groups but no
> actual users.
>
> I removed mail alternate attibutes (not mail: as it used for creating
> alias from ldap into mail server) anyway the error seems to be in the
> DN. it needs a dn but it gives this error
> str2entry: invalid value for attributeType objectClass #3 (syntax
> 1.3.6.1.4.1.1466.115.121.1.38)
> slapadd: could not parse entry (line=1)
>
> importing a single user from a partial ldif..
>
>
> Giorgio
>
> On 4/8/10, Vladimir Psenicka <vladimir.psenicka at prodeco.cz
> <mailto:vladimir.psenicka at prodeco.cz>> wrote:
>> 1. comments to slapd.conf:
>>
>> if slapd.conf.destination is on your new server, then you are missing
>> samba schema in your slapd.conf.destination.
>>
>> slapd.conf on new server:
>> ....
>> include /etc/ldap/schema/samba.schema
>> ....
>>
>> Get samba.schema from your current samba instalation on new server. It
>> should be in somewhere in: /usr/share/doc/samba-doc/examples/LDAP/
>>
>> 2. comments on error importing ldif:
>>
>> slapadd-ing.LOG:
>>
>> slapadd: dn="dc=People,dc=GG-s-Domain,dc=it" (line=26): (64) value of
>> naming attribute 'dc' is not present in entry
>>
>> which is in gg-edited.ldif:
>>
>> dn: dc=People,dc=GG-s-Domain,dc=it
>> objectClass: dcObject
>> objectClass: organizationalUnit
>> ou: "People"
>> dc: "People"
>> structuralObjectClass: organizationalUnit
>> entryUUID: 067e823e-5845-1027-9dc5-fa88d05ed16f
>> creatorsName: cn=Manager,dc=GG-s-Domain,dc=it
>> createTimestamp: 20030801082225Z
>> entryCSN: 2003080108:22:25Z#0x0001#0#0000
>> modifiersName: cn=Manager,dc=GG-s-Domain,dc=it
>> modifyTimestamp: 20030801082225Z
>>
>> Can you try delete quotes in ou: "People" and dc: "People" and try to
>> import ldif again? Or you can try delete objectClass: dcObject and dc:
>> "People". In our ldap we haven't objectClass: dcObject in dn:
>> ou=Users,dc=pavouk,dc=cz
>>
>> my ldif:
>>
>> dn: ou=Users,dc=pavouk,dc=cz
>> objectClass: organizationalUnit
>> ou: Users
>> structuralObjectClass: organizationalUnit
>> entryUUID: 00014016-c3a2-1029-9d4e-9147cb3e97d5
>> creatorsName: cn=Manager,dc=pavouk,dc=cz
>> createTimestamp: 20050927125727Z
>> entryCSN: 20050927125727.000000Z#000001#000#000000
>> modifiersName: cn=Manager,dc=pavouk,dc=cz
>> modifyTimestamp: 20050927125727Z
>>
>>
>>
>>
>> Dne 7.4.2010 16:14, GG napsal(a):
>> > Hello Vladimir and anyone else reading :-) !
>> >
>> > Attaching these files:
>> >
>> > - gg-edited.ldif
>> > - slapd.conf.destination.txt
>> > - slapd.conf.source.txt
>> > - ldap.conf.destination.txt
>> > - ldap.conf.source.txt
>> > - slapadd-ing.LOG this was the log while importing ldif
>> >
>> >
>> > NET SID ETC
>> > net setlocalsid
> S-1-5-21-1168...........-..................-...............2
>> > net setdomainsid
> S-1-5-21-1168...........-..................-...............1
>> >
>> > does net setlocal and domain sid have sense or should it be
>> > net setdomainsid
>> > twice with different sids?
>> >
>> > Thanks very much!
