[Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04

GG jojomi at gmail.com
Fri Apr 9 04:40:13 MDT 2010


Hello!

So I added openldap.schema and qmail.schema, deleted /var/lib/ldap/*
and slapadd the ldif; I still get the same errors though!

Being on the first line it seems as if dn: uid=,dc=,dc=,dc= is not ok
for the new version, because it imports groups correctly  dn:
dc=,dc=,dc=

Ideas?

Cheers,
Giorgio

On 4/8/10, Vladimir Psenicka <vladimir.psenicka at prodeco.cz> wrote:
> You have in gg-edited.ldif (first error on line 52):
>
> dn: uid=name surname,dc=Sistemi
> Informativi,dc=People,dc=GG-s-Domain,dc=it
> structuralObjectClass: inetOrgPerson
> entryUUID: e969a5fc-584e-1027-9dc7-fa88d05ed16f
> creatorsName: cn=Manager,dc=GG-s-Domain,dc=it
> createTimestamp: 20030801093311Z
> objectClass: inetOrgPerson
> objectClass: person
> objectClass: sambaAccount
> objectClass: qmailUser
> objectClass: posixAccount
> objectClass: shadowAccount
>
> Dou you have all apropriate schemas in your slapd.conf and in
> /etc/ldap/schema/ on your new server? You should have all schemas in new
> slapd.conf as you had in slapd.conf on old server...qmail schema etc...
>
> Dne 8.4.2010 11:44, GG napsal(a):
> > Hello Vladimir and NG,
> >
> > I added samba.schema and removed the "" and it imported ldif without
> > saying anything about groups now :-)
> >
> > There are some warnings I am attaching.
> >
> > It moans about
> > str2entry: invalid value for attributeType objectClass #3 (syntax
> > 1.3.6.1.4.1.1466.115.121.1.38)
> > slapadd: could not parse entry (line=11937)
> > and if I look at the ldif I find this
> > dn: uid=someuid,dc=Filiali,dc=People,dc=domain,dc=it
> >
> > and other error
> > slapadd: could not parse entry (line=11116)
> > <= str2entry: str2ad(mailHost): attribute type undefined
> > this is the line in ldfi...
> >
> > dn: uid=otheruid,dc=Esterni,dc=People,dc=domain,dc=it
> > cn: otheruid
> >
> > But the line is always the dn:
> > uid=someuid,dc=SomeSubDc,dc=People,dc=domain,dc=it
> >
> > but reading mailHost: I have a line in many accounts with maildir and
> > mail host etc that I don't need any more; shall I remove lines
> > containing mail attributes? (mytextools.com <http://mytextools.com> is
> > great but I suppose there must be some regular expression too)
> >
> > I did a slapcat from destination server and it imported groups but no
> > actual users.
> >
> > I removed mail alternate attibutes (not mail: as it used for creating
> > alias from ldap into mail server) anyway the error seems to be in the
> > DN. it needs a dn but it gives this error
> > str2entry: invalid value for attributeType objectClass #3 (syntax
> > 1.3.6.1.4.1.1466.115.121.1.38)
> > slapadd: could not parse entry (line=1)
> >
> > importing a single user from a partial ldif..
> >
> >
> > Giorgio
> >
> > On 4/8/10, Vladimir Psenicka <vladimir.psenicka at prodeco.cz
> > <mailto:vladimir.psenicka at prodeco.cz>> wrote:
> >> 1. comments to slapd.conf:
> >>
> >> if slapd.conf.destination is on your new server, then you are missing
> >> samba schema in your slapd.conf.destination.
> >>
> >> slapd.conf on new server:
> >> ....
> >> include         /etc/ldap/schema/samba.schema
> >> ....
> >>
> >> Get samba.schema from your current samba instalation on new server. It
> >> should be in somewhere in: /usr/share/doc/samba-doc/examples/LDAP/
> >>
> >> 2. comments on error importing ldif:
> >>
> >> slapadd-ing.LOG:
> >>
> >> slapadd: dn="dc=People,dc=GG-s-Domain,dc=it" (line=26): (64) value of
> >> naming attribute 'dc' is not present in entry
> >>
> >> which is in gg-edited.ldif:
> >>
> >> dn: dc=People,dc=GG-s-Domain,dc=it
> >> objectClass: dcObject
> >> objectClass: organizationalUnit
> >> ou: "People"
> >> dc: "People"
> >> structuralObjectClass: organizationalUnit
> >> entryUUID: 067e823e-5845-1027-9dc5-fa88d05ed16f
> >> creatorsName: cn=Manager,dc=GG-s-Domain,dc=it
> >> createTimestamp: 20030801082225Z
> >> entryCSN: 2003080108:22:25Z#0x0001#0#0000
> >> modifiersName: cn=Manager,dc=GG-s-Domain,dc=it
> >> modifyTimestamp: 20030801082225Z
> >>
> >> Can you try delete quotes in ou: "People" and dc: "People" and try to
> >> import ldif again? Or you can try delete objectClass: dcObject and dc:
> >> "People". In our ldap we haven't objectClass: dcObject in dn:
> >> ou=Users,dc=pavouk,dc=cz
> >>
> >> my ldif:
> >>
> >> dn: ou=Users,dc=pavouk,dc=cz
> >> objectClass: organizationalUnit
> >> ou: Users
> >> structuralObjectClass: organizationalUnit
> >> entryUUID: 00014016-c3a2-1029-9d4e-9147cb3e97d5
> >> creatorsName: cn=Manager,dc=pavouk,dc=cz
> >> createTimestamp: 20050927125727Z
> >> entryCSN: 20050927125727.000000Z#000001#000#000000
> >> modifiersName: cn=Manager,dc=pavouk,dc=cz
> >> modifyTimestamp: 20050927125727Z
> >>
> >>
> >>
> >>
> >> Dne 7.4.2010 16:14, GG napsal(a):
> >> > Hello Vladimir and anyone else reading :-) !
