[Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04
Vladimir Psenicka
vladimir.psenicka at prodeco.cz
Fri Apr 9 06:41:00 MDT 2010
Hi.
Can you change *objectClass: sambaAccount* to *objectClass:
sambaSamAccount* in whole ldif, but object class 'sambaSamAccount'
requires attribute 'sambaSID' and maybee other samba* attributes. Or
delete objectClass: sambaAccount from this dn when no samba* attribute
is specified in this dn. I can't see objectClass: sambaAccount in our
Samba 3.0 samba.schema.
You can tune your old atributes (rid) in samba.schema: see HISTORICAL
Next your uid in dn must exactly be same as atribute uid
dn: *uid=Christian Sanvi*,dc=Sistemi
Informativi,dc=People,dc=GG-s-Domain,dc=it
structuralObjectClass: inetOrgPerson
entryUUID: e969a5fc-584e-1027-9dc7-fa88d05ed16f
creatorsName: cn=Manager,dc=GG-s-Domain,dc=it
createTimestamp: 20030801093311Z
objectClass: inetOrgPerson
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
mail: christian.sanvi at GG-s-Domain.it
mailHost: mail.GG-s-Domain.it
mailMessageStore: /var/qmail/maildirs/GG-s-Domain.it/christian.sanvi
*uid: Christian Sanvi*
cn: csanvi
sn: sanvi
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1000
gidNumber: 100
homeDirectory: /home/christian
gecos: Christian Sanvi,,,
entryCSN: 2008042908:48:24Z#0x0002#0#0000
modifiersName: cn=Manager,dc=GG-s-Domain,dc=it
modifyTimestamp: 20080429084824Z
userPassword:: e2NyeXB0fVc4Tmx0ck9pZDZhd3M=
shadowLastChange: 14695
This dn imported me fine (delete qmail and samba objectclass and rid
attribute).
Dne 9.4.2010 12:40, GG napsal(a):
> Hello!
>
> So I added openldap.schema and qmail.schema, deleted /var/lib/ldap/*
> and slapadd the ldif; I still get the same errors though!
>
> Being on the first line it seems as if dn: uid=,dc=,dc=,dc= is not ok
> for the new version, because it imports groups correctly dn:
> dc=,dc=,dc=
>
> Ideas?
>
> Cheers,
> Giorgio
>
> On 4/8/10, Vladimir Psenicka <vladimir.psenicka at prodeco.cz> wrote:
>> You have in gg-edited.ldif (first error on line 52):
>>
>> dn: uid=name surname,dc=Sistemi
>> Informativi,dc=People,dc=GG-s-Domain,dc=it
>> structuralObjectClass: inetOrgPerson
>> entryUUID: e969a5fc-584e-1027-9dc7-fa88d05ed16f
>> creatorsName: cn=Manager,dc=GG-s-Domain,dc=it
>> createTimestamp: 20030801093311Z
>> objectClass: inetOrgPerson
>> objectClass: person
>> objectClass: sambaAccount
>> objectClass: qmailUser
>> objectClass: posixAccount
>> objectClass: shadowAccount
>>
>> Dou you have all apropriate schemas in your slapd.conf and in
>> /etc/ldap/schema/ on your new server? You should have all schemas in new
>> slapd.conf as you had in slapd.conf on old server...qmail schema etc...
>>
>> Dne 8.4.2010 11:44, GG napsal(a):
>>> Hello Vladimir and NG,
>>>
>>> I added samba.schema and removed the "" and it imported ldif without
>>> saying anything about groups now :-)
>>>
>>> There are some warnings I am attaching.
>>>
>>> It moans about
>>> str2entry: invalid value for attributeType objectClass #3 (syntax
>>> 1.3.6.1.4.1.1466.115.121.1.38)
>>> slapadd: could not parse entry (line=11937)
>>> and if I look at the ldif I find this
>>> dn: uid=someuid,dc=Filiali,dc=People,dc=domain,dc=it
>>>
>>> and other error
>>> slapadd: could not parse entry (line=11116)
>>> <= str2entry: str2ad(mailHost): attribute type undefined
>>> this is the line in ldfi...