>> >
>> > Giorgio
>> >
>> > On 4/6/10, Vladimir Psenicka <vladimir.psenicka at prodeco.cz
> <mailto:vladimir.psenicka at prodeco.cz>> wrote:
>> >> Hi Gorgio
>> >>
>> >> Dne 2.4.2010 17:01, GG napsal(a):
>> >>> Hi all,
>> >>>
>> >>> So I have
>> >>> openldap2-2.1.12-74
>> >>> samba-2.2.7a-72
>> >>>
>> >>> I would like to migrate this existing PDC service to a new server and
>> >>> to current production / stable releases (especially for windows 7
>> >>> joining to the domain).
>> >>>
>> >>> New server is Debian Lenny stable.
>> >>>
>> >>> I have exported the domain SID, and ldap.ldif
>> >>>
>> >>> Now lets get down to it :-)
>> >>> Before importing should I do something about organizational units
> and so? How?
>> >>>
>> >>>> Import only data to LDAP no configs (slapcat->slapadd)
>> >>> slapadd -c -l slapcat.ldif
>> >>> I did this but attached errors showed up.
>> >>>
>> >>> Error, entries missing!
>> >>> entry 3: dc=people,dc=ExampleDomain,dc=it
>> >>> entry 4: dc=groups,dc=people,dc=ExampleDomain,dc=it
>> >>
>> >> Can you post first 100 lines of your ldif you try to import? You
>> >> probably missing some base ldif.
>> >>
>> >>>
>> >>>
>> >>> I know nothing about ldap, but my ldap is probably missing some pre
>> >>> required settings ? :-/
>> >>>
>> >>
>> >> Can you post slapd.conf also?
>> >>
>> >>
>> >>> Cheers!
>> >>> Giorgio
>> >>>
>> >>>> Configs yes, live data no, but if you have ldap it *should* be
> enough to
>> >>>> import ldif from old server, configure samba to use ldap and run
> smbpasswd
>> >>>> -W to store ldap admin dn pass to secrets.tdb. After that you can
> test if
>> >>>> samba see imported users in ldap (pdbedit -L).
>> >>>
>> >>>
>> >>>
>> >>>
>> >>>
>> >>>
>> >>> On 3/27/10, Vladimir Psenicka <vladimir.psenicka at prodeco.cz
> <mailto:vladimir.psenicka at prodeco.cz>> wrote:
>> >>>> On Fri, 26 Mar 2010 15:32:50 +0100, GG <jojomi at gmail.com
> <mailto:jojomi at gmail.com>> wrote:
>> >>>>> wow I made it!
>> >>>>>
>> >>>>> I copied net and all the libs it complained about from another suse
>> >>>>> server which was not missing it :-)
>> >>>>>
>> >>>>> [2010/03/26 15:07:37, 0] param/loadparm.c:map_parameter(2435)
>> >>>>> Unknown parameter encountered: "domain admin group"
>> >>>>> [2010/03/26 15:07:37, 0] param/loadparm.c:lp_do_parameter(3125)
>> >>>>> Ignoring unknown parameter "domain admin group"
>> >>>>> SID for domain ThisIsLikeTheHostNameOrMaybeAtestDomain???
>> >>>>> is: S-1-5-21-1bla bla
>> >>>>> SID for domain THISISMYDOMAIN is: S-1-5-other-bla bla
>> >>>>>
>> >>>>> Which shall I import?
>> >>>>>
>> >>>>
>> >>>> Import both for sure:-). First is localsid, second is domainsid
>> >>>>
>> >>>>> So now back to mail number 2 :-)
>> >>>>>
>> >>>>> LDAP: I exported ldif :-) now
>> >>>>> I copied /etc/groups passwd shadow aliases
>> >>>>>
>> >>>>> now on the new server:
>> >>>>>
>> >>>>> how do I import LDAP and all its configs,
>> >>>>> samba and all its configs are only in smb.conf?
>> >>>>>
>> >>>> Import only data to LDAP no configs (slapcat->slapadd)
>> >>>> Configs yes, live data no, but if you have ldap it *should* be
> enough to
>> >>>> import ldif from old server, configure samba to use ldap and run
> smbpasswd
>> >>>> -W to store ldap admin dn pass to secrets.tdb. After that you can
> test if
>> >>>> samba see imported users in ldap (pdbedit -L).