> >> >
> >> > Attaching these files:
> >> >
> >> > - gg-edited.ldif
> >> > - slapd.conf.destination.txt
> >> > - slapd.conf.source.txt
> >> > - ldap.conf.destination.txt
> >> > - ldap.conf.source.txt
> >> > - slapadd-ing.LOG this was the log while importing ldif
> >> >
> >> >
> >> > NET SID ETC
> >> > net setlocalsid
> > S-1-5-21-1168...........-..................-...............2
> >> > net setdomainsid
> > S-1-5-21-1168...........-..................-...............1
> >> >
> >> > does net setlocal and domain sid have sense or should it be
> >> > net setdomainsid
> >> > twice with different sids?
> >> >
> >> > Thanks very much!
> >> >
> >> > Giorgio
> >> >
> >> > On 4/6/10, Vladimir Psenicka <vladimir.psenicka at prodeco.cz
> > <mailto:vladimir.psenicka at prodeco.cz>> wrote:
> >> >> Hi Gorgio
> >> >>
> >> >> Dne 2.4.2010 17:01, GG napsal(a):
> >> >>> Hi all,
> >> >>>
> >> >>> So I have
> >> >>> openldap2-2.1.12-74
> >> >>> samba-2.2.7a-72
> >> >>>
> >> >>> I would like to migrate this existing PDC service to a new server and
> >> >>> to current production / stable releases (especially for windows 7
> >> >>> joining to the domain).
> >> >>>
> >> >>> New server is Debian Lenny stable.
> >> >>>
> >> >>> I have exported the domain SID, and ldap.ldif
> >> >>>
> >> >>> Now lets get down to it :-)
> >> >>> Before importing should I do something about organizational units
> > and so? How?
> >> >>>
> >> >>>> Import only data to LDAP no configs (slapcat->slapadd)
> >> >>>  slapadd -c -l slapcat.ldif
> >> >>> I did this but attached errors showed up.
> >> >>>
> >> >>> Error, entries missing!
> >> >>>   entry 3: dc=people,dc=ExampleDomain,dc=it
> >> >>>   entry 4: dc=groups,dc=people,dc=ExampleDomain,dc=it
> >> >>
> >> >> Can you post first 100 lines of your ldif you try to import? You
> >> >> probably missing some base ldif.
> >> >>
> >> >>>
> >> >>>
> >> >>> I know nothing about ldap, but my ldap is probably missing some pre
> >> >>> required settings ? :-/
> >> >>>
> >> >>
> >> >> Can you post slapd.conf also?
> >> >>
> >> >>
> >> >>> Cheers!
> >> >>> Giorgio
> >> >>>
> >> >>>> Configs yes, live data no, but if you have ldap it *should* be
> > enough to
> >> >>>> import ldif from old server, configure samba to use ldap and run
> > smbpasswd
> >> >>>> -W to store ldap admin dn pass to secrets.tdb. After that you can
> > test if
> >> >>>> samba see imported users in ldap (pdbedit -L).
> >> >>>
> >> >>>
> >> >>>
> >> >>>
> >> >>>
> >> >>>
> >> >>> On 3/27/10, Vladimir Psenicka <vladimir.psenicka at prodeco.cz
> > <mailto:vladimir.psenicka at prodeco.cz>> wrote:
> >> >>>> On Fri, 26 Mar 2010 15:32:50 +0100, GG <jojomi at gmail.com
> > <mailto:jojomi at gmail.com>> wrote:
> >> >>>>> wow I made it!
> >> >>>>>
> >> >>>>> I copied net and all the libs it complained about from another suse
> >> >>>>> server which was not missing it :-)
> >> >>>>>
> >> >>>>> [2010/03/26 15:07:37, 0] param/loadparm.c:map_parameter(2435)
> >> >>>>>   Unknown parameter encountered: "domain admin group"
> >> >>>>> [2010/03/26 15:07:37, 0] param/loadparm.c:lp_do_parameter(3125)
> >> >>>>>   Ignoring unknown parameter "domain admin group"
> >> >>>>> SID for domain ThisIsLikeTheHostNameOrMaybeAtestDomain???