>>>
>>> dn: uid=otheruid,dc=Esterni,dc=People,dc=domain,dc=it
>>> cn: otheruid
>>>
>>> But the line is always the dn:
>>> uid=someuid,dc=SomeSubDc,dc=People,dc=domain,dc=it
>>>
>>> but reading mailHost: I have a line in many accounts with maildir and
>>> mail host etc that I don't need any more; shall I remove lines
>>> containing mail attributes? (mytextools.com <http://mytextools.com> is
>>> great but I suppose there must be some regular expression too)
>>>
>>> I did a slapcat from destination server and it imported groups but no
>>> actual users.
>>>
>>> I removed mail alternate attibutes (not mail: as it used for creating
>>> alias from ldap into mail server) anyway the error seems to be in the
>>> DN. it needs a dn but it gives this error
>>> str2entry: invalid value for attributeType objectClass #3 (syntax
>>> 1.3.6.1.4.1.1466.115.121.1.38)
>>> slapadd: could not parse entry (line=1)
>>>
>>> importing a single user from a partial ldif..
>>>
>>>
>>> Giorgio
>>>
>>> On 4/8/10, Vladimir Psenicka <vladimir.psenicka at prodeco.cz
>>> <mailto:vladimir.psenicka at prodeco.cz>> wrote:
>>>> 1. comments to slapd.conf:
>>>>
>>>> if slapd.conf.destination is on your new server, then you are missing
>>>> samba schema in your slapd.conf.destination.
>>>>
>>>> slapd.conf on new server:
>>>> ....
>>>> include /etc/ldap/schema/samba.schema
>>>> ....
>>>>
>>>> Get samba.schema from your current samba instalation on new server. It
>>>> should be in somewhere in: /usr/share/doc/samba-doc/examples/LDAP/
>>>>
>>>> 2. comments on error importing ldif:
>>>>
>>>> slapadd-ing.LOG:
>>>>
>>>> slapadd: dn="dc=People,dc=GG-s-Domain,dc=it" (line=26): (64) value of
>>>> naming attribute 'dc' is not present in entry
>>>>
>>>> which is in gg-edited.ldif:
>>>>
>>>> dn: dc=People,dc=GG-s-Domain,dc=it
>>>> objectClass: dcObject
>>>> objectClass: organizationalUnit
>>>> ou: "People"
>>>> dc: "People"
>>>> structuralObjectClass: organizationalUnit
>>>> entryUUID: 067e823e-5845-1027-9dc5-fa88d05ed16f
>>>> creatorsName: cn=Manager,dc=GG-s-Domain,dc=it
>>>> createTimestamp: 20030801082225Z
>>>> entryCSN: 2003080108:22:25Z#0x0001#0#0000
>>>> modifiersName: cn=Manager,dc=GG-s-Domain,dc=it
>>>> modifyTimestamp: 20030801082225Z
>>>>
>>>> Can you try delete quotes in ou: "People" and dc: "People" and try to
>>>> import ldif again? Or you can try delete objectClass: dcObject and dc:
>>>> "People". In our ldap we haven't objectClass: dcObject in dn:
>>>> ou=Users,dc=pavouk,dc=cz
>>>>
>>>> my ldif:
>>>>
>>>> dn: ou=Users,dc=pavouk,dc=cz
>>>> objectClass: organizationalUnit
>>>> ou: Users
>>>> structuralObjectClass: organizationalUnit
>>>> entryUUID: 00014016-c3a2-1029-9d4e-9147cb3e97d5
>>>> creatorsName: cn=Manager,dc=pavouk,dc=cz
>>>> createTimestamp: 20050927125727Z
>>>> entryCSN: 20050927125727.000000Z#000001#000#000000
>>>> modifiersName: cn=Manager,dc=pavouk,dc=cz
>>>> modifyTimestamp: 20050927125727Z
>>>>
>>>>
>>>>
>>>>
>>>> Dne 7.4.2010 16:14, GG napsal(a):
>>>>> Hello Vladimir and anyone else reading :-) !
>>>>>
>>>>> Attaching these files:
>>>>>
>>>>> - gg-edited.ldif
>>>>> - slapd.conf.destination.txt
>>>>> - slapd.conf.source.txt
>>>>> - ldap.conf.destination.txt
>>>>> - ldap.conf.source.txt
>>>>> - slapadd-ing.LOG this was the log while importing ldif
>>>>>
>>>>>
>>>>> NET SID ETC
>>>>> net setlocalsid
>>> S-1-5-21-1168...........-..................-...............2
>>>>> net setdomainsid
>>> S-1-5-21-1168...........-..................-...............1
>>>>>
>>>>> does net setlocal and domain sid have sense or should it be
>>>>> net setdomainsid
>>>>> twice with different sids?