>> >>>>
>> >>>>> :-)
>> >>>>> Giorgio
>> >>>>>
>> >>>>>
>> >>>>>
>> >>>>> On 3/26/10, Vladimir Psenicka <vladimir.psenicka at prodeco.cz
> <mailto:vladimir.psenicka at prodeco.cz>> wrote:
>> >>>>>> Paste ldap admin dn or ldap suffix in your smb.conf
>> >>>>>>
>> >>>>>> Dne 26.3.2010 15:24, Vladimir Psenicka napsal(a):
>> >>>>>>> try this:
>> >>>>>>>
>> >>>>>>> ldapsearch -x -h localhost -D "cn=Manager,dc=WORKGROUP,dc=it"
> -W -b
>> >>>>>>> "sambaDomainName=WORKGROUP,dc=WORKGROUP,dc=it"
>> >>>>>>>
>> >>>>>>> Dne 26.3.2010 15:00, GG napsal(a):
>> >>>>>>>> Hello!
>> >>>>>>>>
>> >>>>>>>> I'm stuck on getdomainsid: Net command is missing even though
> libs
>> >>>> and
>> >>>>>>>> smbclient are installed.
>> >>>>>>>>
>> >>>>>>>> I tried this:
>> >>>>>>>> # ldapsearch -x -h localhost -D "cn=Manager,dc=domain,dc=it"
> -W -b
>> >>>>>>>> "sambaDomainName=WORKGROUP,dc=domain,dc=it"
>> >>>>>>>> Enter LDAP Password:
>> >>>>>>>> # extended LDIF
>> >>>>>>>> #
>> >>>>>>>> # LDAPv3
>> >>>>>>>> # base <sambaDomainName=WORKGROUP,dc=domain,dc=it> with scope sub
>> >>>>>>>> # filter: (objectclass=*)
>> >>>>>>>> # requesting: ALL
>> >>>>>>>> #
>> >>>>>>>>
>> >>>>>>>> # search result
>> >>>>>>>> search: 2
>> >>>>>>>> result: 34 Invalid DN syntax
>> >>>>>>>> text: invalid DN
>> >>>>>>>>
>> >>>>>>>> # numResponses: 1
>> >>>>>>>>
>> >>>>>>>> So: I'm not sure what is
> sambaDomainName=domain,dc=domain,dc=it...
>> >>>>>>>> I used WORKGROUP as it is the domain we use on pcs and the
> only one
>> >>>>>>>> defined in smb.conf
>> >>>>>>>>
>> >>>>>>>> I also tried using my pdc HOSTNAME
>> >>>>>>>>
>> >>>>>>>> and this was returned
>> >>>>>>>> # LDAPv3
>> >>>>>>>> # base <sambaDomainName=hostname,dc=domain,dc=it> with scope sub
>> >>>>>>>> # filter: (objectclass=*)
>> >>>>>>>> # requesting: ALL
>> >>>>>>>> #
>> >>>>>>>>
>> >>>>>>>> # search result
>> >>>>>>>> search: 2
>> >>>>>>>> result: 34 Invalid DN syntax
>> >>>>>>>> text: invalid DN
>> >>>>>>>>
>> >>>>>>>> # numResponses: 1
>> >>>>>>>>
>> >>>>>>>> Any way to get through this or how to use net command? Maybe
>> >>>> updating
>> >>>>>>>> samba-client?
>> >>>>>>>>
>> >>>>>>>> I tried rpm -i samba-client but it says
>> >>>>>>>> file /usr/share/man/man1/smbclient.1.gz from install of
>> >>>>>>>> samba-client-2.2.12-1.suse82 conflicts with file from package
>> >>>>>>>> samba-client-2.2.7a-72 when trying to rpm -i
>> >>>> samba-client-2.2.12-1.rpm
>> >>>>>>>>
>> >>>>>>>> I found also the original package but it says it is already
>> >>>> installed.