> >> >>>>>  is: S-1-5-21-1bla bla
> >> >>>>> SID for domain THISISMYDOMAIN is: S-1-5-other-bla bla
> >> >>>>>
> >> >>>>> Which shall I import?
> >> >>>>>
> >> >>>>
> >> >>>> Import both for sure:-). First is localsid, second is domainsid
> >> >>>>
> >> >>>>> So now back to mail number 2 :-)
> >> >>>>>
> >> >>>>> LDAP: I exported ldif :-) now
> >> >>>>> I copied /etc/groups passwd shadow aliases
> >> >>>>>
> >> >>>>> now on the new server:
> >> >>>>>
> >> >>>>> how do I import LDAP and all its configs,
> >> >>>>> samba and all its configs are only in smb.conf?
> >> >>>>>
> >> >>>> Import only data to LDAP no configs (slapcat->slapadd)
> >> >>>> Configs yes, live data no, but if you have ldap it *should* be
> > enough to
> >> >>>> import ldif from old server, configure samba to use ldap and run
> > smbpasswd
> >> >>>> -W to store ldap admin dn pass to secrets.tdb. After that you can
> > test if
> >> >>>> samba see imported users in ldap (pdbedit -L).
> >> >>>>
> >> >>>>> :-)
> >> >>>>> Giorgio
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> On 3/26/10, Vladimir Psenicka <vladimir.psenicka at prodeco.cz
> > <mailto:vladimir.psenicka at prodeco.cz>> wrote:
> >> >>>>>> Paste ldap admin dn or ldap suffix in your smb.conf
> >> >>>>>>
> >> >>>>>> Dne 26.3.2010 15:24, Vladimir Psenicka napsal(a):
> >> >>>>>>> try this:
> >> >>>>>>>
> >> >>>>>>> ldapsearch -x -h localhost -D "cn=Manager,dc=WORKGROUP,dc=it"
> > -W -b
> >> >>>>>>> "sambaDomainName=WORKGROUP,dc=WORKGROUP,dc=it"
> >> >>>>>>>
> >> >>>>>>> Dne 26.3.2010 15:00, GG napsal(a):
> >> >>>>>>>> Hello!
> >> >>>>>>>>
> >> >>>>>>>> I'm stuck on getdomainsid: Net command is missing even though
> > libs
> >> >>>> and
> >> >>>>>>>> smbclient are installed.
> >> >>>>>>>>
> >> >>>>>>>> I tried this:
> >> >>>>>>>> # ldapsearch -x -h localhost -D "cn=Manager,dc=domain,dc=it"
> > -W -b
> >> >>>>>>>> "sambaDomainName=WORKGROUP,dc=domain,dc=it"
> >> >>>>>>>> Enter LDAP Password:
> >> >>>>>>>> # extended LDIF
> >> >>>>>>>> #
> >> >>>>>>>> # LDAPv3
> >> >>>>>>>> # base <sambaDomainName=WORKGROUP,dc=domain,dc=it> with scope sub
> >> >>>>>>>> # filter: (objectclass=*)
> >> >>>>>>>> # requesting: ALL
> >> >>>>>>>> #
> >> >>>>>>>>
> >> >>>>>>>> # search result
> >> >>>>>>>> search: 2
> >> >>>>>>>> result: 34 Invalid DN syntax
> >> >>>>>>>> text: invalid DN
> >> >>>>>>>>
> >> >>>>>>>> # numResponses: 1
> >> >>>>>>>>
> >> >>>>>>>> So: I'm not sure what is
> > sambaDomainName=domain,dc=domain,dc=it...
> >> >>>>>>>> I used WORKGROUP as it is the domain we use on pcs and the
> > only one
> >> >>>>>>>> defined in smb.conf
> >> >>>>>>>>
> >> >>>>>>>> I also tried using my pdc HOSTNAME
> >> >>>>>>>>
> >> >>>>>>>> and this was returned
> >> >>>>>>>> # LDAPv3
> >> >>>>>>>> # base <sambaDomainName=hostname,dc=domain,dc=it> with scope sub
> >> >>>>>>>> # filter: (objectclass=*)
> >> >>>>>>>> # requesting: ALL
> >> >>>>>>>> #
> >> >>>>>>>>
> >> >>>>>>>> # search result
> >> >>>>>>>> search: 2
> >> >>>>>>>> result: 34 Invalid DN syntax
> >> >>>>>>>> text: invalid DN
> >> >>>>>>>>
> >> >>>>>>>> # numResponses: 1
> >> >>>>>>>>
> >> >>>>>>>> Any way to get through this or how to use net command? Maybe
> >> >>>> updating
> >> >>>>>>>> samba-client?
> >> >>>>>>>>
> >> >>>>>>>> I tried rpm -i samba-client but it says
> >> >>>>>>>> file /usr/share/man/man1/smbclient.1.gz from install of
> >> >>>>>>>> samba-client-2.2.12-1.suse82 conflicts with file from package
> >> >>>>>>>> samba-client-2.2.7a-72 when trying to rpm -i
> >> >>>> samba-client-2.2.12-1.rpm
> >> >>>>>>>>
> >> >>>>>>>> I found also the original package but it says it is already
> >> >>>> installed.