>>>>>
>>>>> Thanks very much!
>>>>>
>>>>> Giorgio
>>>>>
>>>>> On 4/6/10, Vladimir Psenicka <vladimir.psenicka at prodeco.cz
>>> <mailto:vladimir.psenicka at prodeco.cz>> wrote:
>>>>>> Hi Gorgio
>>>>>>
>>>>>> Dne 2.4.2010 17:01, GG napsal(a):
>>>>>>> Hi all,
>>>>>>>
>>>>>>> So I have
>>>>>>> openldap2-2.1.12-74
>>>>>>> samba-2.2.7a-72
>>>>>>>
>>>>>>> I would like to migrate this existing PDC service to a new server and
>>>>>>> to current production / stable releases (especially for windows 7
>>>>>>> joining to the domain).
>>>>>>>
>>>>>>> New server is Debian Lenny stable.
>>>>>>>
>>>>>>> I have exported the domain SID, and ldap.ldif
>>>>>>>
>>>>>>> Now lets get down to it :-)
>>>>>>> Before importing should I do something about organizational units
>>> and so? How?
>>>>>>>
>>>>>>>> Import only data to LDAP no configs (slapcat->slapadd)
>>>>>>> slapadd -c -l slapcat.ldif
>>>>>>> I did this but attached errors showed up.
>>>>>>>
>>>>>>> Error, entries missing!
>>>>>>> entry 3: dc=people,dc=ExampleDomain,dc=it
>>>>>>> entry 4: dc=groups,dc=people,dc=ExampleDomain,dc=it
>>>>>>
>>>>>> Can you post first 100 lines of your ldif you try to import? You
>>>>>> probably missing some base ldif.
>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> I know nothing about ldap, but my ldap is probably missing some pre
>>>>>>> required settings ? :-/
>>>>>>>
>>>>>>
>>>>>> Can you post slapd.conf also?
>>>>>>
>>>>>>
>>>>>>> Cheers!
>>>>>>> Giorgio
>>>>>>>
>>>>>>>> Configs yes, live data no, but if you have ldap it *should* be
>>> enough to
>>>>>>>> import ldif from old server, configure samba to use ldap and run
>>> smbpasswd
>>>>>>>> -W to store ldap admin dn pass to secrets.tdb. After that you can
>>> test if
>>>>>>>> samba see imported users in ldap (pdbedit -L).
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On 3/27/10, Vladimir Psenicka <vladimir.psenicka at prodeco.cz
>>> <mailto:vladimir.psenicka at prodeco.cz>> wrote:
>>>>>>>> On Fri, 26 Mar 2010 15:32:50 +0100, GG <jojomi at gmail.com
>>> <mailto:jojomi at gmail.com>> wrote:
>>>>>>>>> wow I made it!
>>>>>>>>>
>>>>>>>>> I copied net and all the libs it complained about from another suse
>>>>>>>>> server which was not missing it :-)
>>>>>>>>>
>>>>>>>>> [2010/03/26 15:07:37, 0] param/loadparm.c:map_parameter(2435)
>>>>>>>>> Unknown parameter encountered: "domain admin group"
>>>>>>>>> [2010/03/26 15:07:37, 0] param/loadparm.c:lp_do_parameter(3125)
>>>>>>>>> Ignoring unknown parameter "domain admin group"
>>>>>>>>> SID for domain ThisIsLikeTheHostNameOrMaybeAtestDomain???
>>>>>>>>> is: S-1-5-21-1bla bla
>>>>>>>>> SID for domain THISISMYDOMAIN is: S-1-5-other-bla bla
>>>>>>>>>
>>>>>>>>> Which shall I import?
>>>>>>>>>
>>>>>>>>
>>>>>>>> Import both for sure:-). First is localsid, second is domainsid
>>>>>>>>
>>>>>>>>> So now back to mail number 2 :-)
>>>>>>>>>
>>>>>>>>> LDAP: I exported ldif :-) now
>>>>>>>>> I copied /etc/groups passwd shadow aliases
>>>>>>>>>
>>>>>>>>> now on the new server:
>>>>>>>>>
>>>>>>>>> how do I import LDAP and all its configs,
>>>>>>>>> samba and all its configs are only in smb.conf?