>> >>>>>>>>
>> >>>>>>>> What happens if I remove samba-client and reinstall it soon
> after on
>> >>>>>>>> the production pdc?
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>> Giorgio
>> >>>>>>>>
>> >>>>>>>> On 3/26/10, Vladimir Psenicka <vladimir.psenicka at prodeco.cz
> <mailto:vladimir.psenicka at prodeco.cz>> wrote:
>> >>>>>>>>> Dne 26.3.2010 13:50, GG napsal(a):
>> >>>>>>>>>> Hello!
>> >>>>>>>>>>
>> >>>>>>>>>>>> Have you samba-client package installed?
>> >>>>>>>>>>>>
>> >>>>>>>>>>
>> >>>>>>>>>> yes I do at least smbclient is there! but no net command :-/
>> >>>>>>>>>>
>> >>>>>>>>>>>> PAVOUK\psenicka at psenicka:~> rpm -qf `which net`
>> >>>>>>>>>>>> samba-client-3.5.1-4.1.x86_64
>> >>>>>>>>>>
>> >>>>>>>>>> So here are the issues encountered...
>> >>>>>>>>>> file /usr/share/man/man1/smbclient.1.gz from install of
>> >>>>>>>>>> samba-client-2.2.12-1.suse82 conflicts with file from package
>> >>>>>>>>>> samba-client-2.2.7a-72 when trying to rpm -i
>> >>>>>>>>>> samba-client-2.2.12-1.rpm
>> >>>>>>>>>> I found on net...
>> >>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> or you can dig domainsid from ldap
>> >>>>>>>>>>
>> >>>>>>>>>> This sounds interesting! How do I do that?
>> >>>>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>> modify to your needs (domain):
>> >>>>>>>>>
>> >>>>>>>>> ldapsearch -x -h ldap -D "cn=admin,dc=domain,dc=cz" -W -b
>> >>>>>>>>> "sambaDomainName=domain,dc=domain,dc=cz"
>> >>>>>>>>>
>> >>>>>>>>> sambaSID: is your domainsid
>> >>>>>>>>>
>> >>>>>>>>> or you can use phpldapadmin to manage you ldap from browser
>> >>>>>>>>>
>> >>>>>>>>>> Thanks very much!
>> >>>>>>>>>> Giorgio
>> >>>>>>>>>>
>> >>>>>>>>>> On 3/26/10, GG <jojomi at gmail.com <mailto:jojomi at gmail.com>>
> wrote<script
>> >>>> type="text/javascript"
>> >>>>
> src="https://mail.prodeco.cz/roundcube/program/js/tiny_mce/themes/advanced/langs/cs.js?s=1240817786"></script>:
>> >>>>>>>>>>> Hi!
>> >>>>>>>>>>>
>> >>>>>>>>>>> I'll be at it in a few minutes installing samba client / net
>> >>>>>>>>>>> command :-)
>> >>>>>>>>>>>
>> >>>>>>>>>>> I have a question about the samba sernet repos:
>> >>>>>>>>>>> Shall I apt-get remove samba and use
>> >>>>>>>>>>> http://enterprisesamba.com/index.php?id=148 +
>> >>>>>>>>>>> http://enterprisesamba.com/index.php?id=56
>> >>>>>>>>>>> instead from start?
>> >>>>>>>>>>>
>> >>>>>>>>>>> What is the real advantage of sernet? What about installing
>> >>>>>>>>>>> official
>> >>>>>>>>>>> samba.org <http://samba.org> packages, are there
> differences with sernet
>> >>>> (stability?)
>> >>>>>>>>>>> or
>> >>>>>>>>>>> is it just a more liberal repository?
>> >>>>>>>>>>>
>> >>>>>>>>>>> Also I read
>> >>>>>>>>>>>>>> Ensure that all local user and group accounts that are
> used by
>> >>>>>>>>>>>>>> samba
>> >>>>>>>>>>>>>> have the same uid/gid.