> >> >>>>>>>>
> >> >>>>>>>> What happens if I remove samba-client and reinstall it soon
> > after on
> >> >>>>>>>> the production pdc?
> >> >>>>>>>>
> >> >>>>>>>>
> >> >>>>>>>> Giorgio
> >> >>>>>>>>
> >> >>>>>>>> On 3/26/10, Vladimir Psenicka <vladimir.psenicka at prodeco.cz
> > <mailto:vladimir.psenicka at prodeco.cz>> wrote:
> >> >>>>>>>>> Dne 26.3.2010 13:50, GG napsal(a):
> >> >>>>>>>>>> Hello!
> >> >>>>>>>>>>
> >> >>>>>>>>>>>> Have you samba-client package installed?
> >> >>>>>>>>>>>>
> >> >>>>>>>>>>
> >> >>>>>>>>>> yes I do at least smbclient is there! but no net command :-/
> >> >>>>>>>>>>
> >> >>>>>>>>>>>> PAVOUK\psenicka at psenicka:~> rpm -qf `which net`
> >> >>>>>>>>>>>> samba-client-3.5.1-4.1.x86_64
> >> >>>>>>>>>>
> >> >>>>>>>>>> So here are the issues encountered...
> >> >>>>>>>>>> file /usr/share/man/man1/smbclient.1.gz from install of
> >> >>>>>>>>>> samba-client-2.2.12-1.suse82 conflicts with file from package
> >> >>>>>>>>>> samba-client-2.2.7a-72 when trying to rpm -i
> >> >>>>>>>>>> samba-client-2.2.12-1.rpm
> >> >>>>>>>>>> I found on net...
> >> >>>>>>>>>>
> >> >>>>>>>>>>>>
> >> >>>>>>>>>>>> or you can dig domainsid from ldap
> >> >>>>>>>>>>
> >> >>>>>>>>>> This sounds interesting! How do I do that?
> >> >>>>>>>>>>
> >> >>>>>>>>>
> >> >>>>>>>>> modify to your needs (domain):
> >> >>>>>>>>>
> >> >>>>>>>>> ldapsearch -x -h ldap -D "cn=admin,dc=domain,dc=cz" -W -b
> >> >>>>>>>>> "sambaDomainName=domain,dc=domain,dc=cz"
> >> >>>>>>>>>
> >> >>>>>>>>> sambaSID: is your domainsid
> >> >>>>>>>>>
> >> >>>>>>>>> or you can use phpldapadmin to manage you ldap from browser
> >> >>>>>>>>>
> >> >>>>>>>>>> Thanks very much!
> >> >>>>>>>>>> Giorgio
> >> >>>>>>>>>>
> >> >>>>>>>>>> On 3/26/10, GG <jojomi at gmail.com <mailto:jojomi at gmail.com>>
> > wrote<script
> >> >>>> type="text/javascript"
> >> >>>>
> > src="https://mail.prodeco.cz/roundcube/program/js/tiny_mce/themes/advanced/langs/cs.js?s=1240817786"></script>:
> >> >>>>>>>>>>> Hi!
> >> >>>>>>>>>>>
> >> >>>>>>>>>>> I'll be at it in a few minutes installing samba client / net
> >> >>>>>>>>>>> command :-)
> >> >>>>>>>>>>>
> >> >>>>>>>>>>> I have a question about the samba sernet repos:
> >> >>>>>>>>>>> Shall I apt-get remove samba and use
> >> >>>>>>>>>>> http://enterprisesamba.com/index.php?id=148 +
> >> >>>>>>>>>>> http://enterprisesamba.com/index.php?id=56
> >> >>>>>>>>>>>  instead from start?
> >> >>>>>>>>>>>
> >> >>>>>>>>>>> What is the real advantage of sernet? What about installing
> >> >>>>>>>>>>> official
> >> >>>>>>>>>>> samba.org <http://samba.org> packages, are there
> > differences with sernet
> >> >>>> (stability?)
> >> >>>>>>>>>>> or
> >> >>>>>>>>>>> is it just a more liberal repository?
> >> >>>>>>>>>>>
> >> >>>>>>>>>>> Also I read
> >> >>>>>>>>>>>>>> Ensure that all local user and group accounts that are
> > used by
> >> >>>>>>>>>>>>>> samba
> >> >>>>>>>>>>>>>> have the same uid/gid.
> >> >>>>>>>>>>>
> >> >>>>>>>>>>> Shall I copy /etc/shadow and /etc/passwd over? other files for
> >> >>>>>>>>>>> groups
> >> >>>>>>>>>>> and users?