>>>>>>>>>
>>>>>>>> Import only data to LDAP no configs (slapcat->slapadd)
>>>>>>>> Configs yes, live data no, but if you have ldap it *should* be
>>> enough to
>>>>>>>> import ldif from old server, configure samba to use ldap and run
>>> smbpasswd
>>>>>>>> -W to store ldap admin dn pass to secrets.tdb. After that you can
>>> test if
>>>>>>>> samba see imported users in ldap (pdbedit -L).
>>>>>>>>
>>>>>>>>> :-)
>>>>>>>>> Giorgio
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On 3/26/10, Vladimir Psenicka <vladimir.psenicka at prodeco.cz
>>> <mailto:vladimir.psenicka at prodeco.cz>> wrote:
>>>>>>>>>> Paste ldap admin dn or ldap suffix in your smb.conf
>>>>>>>>>>
>>>>>>>>>> Dne 26.3.2010 15:24, Vladimir Psenicka napsal(a):
>>>>>>>>>>> try this:
>>>>>>>>>>>
>>>>>>>>>>> ldapsearch -x -h localhost -D "cn=Manager,dc=WORKGROUP,dc=it"
>>> -W -b
>>>>>>>>>>> "sambaDomainName=WORKGROUP,dc=WORKGROUP,dc=it"
>>>>>>>>>>>
>>>>>>>>>>> Dne 26.3.2010 15:00, GG napsal(a):
>>>>>>>>>>>> Hello!
>>>>>>>>>>>>
>>>>>>>>>>>> I'm stuck on getdomainsid: Net command is missing even though
>>> libs
>>>>>>>> and
>>>>>>>>>>>> smbclient are installed.
>>>>>>>>>>>>
>>>>>>>>>>>> I tried this:
>>>>>>>>>>>> # ldapsearch -x -h localhost -D "cn=Manager,dc=domain,dc=it"
>>> -W -b
>>>>>>>>>>>> "sambaDomainName=WORKGROUP,dc=domain,dc=it"
>>>>>>>>>>>> Enter LDAP Password:
>>>>>>>>>>>> # extended LDIF
>>>>>>>>>>>> #
>>>>>>>>>>>> # LDAPv3
>>>>>>>>>>>> # base <sambaDomainName=WORKGROUP,dc=domain,dc=it> with scope sub
>>>>>>>>>>>> # filter: (objectclass=*)
>>>>>>>>>>>> # requesting: ALL
>>>>>>>>>>>> #
>>>>>>>>>>>>
>>>>>>>>>>>> # search result
>>>>>>>>>>>> search: 2
>>>>>>>>>>>> result: 34 Invalid DN syntax
>>>>>>>>>>>> text: invalid DN
>>>>>>>>>>>>
>>>>>>>>>>>> # numResponses: 1
>>>>>>>>>>>>
>>>>>>>>>>>> So: I'm not sure what is
>>> sambaDomainName=domain,dc=domain,dc=it...
>>>>>>>>>>>> I used WORKGROUP as it is the domain we use on pcs and the
>>> only one
>>>>>>>>>>>> defined in smb.conf
>>>>>>>>>>>>
>>>>>>>>>>>> I also tried using my pdc HOSTNAME
>>>>>>>>>>>>
>>>>>>>>>>>> and this was returned
>>>>>>>>>>>> # LDAPv3
>>>>>>>>>>>> # base <sambaDomainName=hostname,dc=domain,dc=it> with scope sub
>>>>>>>>>>>> # filter: (objectclass=*)
>>>>>>>>>>>> # requesting: ALL
>>>>>>>>>>>> #
>>>>>>>>>>>>
>>>>>>>>>>>> # search result
>>>>>>>>>>>> search: 2
>>>>>>>>>>>> result: 34 Invalid DN syntax
>>>>>>>>>>>> text: invalid DN
>>>>>>>>>>>>
>>>>>>>>>>>> # numResponses: 1
>>>>>>>>>>>>
>>>>>>>>>>>> Any way to get through this or how to use net command? Maybe
>>>>>>>> updating
>>>>>>>>>>>> samba-client?
>>>>>>>>>>>>
>>>>>>>>>>>> I tried rpm -i samba-client but it says
>>>>>>>>>>>> file /usr/share/man/man1/smbclient.1.gz from install of
>>>>>>>>>>>> samba-client-2.2.12-1.suse82 conflicts with file from package
>>>>>>>>>>>> samba-client-2.2.7a-72 when trying to rpm -i
>>>>>>>> samba-client-2.2.12-1.rpm
>>>>>>>>>>>>
>>>>>>>>>>>> I found also the original package but it says it is already
>>>>>>>> installed.