>> >>>>>>>>>>>
>> >>>>>>>>>>> Shall I copy /etc/shadow and /etc/passwd over? other files for
>> >>>>>>>>>>> groups
>> >>>>>>>>>>> and users?
>> >>>>>>>>>>>
>> >>>>>>>>>>> I use rsync --verbose --progress --stats --compress
> --rsh=ssh \
>> >>>>>>>>>>> --recursive --times --perms --links \
>> >>>>>>>>>>> --owner --group --devices --specials \
>> >>>>>>>>>>> --exclude-from '/root/exclude.txt (if any, not in
> this case
>> >>>> as
>> >>>>>>>>>>> I'm only syncing data dir)' \
>> >>>>>>>>>>> root at old_PDC:/DATA /DATA
>> >>>>>>>>>>>
>> >>>>>>>>>>> This should bring over every attribute set on files...
> correct?
>> >>>>>>>>>>>
>> >>>>>>>>>>> [[[did only partially in one case: I set up a twin install
> (fresh
>> >>>>>>>>>>> install then live cd and full rsync and after that I kept mbr,
>> >>>> but
>> >>>>>>>>>>> changed /boot and the /ect/fstab settings) and the server
> started
>> >>>>>>>>>>> etc.. LDAP did not work though: authentication was not
>> >>>> available...
>> >>>>>>>>>>> So I must be missing something or this rsync parameter set
> must
>> >>>> be
>> >>>>>>>>>>> missing something.. I had disconnected old PDC, set same
> IP and
>> >>>>>>>>>>> hostname to the VM well this worked well for other
>> >>>> virtualizations
>> >>>>>>>>>>> and
>> >>>>>>>>>>> in this PDC I need to upgrade to win7 compatible samba version
>> >>>>>>>>>>> anyway
>> >>>>>>>>>>> :-)
>> >>>>>>>>>>> This was another story but just to share it as it is an
> excellent
>> >>>>>>>>>>> way
>> >>>>>>>>>>> of migrating sometimes specially for machines you do not
> master
>> >>>> and
>> >>>>>>>>>>> this is my case very often.]]]
>> >>>>>>>>>>>
>> >>>>>>>>>>> Cheers,
>> >>>>>>>>>>> Giorgio
>> >>>>>>>>>>>
>> >>>>>>>>>>> On Fri, Mar 26, 2010 at 9:14 AM, Vladimir Psenicka
>> >>>>>>>>>>> <vladimir.psenicka at prodeco.cz
> <mailto:vladimir.psenicka at prodeco.cz>> wrote:
>> >>>>>>>>>>>> Hi
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> Dne 25.3.2010 17:41, GG napsal(a):
>> >>>>>>>>>>>>> Hello Vladimir, John and all the NG :-)
>> >>>>>>>>>>>>> Thanks so much for answering. I really hoped someone
> would :-)
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>> So I installed Debian latest stable netinst on the future
>> >>>>>>>>>>>>> production
>> >>>>>>>>>>>>> server and here are my issues in the quotes :-( no net
> command
>> >>>>>>>>>>>>> on my
>> >>>>>>>>>>>>> suse 8.2
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>> Cheers :-)
>> >>>>>>>>>>>>> Giorgio
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>>> On Thu, Mar 25, 2010 at 14:00, John H Terpstra
> <*@samba.org <http://samba.org>>
>> >>>>>>>>>>>>>> wrote:
>> >>>>>>>>>>>>>>> On 03/25/2010 03:33 AM, Vladimir Psenicka wrote:
>> >>>>>>>>>>>>>>> What about Debian Stable with Sernet samba repo, where you
>> >>>> can
>> >>>>>>>>>>>>>>> choose
>> >>>>>>>>>>>>>>> Samba 3.4.x or 3.5.x
>> >>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>> My hints on migrating to new server:
>> >>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>> 1. install new server (Samba,ldap etc.)