> >> >>>>>>>>>>>
> >> >>>>>>>>>>> I use rsync --verbose  --progress --stats --compress
> > --rsh=ssh \
> >> >>>>>>>>>>>      --recursive --times --perms --links  \
> >> >>>>>>>>>>>      --owner --group --devices --specials \
> >> >>>>>>>>>>>      --exclude-from '/root/exclude.txt (if any, not in
> > this case
> >> >>>> as
> >> >>>>>>>>>>> I'm only syncing data dir)' \
> >> >>>>>>>>>>>      root at old_PDC:/DATA /DATA
> >> >>>>>>>>>>>
> >> >>>>>>>>>>> This should bring over every attribute set on files...
> > correct?
> >> >>>>>>>>>>>
> >> >>>>>>>>>>> [[[did only partially in one case: I set up a twin install
> > (fresh
> >> >>>>>>>>>>> install then live cd and full rsync and after that I kept mbr,
> >> >>>> but
> >> >>>>>>>>>>> changed /boot and the /ect/fstab settings) and the server
> > started
> >> >>>>>>>>>>> etc.. LDAP did not work though: authentication was not
> >> >>>> available...
> >> >>>>>>>>>>> So I must be missing something or this rsync parameter set
> > must
> >> >>>> be
> >> >>>>>>>>>>> missing something.. I had disconnected old PDC, set same
> > IP and
> >> >>>>>>>>>>> hostname to the VM well this worked well for other
> >> >>>> virtualizations
> >> >>>>>>>>>>> and
> >> >>>>>>>>>>> in this PDC I need to upgrade to win7 compatible samba version
> >> >>>>>>>>>>> anyway
> >> >>>>>>>>>>> :-)
> >> >>>>>>>>>>> This was another story but just to share it as it is an
> > excellent
> >> >>>>>>>>>>> way
> >> >>>>>>>>>>> of migrating sometimes specially for machines you do not
> > master
> >> >>>> and
> >> >>>>>>>>>>> this is my case very often.]]]
> >> >>>>>>>>>>>
> >> >>>>>>>>>>> Cheers,
> >> >>>>>>>>>>> Giorgio
> >> >>>>>>>>>>>
> >> >>>>>>>>>>> On Fri, Mar 26, 2010 at 9:14 AM, Vladimir Psenicka
> >> >>>>>>>>>>> <vladimir.psenicka at prodeco.cz
> > <mailto:vladimir.psenicka at prodeco.cz>> wrote:
> >> >>>>>>>>>>>> Hi
> >> >>>>>>>>>>>>
> >> >>>>>>>>>>>> Dne 25.3.2010 17:41, GG napsal(a):
> >> >>>>>>>>>>>>> Hello Vladimir, John and all the NG :-)
> >> >>>>>>>>>>>>> Thanks so much for answering. I really hoped someone
> > would :-)
> >> >>>>>>>>>>>>>
> >> >>>>>>>>>>>>> So I installed Debian latest stable netinst on the future
> >> >>>>>>>>>>>>> production
> >> >>>>>>>>>>>>> server and here are my issues in the quotes :-( no net
> > command
> >> >>>>>>>>>>>>> on my
> >> >>>>>>>>>>>>> suse 8.2
> >> >>>>>>>>>>>>>
> >> >>>>>>>>>>>>> Cheers :-)
> >> >>>>>>>>>>>>> Giorgio
> >> >>>>>>>>>>>>>
> >> >>>>>>>>>>>>>
> >> >>>>>>>>>>>>>> On Thu, Mar 25, 2010 at 14:00, John H Terpstra
> > <*@samba.org <http://samba.org>>
> >> >>>>>>>>>>>>>> wrote:
> >> >>>>>>>>>>>>>>> On 03/25/2010 03:33 AM, Vladimir Psenicka wrote:
> >> >>>>>>>>>>>>>>> What about Debian Stable with Sernet samba repo, where you
> >> >>>> can
> >> >>>>>>>>>>>>>>> choose
> >> >>>>>>>>>>>>>>> Samba 3.4.x or 3.5.x
> >> >>>>>>>>>>>>>>>
> >> >>>>>>>>>>>>>>> My hints on migrating to new server:
> >> >>>>>>>>>>>>>>>
> >> >>>>>>>>>>>>>>> 1. install new server (Samba,ldap etc.)
> >> >>>>>>>>>>>>>
> >> >>>>>>>>>>>>> done :-) Debian Stable netinst
> >> >>>>>>>>>>>>>
> >> >>>>>>>>>>>>>>> 2. set same hostname on new server
> >> >>>>>>>>>>>>> My ignorance comes out :-)
> >> >>>>>>>>>>>>> Must I set it different from the production server as FW
> > points
> >> >>>>>>>>>>>>> production.domain.com <http://production.domain.com> - I
> > have clients using DNS=oldPDC and PDC
> >> >>>>>>>>>>>>> forwards queries to FW. FW has pdc.domain.com
> > <http://pdc.domain.com> defined to point
> >> >>>>>>>>>>>>> to lan
> >> >>>>>>>>>>>>> ip.