>>>>>>>>>>>>
>>>>>>>>>>>> What happens if I remove samba-client and reinstall it soon
>>> after on
>>>>>>>>>>>> the production pdc?
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Giorgio
>>>>>>>>>>>>
>>>>>>>>>>>> On 3/26/10, Vladimir Psenicka <vladimir.psenicka at prodeco.cz
>>> <mailto:vladimir.psenicka at prodeco.cz>> wrote:
>>>>>>>>>>>>> Dne 26.3.2010 13:50, GG napsal(a):
>>>>>>>>>>>>>> Hello!
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Have you samba-client package installed?
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> yes I do at least smbclient is there! but no net command :-/
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> PAVOUK\psenicka at psenicka:~> rpm -qf `which net`
>>>>>>>>>>>>>>>> samba-client-3.5.1-4.1.x86_64
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> So here are the issues encountered...
>>>>>>>>>>>>>> file /usr/share/man/man1/smbclient.1.gz from install of
>>>>>>>>>>>>>> samba-client-2.2.12-1.suse82 conflicts with file from package
>>>>>>>>>>>>>> samba-client-2.2.7a-72 when trying to rpm -i
>>>>>>>>>>>>>> samba-client-2.2.12-1.rpm
>>>>>>>>>>>>>> I found on net...
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> or you can dig domainsid from ldap
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> This sounds interesting! How do I do that?
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> modify to your needs (domain):
>>>>>>>>>>>>>
>>>>>>>>>>>>> ldapsearch -x -h ldap -D "cn=admin,dc=domain,dc=cz" -W -b
>>>>>>>>>>>>> "sambaDomainName=domain,dc=domain,dc=cz"
>>>>>>>>>>>>>
>>>>>>>>>>>>> sambaSID: is your domainsid
>>>>>>>>>>>>>
>>>>>>>>>>>>> or you can use phpldapadmin to manage you ldap from browser
>>>>>>>>>>>>>
>>>>>>>>>>>>>> Thanks very much!
>>>>>>>>>>>>>> Giorgio
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On 3/26/10, GG <jojomi at gmail.com <mailto:jojomi at gmail.com>>
>>> wrote<script
>>>>>>>> type="text/javascript"
>>>>>>>>
>>> src="https://mail.prodeco.cz/roundcube/program/js/tiny_mce/themes/advanced/langs/cs.js?s=1240817786"></script>:
>>>>>>>>>>>>>>> Hi!
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> I'll be at it in a few minutes installing samba client / net
>>>>>>>>>>>>>>> command :-)
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> I have a question about the samba sernet repos:
>>>>>>>>>>>>>>> Shall I apt-get remove samba and use
>>>>>>>>>>>>>>> http://enterprisesamba.com/index.php?id=148 +
>>>>>>>>>>>>>>> http://enterprisesamba.com/index.php?id=56
>>>>>>>>>>>>>>> instead from start?
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> What is the real advantage of sernet? What about installing
>>>>>>>>>>>>>>> official
>>>>>>>>>>>>>>> samba.org <http://samba.org> packages, are there
>>> differences with sernet
>>>>>>>> (stability?)
>>>>>>>>>>>>>>> or
>>>>>>>>>>>>>>> is it just a more liberal repository?
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Also I read
>>>>>>>>>>>>>>>>>> Ensure that all local user and group accounts that are
>>> used by
>>>>>>>>>>>>>>>>>> samba
>>>>>>>>>>>>>>>>>> have the same uid/gid.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Shall I copy /etc/shadow and /etc/passwd over? other files for
>>>>>>>>>>>>>>> groups
>>>>>>>>>>>>>>> and users?
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> I use rsync --verbose --progress --stats --compress
>>> --rsh=ssh \
>>>>>>>>>>>>>>> --recursive --times --perms --links \
>>>>>>>>>>>>>>> --owner --group --devices --specials \
>>>>>>>>>>>>>>> --exclude-from '/root/exclude.txt (if any, not in
>>> this case
>>>>>>>> as
>>>>>>>>>>>>>>> I'm only syncing data dir)' \
>>>>>>>>>>>>>>> root at old_PDC:/DATA /DATA
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> This should bring over every attribute set on files...
>>> correct?