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>> done :-) Debian Stable netinst
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>>>> 2. set same hostname on new server
>> >>>>>>>>>>>>> My ignorance comes out :-)
>> >>>>>>>>>>>>> Must I set it different from the production server as FW
> points
>> >>>>>>>>>>>>> production.domain.com <http://production.domain.com> - I
> have clients using DNS=oldPDC and PDC
>> >>>>>>>>>>>>> forwards queries to FW. FW has pdc.domain.com
> <http://pdc.domain.com> defined to point
>> >>>>>>>>>>>>> to lan
>> >>>>>>>>>>>>> ip.
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> Ok, can be changed later
>> >>>>>>>>>>>>
>> >>>>>>>>>>>>>>> 3. export ldap data from old server and import them to new
>> >>>>>>>>>>>>>>> server
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>> slapcat -f /etc/openldap/ldap.conf -l /ldap.ldif
>> >>>>>>>>>>>>> OK
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>>> Ensure that all local user and group accounts that are
> used by
>> >>>>>>>>>>>>>> samba
>> >>>>>>>>>>>>>> have the same uid/gid.
>> >>>>>>>>>>>>> my ignorance again... another hint?
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>> 4. export SID (net getlocalsid) and set it on new
> server (net
>> >>>>>>>>>>>>>>> setlocalsid oldsid)
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>>> Note:
>> >>>>>>>>>>>>>> net getdomainsid (on old server)
>> >>>>>>>>>>>>>> net setdomainsid (on new server)
>> >>>>>>>>>>>>> thanks :-)
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>> # net getdomainsid
>> >>>>>>>>>>>>> -bash: net: command not found :-( and not found in yast
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>> I understand it has to do with extracting the sid from
>> >>>>>>>>>>>>> /etc/samba/secrets.tdb but how do I install the command?
> suse
>> >>>>>>>>>>>>> 8.2 yast
>> >>>>>>>>>>>>> has now net package and googling net is.. well wow!
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> Have you samba-client package installed?
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> PAVOUK\psenicka at psenicka:~> rpm -qf `which net`
>> >>>>>>>>>>>> samba-client-3.5.1-4.1.x86_64
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> or you can dig domainsid from ldap
>> >>>>>>>>>>>>
>> >>>>>>>>>>>>>>> 5. configure samba on new server as PDC with ldap and
> shares
>> >>>>>>>>>>>>>>> in smb.conf
>> >>>>>>>>>>>>>>> from old samba smb.conf (check with testparm)
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>> I see it only contains shares so I bet smb.conf would
> just keep
>> >>>>>>>>>>>>> all
>> >>>>>>>>>>>>> the old settings rigth? /DATA will be rsynced
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> Maybe smb.conf from Samba2 is too different from Samba 3.
> I will
>> >>>>>>>>>>>> keep
>> >>>>>>>>>>>> current smb.conf on new server and add only shares from old
>> >>>>>>>>>>>> smb.conf to
>> >>>>>>>>>>>> new smb.conf.
>> >>>>>>>>>>>>
>> >>>>>>>>>>>>>>> 6. stop samba on old server
>> >>>>>>>>>>>>>>> 7. copy all data (with perms) and netlogon share to new
>> >>>> server
>> >>>>>>>>>>>>>>> 8. stop old server
>> >>>>>>>>>>>>>>> 9. start samba on new server a check everything is working
>> >>>>>>>>>>>>>>> fine (domain
>> >>>>>>>>>>>>>>> logon from windows box, shares and perms)
>> >>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>> This can be done best when no users are logged in samba
>> >>>> (maybe
>> >>>>>>>>>>>>>>> at weekend?)
>> >>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>> P.S. We have ubuntu 8.04 as PDC and Windows 7 can't
> join to
>> >>>>>>>>>>>>>>> domain
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>> thanks I move to Debian with ease :-) ubuntu is a great deb
>> >>>>>>>>>>>>> derived right?