> >> >>>>>>>>>>>>>
> >> >>>>>>>>>>>>
> >> >>>>>>>>>>>> Ok, can be changed later
> >> >>>>>>>>>>>>
> >> >>>>>>>>>>>>>>> 3. export ldap data from old server and import them to new
> >> >>>>>>>>>>>>>>> server
> >> >>>>>>>>>>>>>
> >> >>>>>>>>>>>>> slapcat -f /etc/openldap/ldap.conf -l /ldap.ldif
> >> >>>>>>>>>>>>> OK
> >> >>>>>>>>>>>>>
> >> >>>>>>>>>>>>>> Ensure that all local user and group accounts that are
> > used by
> >> >>>>>>>>>>>>>> samba
> >> >>>>>>>>>>>>>> have the same uid/gid.
> >> >>>>>>>>>>>>> my ignorance again... another hint?
> >> >>>>>>>>>>>>>>
> >> >>>>>>>>>>>>>>> 4. export SID (net getlocalsid) and set it on new
> > server (net
> >> >>>>>>>>>>>>>>> setlocalsid oldsid)
> >> >>>>>>>>>>>>>>
> >> >>>>>>>>>>>>>> Note:
> >> >>>>>>>>>>>>>>  net getdomainsid (on old server)
> >> >>>>>>>>>>>>>>  net setdomainsid (on new server)
> >> >>>>>>>>>>>>> thanks :-)
> >> >>>>>>>>>>>>>
> >> >>>>>>>>>>>>> # net getdomainsid
> >> >>>>>>>>>>>>> -bash: net: command not found :-( and not found in yast
> >> >>>>>>>>>>>>>
> >> >>>>>>>>>>>>> I understand it has to do with extracting the sid from
> >> >>>>>>>>>>>>> /etc/samba/secrets.tdb but how do I install the command?
> > suse
> >> >>>>>>>>>>>>> 8.2 yast
> >> >>>>>>>>>>>>> has now net package and googling net is.. well wow!
> >> >>>>>>>>>>>>>
> >> >>>>>>>>>>>>
> >> >>>>>>>>>>>> Have you samba-client package installed?
> >> >>>>>>>>>>>>
> >> >>>>>>>>>>>> PAVOUK\psenicka at psenicka:~> rpm -qf `which net`
> >> >>>>>>>>>>>> samba-client-3.5.1-4.1.x86_64
> >> >>>>>>>>>>>>
> >> >>>>>>>>>>>> or you can dig domainsid from ldap
> >> >>>>>>>>>>>>
> >> >>>>>>>>>>>>>>> 5. configure samba on new server as PDC with ldap and
> > shares
> >> >>>>>>>>>>>>>>> in smb.conf
> >> >>>>>>>>>>>>>>> from old samba smb.conf (check with testparm)
> >> >>>>>>>>>>>>>
> >> >>>>>>>>>>>>> I see it only contains shares so I bet smb.conf would
> > just keep
> >> >>>>>>>>>>>>> all
> >> >>>>>>>>>>>>> the old settings rigth? /DATA will be rsynced
> >> >>>>>>>>>>>>>
> >> >>>>>>>>>>>>
> >> >>>>>>>>>>>> Maybe smb.conf from Samba2 is too different from Samba 3.
> > I will
> >> >>>>>>>>>>>> keep
> >> >>>>>>>>>>>> current smb.conf on new server and add only shares from old
> >> >>>>>>>>>>>> smb.conf to
> >> >>>>>>>>>>>> new smb.conf.
> >> >>>>>>>>>>>>
> >> >>>>>>>>>>>>>>> 6. stop samba on old server
> >> >>>>>>>>>>>>>>> 7. copy all data (with perms) and netlogon share to new
> >> >>>> server
> >> >>>>>>>>>>>>>>> 8. stop old server
> >> >>>>>>>>>>>>>>> 9. start samba on new server a check everything is working
> >> >>>>>>>>>>>>>>> fine (domain
> >> >>>>>>>>>>>>>>> logon from windows box, shares and perms)
> >> >>>>>>>>>>>>>>>
> >> >>>>>>>>>>>>>>> This can be done best when no users are logged in samba
> >> >>>> (maybe
> >> >>>>>>>>>>>>>>> at weekend?)
> >> >>>>>>>>>>>>>>>
> >> >>>>>>>>>>>>>>> P.S. We have ubuntu 8.04 as PDC and Windows 7 can't
> > join to
> >> >>>>>>>>>>>>>>> domain
> >> >>>>>>>>>>>>>
> >> >>>>>>>>>>>>> thanks I move to Debian with ease :-) ubuntu is a great deb
> >> >>>>>>>>>>>>> derived right?
> >> >>>>>>>>>>>>>
> >> >>>>>>>>>>>> Ubuntu 8.04 LTS is now older than Debian Stable. When Ubuntu
> >> >>>>>>>>>>>> 10.04 LTS
> >> >>>>>>>>>>>> comes out this will be no longer truth.
> >> >>>>>>>>>>>>
> >> >>>>>>>>>>>>>> Check http://wiki.samba.org for info regarding Windows 7.