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>> Ubuntu 8.04 LTS is now older than Debian Stable. When Ubuntu
>> >>>>>>>>>>>> 10.04 LTS
>> >>>>>>>>>>>> comes out this will be no longer truth.
>> >>>>>>>>>>>>
>> >>>>>>>>>>>>>> Check http://wiki.samba.org for info regarding Windows 7.
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>>> Cheers,
>> >>>>>>>>>>>>>> John T.
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>> Dne 25.3.2010 01:05, GG napsal(a):
>> >>>>>>>>>>>>>>>> Hello Vladimir and hi all,
>> >>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>> Thanks very much for replying!
>> >>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>> Any suggested os? I'd go for debian or what advised,
> I just
>> >>>>>>>>>>>>>>>> happen to
>> >>>>>>>>>>>>>>>> know ubuntu more...
>> >>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>> Any strategy or hint on migrating from ancient ldap +
> samba
>> >>>>>>>>>>>>>>>> to a new server?
>> >>>>>>>>>>>>>>>> Already tried rsyncing (using all options to keep
> perms and
>> >>>>>>>>>>>>>>>> attributes
>> >>>>>>>>>>>>>>>> grp own mod etc) on a twin v-machine but server
> starts and
>> >>>>>>>>>>>>>>>> the ldap
>> >>>>>>>>>>>>>>>> auth fails to work :-(
>> >>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>> I'm a bit stuck at the moment :-( and I have posponed the
>> >>>>>>>>>>>>>>>> problem for
>> >>>>>>>>>>>>>>>> too long grrr
>> >>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>> Giorgio
>> >>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>> On Wed, Mar 24, 2010 at 9:20 AM, Vladimir Psenicka
>> >>>>>>>>>>>>>>>> <vladimir.psenicka at prodeco.cz
> <mailto:vladimir.psenicka at prodeco.cz>> wrote:
>> >>>>>>>>>>>>>>>>> Dne 23.3.2010 15:48, Giorgio napsal(a):
>> >>>>>>>>>>>>>>>>>> Hello,
>> >>>>>>>>>>>>>>>>>> Hopefully I'm in the right place asking for help :-)
>> >>>>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>>>> I need to move from an old physical Suse 8.2 -
> samba 2.2.7
>> >>>>>>>>>>>>>>>>>> + ldap - to
>> >>>>>>>>>>>>>>>>>> latest samba versions, I would like to use an
> ubuntu 8.04
>> >>>>>>>>>>>>>>>>>> virtual machine.
>> >>>>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>>>> The domain is in production on the physical server,
> to be
>> >>>>>>>>>>>>>>>>>> dismissed after
>> >>>>>>>>>>>>>>>>>> migration. It is also the file server!!! so /DATA/
> has all
>> >>>>>>>>>>>>>>>>>> shared and
>> >>>>>>>>>>>>>>>>>> permission driven file access..
>> >>>>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>>>> I was following
>> >>>>>>>>>>>>>>>>>>
> https://help.ubuntu.com/8.10/serverguide/C/samba-dc.html
>> >>>> but
>> >>>>>>>>>>>>>>>>>> I realize I am in a different scenario...
>> >>>>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>>>> Production so no errors are admitted :-(, migration
> to new
>> >>>>>>>>>>>>>>>>>> os and versions..
>> >>>>>>>>>>>>>>>>>> all at once?
>> >>>>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>>>> I have a dump of the physical server (dd sda mbr and
>> >>>> single
>> >>>>>>>>>>>>>>>>>> partitions :)
>> >>>>>>>>>>>>>>>>>> plus an rsync with all permissions daily backup,
> just to
>> >>>> be
>> >>>>>>>>>>>>>>>>>> safe ;)
>> >>>>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>>>> What would you guru's suggest as a strategy?
>> >>>>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>>>> Can I create a new server and add it as secondary
> domain
>> >>>>>>>>>>>>>>>>>> controller and then
>> >>>>>>>>>>>>>>>>>> once the replica is up? I'd feel quite comfortable with
>> >>>>>>>>>>>>>>>>>> this method.
>> >>>>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>>>> BTW I need a new version of samba as they have already
>> >>>>>>>>>>>>>>>>>> bought Windows 7
>> >>>>>>>>>>>>>>>>>> boxes (without asking if they were supported arrgh).
>> >>>>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>>>> Thanks to all of you who read or answered :-)
>> >>>>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>>>> Gio
>> >>>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>>> Hi.
>> >>>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>>> Ubuntu 8.10 is bad idea if you will be connecting
> Windows 7
>> >>>>>>>>>>>>>>>>> into domain,
>> >>>>>>>>>>>>>>>>> because of old Samba version. Samba 3.4.x or 3.5.x is
>> >>>>>>>>>>>>>>>>> recommended for
>> >>>>>>>>>>>>>>>>> Win7. Wait for Ubuntu 10.04 LTS (next month) if you want
>> >>>>>>>>>>>>>>>>> Ubuntu.
>> >>>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>>> --
>> >>>>>>>>>>>>>>>>> Vladimir Psenicka
>> >>>>>>>>>>>>>>>>> --
>> >>>>>>>>>>>>>>>>> To unsubscribe from this list go to the following
> URL and
>> >>>>>>>>>>>>>>>>> read the
>> >>>>>>>>>>>>>>>>> instructions:
>> >>>> https://lists.samba.org/mailman/options/samba
>> >>>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>>> --
>> >>>>>>>>>>>>>> To unsubscribe from this list go to the following URL
> and read
>> >>>>>>>>>>>>>> the
>> >>>>>>>>>>>>>>
> instructions: https://lists.samba.org/mailman/options/samba
>> >>>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> --
>> >>>>>>>>>>>> Vladimir Psenicka
>> >>>>>>>>>>>> IT system engineer
>> >>>>>>>>>>>> PRODECO, a.s.
>> >>>>>>>>>>>> Tel.: 417 633 762
>> >>>>>>>>>>>> --
>> >>>>>>>>>>>> To unsubscribe from this list go to the following URL and
> read
>> >>>> the
>> >>>>>>>>>>>> instructions: https://lists.samba.org/mailman/options/samba
>> >>>>>>>>>>>>
>> >>>>>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>> --
>> >>>>>>>>> Vladimir Psenicka
>> >>>>>>>>> IT system engineer
>> >>>>>>>>> PRODECO, a.s.
>> >>>>>>>>> Tel.: 417 633 762
>> >>>>>>>>> --
>> >>>>>>>>> To unsubscribe from this list go to the following URL and
> read the
>> >>>>>>>>> instructions: https://lists.samba.org/mailman/options/samba
>> >>>>>>>>>
>> >>>>>>>
>> >>>>>>>
>> >>>>>>
>> >>>>>>
>> >>>>>> --
>> >>>>>> Vladimir Psenicka
>> >>>>>> IT system engineer
>> >>>>>> PRODECO, a.s.
>> >>>>>> Tel.: 417 633 762
>> >>>>>> --
>> >>>>>> To unsubscribe from this list go to the following URL and read the
>> >>>>>> instructions: https://lists.samba.org/mailman/options/samba
>> >>>>>>
>> >>>> --
>> >>>> To unsubscribe from this list go to the following URL and read the
>> >>>> instructions: https://lists.samba.org/mailman/options/samba
>> >>>>
>> >>
>> >>
>> >> --
>> >> Vladimir Psenicka
>> >> IT system engineer
>> >> PRODECO, a.s.
>> >> Tel.: 417 633 762
>> >>
>>
>>
>> --
>> Vladimir Psenicka
>> IT system engineer
>> PRODECO, a.s.
>> Tel.: 417 633 762
>>
>
>
--
Vladimir Psenicka
IT system engineer
PRODECO, a.s.
Tel.: 417 633 762
More information about the samba
mailing list