> >> >>>>>>>>>>>>>>
> >> >>>>>>>>>>>>>> Cheers,
> >> >>>>>>>>>>>>>> John T.
> >> >>>>>>>>>>>>>>
> >> >>>>>>>>>>>>>>> Dne 25.3.2010 01:05, GG napsal(a):
> >> >>>>>>>>>>>>>>>> Hello Vladimir and hi all,
> >> >>>>>>>>>>>>>>>>
> >> >>>>>>>>>>>>>>>> Thanks very much for replying!
> >> >>>>>>>>>>>>>>>>
> >> >>>>>>>>>>>>>>>> Any suggested os? I'd go for debian or what advised,
> > I just
> >> >>>>>>>>>>>>>>>> happen to
> >> >>>>>>>>>>>>>>>> know ubuntu more...
> >> >>>>>>>>>>>>>>>>
> >> >>>>>>>>>>>>>>>>
> >> >>>>>>>>>>>>>>>> Any strategy or hint on migrating from ancient ldap +
> > samba
> >> >>>>>>>>>>>>>>>> to a new server?
> >> >>>>>>>>>>>>>>>> Already tried rsyncing (using all options to keep
> > perms and
> >> >>>>>>>>>>>>>>>> attributes
> >> >>>>>>>>>>>>>>>> grp  own mod etc) on a twin v-machine but server
> > starts and
> >> >>>>>>>>>>>>>>>> the ldap
> >> >>>>>>>>>>>>>>>> auth fails to work :-(
> >> >>>>>>>>>>>>>>>>
> >> >>>>>>>>>>>>>>>> I'm a bit stuck at the moment :-( and I have posponed the
> >> >>>>>>>>>>>>>>>> problem for
> >> >>>>>>>>>>>>>>>> too long grrr
> >> >>>>>>>>>>>>>>>>
> >> >>>>>>>>>>>>>>>> Giorgio
> >> >>>>>>>>>>>>>>>>
> >> >>>>>>>>>>>>>>>> On Wed, Mar 24, 2010 at 9:20 AM, Vladimir Psenicka
> >> >>>>>>>>>>>>>>>> <vladimir.psenicka at prodeco.cz
> > <mailto:vladimir.psenicka at prodeco.cz>> wrote:
> >> >>>>>>>>>>>>>>>>> Dne 23.3.2010 15:48, Giorgio napsal(a):
> >> >>>>>>>>>>>>>>>>>> Hello,
> >> >>>>>>>>>>>>>>>>>> Hopefully I'm in the right place asking for help :-)
> >> >>>>>>>>>>>>>>>>>>
> >> >>>>>>>>>>>>>>>>>> I need to move from an old physical Suse 8.2 -
> > samba 2.2.7
> >> >>>>>>>>>>>>>>>>>> + ldap - to
> >> >>>>>>>>>>>>>>>>>> latest samba versions, I would like to use an
> > ubuntu 8.04
> >> >>>>>>>>>>>>>>>>>> virtual machine.
> >> >>>>>>>>>>>>>>>>>>
> >> >>>>>>>>>>>>>>>>>> The domain is in production on the physical server,
> > to be
> >> >>>>>>>>>>>>>>>>>> dismissed after
> >> >>>>>>>>>>>>>>>>>> migration. It is also the file server!!! so /DATA/
> > has all
> >> >>>>>>>>>>>>>>>>>> shared and
> >> >>>>>>>>>>>>>>>>>> permission driven file access..
> >> >>>>>>>>>>>>>>>>>>
> >> >>>>>>>>>>>>>>>>>> I was following
> >> >>>>>>>>>>>>>>>>>>
> > https://help.ubuntu.com/8.10/serverguide/C/samba-dc.html
> >> >>>> but
> >> >>>>>>>>>>>>>>>>>> I realize I am in a different scenario...
> >> >>>>>>>>>>>>>>>>>>
> >> >>>>>>>>>>>>>>>>>> Production so no errors are admitted :-(, migration
> > to new
> >> >>>>>>>>>>>>>>>>>> os and versions..
> >> >>>>>>>>>>>>>>>>>> all at once?
> >> >>>>>>>>>>>>>>>>>>
> >> >>>>>>>>>>>>>>>>>> I have a dump of the physical server (dd sda mbr and
> >> >>>> single
> >> >>>>>>>>>>>>>>>>>> partitions :)
> >> >>>>>>>>>>>>>>>>>> plus an rsync with all permissions daily backup,
> > just to
> >> >>>> be
> >> >>>>>>>>>>>>>>>>>> safe ;)
> >> >>>>>>>>>>>>>>>>>>
> >> >>>>>>>>>>>>>>>>>>
> >> >>>>>>>>>>>>>>>>>> What would you guru's suggest as a strategy?
> >> >>>>>>>>>>>>>>>>>>
> >> >>>>>>>>>>>>>>>>>> Can I create a new server and add it as secondary
> > domain
> >> >>>>>>>>>>>>>>>>>> controller and then
> >> >>>>>>>>>>>>>>>>>> once the replica is up? I'd feel quite comfortable with
> >> >>>>>>>>>>>>>>>>>> this method.
> >> >>>>>>>>>>>>>>>>>>
> >> >>>>>>>>>>>>>>>>>> BTW I need a new version of samba as they have already
> >> >>>>>>>>>>>>>>>>>> bought Windows 7
> >> >>>>>>>>>>>>>>>>>> boxes (without asking if they were supported arrgh).
> >> >>>>>>>>>>>>>>>>>>
> >> >>>>>>>>>>>>>>>>>> Thanks to all of you who read or answered :-)
> >> >>>>>>>>>>>>>>>>>>
> >> >>>>>>>>>>>>>>>>>> Gio
> >> >>>>>>>>>>>>>>>>>
> >> >>>>>>>>>>>>>>>>> Hi.
> >> >>>>>>>>>>>>>>>>>
> >> >>>>>>>>>>>>>>>>> Ubuntu 8.10 is bad idea if you will be connecting
> > Windows 7
> >> >>>>>>>>>>>>>>>>> into domain,
> >> >>>>>>>>>>>>>>>>> because of old Samba version. Samba 3.4.x or 3.5.x is
> >> >>>>>>>>>>>>>>>>> recommended for
> >> >>>>>>>>>>>>>>>>> Win7. Wait for Ubuntu 10.04 LTS (next month) if you want
> >> >>>>>>>>>>>>>>>>> Ubuntu.
> >> >>>>>>>>>>>>>>>>>
> >> >>>>>>>>>>>>>>>>> --
> >> >>>>>>>>>>>>>>>>> Vladimir Psenicka
> >> >>>>>>>>>>>>>>>>> --
> >> >>>>>>>>>>>>>>>>> To unsubscribe from this list go to the following
> > URL and
> >> >>>>>>>>>>>>>>>>> read the
> >> >>>>>>>>>>>>>>>>> instructions:
> >> >>>> https://lists.samba.org/mailman/options/samba
> >> >>>>>>>>>>>>>>>>>
> >> >>>>>>>>>>>>>>>
> >> >>>>>>>>>>>>>>>
> >> >>>>>>>>>>>>>>
> >> >>>>>>>>>>>>>> --
> >> >>>>>>>>>>>>>> To unsubscribe from this list go to the following URL
> > and read
> >> >>>>>>>>>>>>>> the
> >> >>>>>>>>>>>>>>
> > instructions:  https://lists.samba.org/mailman/options/samba
> >> >>>>>>>>>>>>
> >> >>>>>>>>>>>>
> >> >>>>>>>>>>>> --
> >> >>>>>>>>>>>> Vladimir Psenicka
> >> >>>>>>>>>>>> IT system engineer
> >> >>>>>>>>>>>> PRODECO, a.s.
> >> >>>>>>>>>>>> Tel.: 417 633 762
> >> >>>>>>>>>>>> --
> >> >>>>>>>>>>>> To unsubscribe from this list go to the following URL and
> > read
> >> >>>> the
> >> >>>>>>>>>>>> instructions:  https://lists.samba.org/mailman/options/samba
> >> >>>>>>>>>>>>
> >> >>>>>>>>>>>
> >> >>>>>>>>>
> >> >>>>>>>>>
> >> >>>>>>>>> --
> >> >>>>>>>>> Vladimir Psenicka
> >> >>>>>>>>> IT system engineer
> >> >>>>>>>>> PRODECO, a.s.
> >> >>>>>>>>> Tel.: 417 633 762
> >> >>>>>>>>> --
> >> >>>>>>>>> To unsubscribe from this list go to the following URL and
> > read the
> >> >>>>>>>>> instructions:  https://lists.samba.org/mailman/options/samba
> >> >>>>>>>>>
> >> >>>>>>>
> >> >>>>>>>
> >> >>>>>>
> >> >>>>>>
> >> >>>>>> --
> >> >>>>>> Vladimir Psenicka
> >> >>>>>> IT system engineer
> >> >>>>>> PRODECO, a.s.
> >> >>>>>> Tel.: 417 633 762
> >> >>>>>> --
> >> >>>>>> To unsubscribe from this list go to the following URL and read the
> >> >>>>>> instructions:  https://lists.samba.org/mailman/options/samba
> >> >>>>>>
> >> >>>> --
> >> >>>> To unsubscribe from this list go to the following URL and read the
> >> >>>> instructions:  https://lists.samba.org/mailman/options/samba
> >> >>>>
> >> >>
> >> >>
> >> >> --
> >> >> Vladimir Psenicka
> >> >> IT system engineer
> >> >> PRODECO, a.s.
> >> >> Tel.: 417 633 762
> >> >>
> >>
> >>
> >> --
> >> Vladimir Psenicka
> >> IT system engineer
> >> PRODECO, a.s.
> >> Tel.: 417 633 762
> >>
> >
> >
>
>
> --
> Vladimir Psenicka
> IT system engineer
> PRODECO, a.s.
> Tel.: 417 633 762
>


More information about the samba mailing list