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> [[[did only partially in one case: I set up a twin install
>>> (fresh
>>>>>>>>>>>>>>> install then live cd and full rsync and after that I kept mbr,
>>>>>>>> but
>>>>>>>>>>>>>>> changed /boot and the /ect/fstab settings) and the server
>>> started
>>>>>>>>>>>>>>> etc.. LDAP did not work though: authentication was not
>>>>>>>> available...
>>>>>>>>>>>>>>> So I must be missing something or this rsync parameter set
>>> must
>>>>>>>> be
>>>>>>>>>>>>>>> missing something.. I had disconnected old PDC, set same
>>> IP and
>>>>>>>>>>>>>>> hostname to the VM well this worked well for other
>>>>>>>> virtualizations
>>>>>>>>>>>>>>> and
>>>>>>>>>>>>>>> in this PDC I need to upgrade to win7 compatible samba version
>>>>>>>>>>>>>>> anyway
>>>>>>>>>>>>>>> :-)
>>>>>>>>>>>>>>> This was another story but just to share it as it is an
>>> excellent
>>>>>>>>>>>>>>> way
>>>>>>>>>>>>>>> of migrating sometimes specially for machines you do not
>>> master
>>>>>>>> and
>>>>>>>>>>>>>>> this is my case very often.]]]
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Cheers,
>>>>>>>>>>>>>>> Giorgio
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> On Fri, Mar 26, 2010 at 9:14 AM, Vladimir Psenicka
>>>>>>>>>>>>>>> <vladimir.psenicka at prodeco.cz
>>> <mailto:vladimir.psenicka at prodeco.cz>> wrote:
>>>>>>>>>>>>>>>> Hi
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Dne 25.3.2010 17:41, GG napsal(a):
>>>>>>>>>>>>>>>>> Hello Vladimir, John and all the NG :-)
>>>>>>>>>>>>>>>>> Thanks so much for answering. I really hoped someone
>>> would :-)
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> So I installed Debian latest stable netinst on the future
>>>>>>>>>>>>>>>>> production
>>>>>>>>>>>>>>>>> server and here are my issues in the quotes :-( no net
>>> command
>>>>>>>>>>>>>>>>> on my
>>>>>>>>>>>>>>>>> suse 8.2
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Cheers :-)
>>>>>>>>>>>>>>>>> Giorgio
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> On Thu, Mar 25, 2010 at 14:00, John H Terpstra
>>> <*@samba.org <http://samba.org>>
>>>>>>>>>>>>>>>>>> wrote:
>>>>>>>>>>>>>>>>>>> On 03/25/2010 03:33 AM, Vladimir Psenicka wrote:
>>>>>>>>>>>>>>>>>>> What about Debian Stable with Sernet samba repo, where you
>>>>>>>> can
>>>>>>>>>>>>>>>>>>> choose
>>>>>>>>>>>>>>>>>>> Samba 3.4.x or 3.5.x
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> My hints on migrating to new server:
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> 1. install new server (Samba,ldap etc.)
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> done :-) Debian Stable netinst
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> 2. set same hostname on new server
>>>>>>>>>>>>>>>>> My ignorance comes out :-)
>>>>>>>>>>>>>>>>> Must I set it different from the production server as FW
>>> points
>>>>>>>>>>>>>>>>> production.domain.com <http://production.domain.com> - I
>>> have clients using DNS=oldPDC and PDC
>>>>>>>>>>>>>>>>> forwards queries to FW. FW has pdc.domain.com
>>> <http://pdc.domain.com> defined to point
>>>>>>>>>>>>>>>>> to lan
>>>>>>>>>>>>>>>>> ip.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Ok, can be changed later
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> 3. export ldap data from old server and import them to new
>>>>>>>>>>>>>>>>>>> server
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> slapcat -f /etc/openldap/ldap.conf -l /ldap.ldif
>>>>>>>>>>>>>>>>> OK
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Ensure that all local user and group accounts that are
>>> used by
>>>>>>>>>>>>>>>>>> samba
>>>>>>>>>>>>>>>>>> have the same uid/gid.
>>>>>>>>>>>>>>>>> my ignorance again... another hint?
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> 4. export SID (net getlocalsid) and set it on new
>>> server (net
>>>>>>>>>>>>>>>>>>> setlocalsid oldsid)
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Note:
>>>>>>>>>>>>>>>>>> net getdomainsid (on old server)
>>>>>>>>>>>>>>>>>> net setdomainsid (on new server)
>>>>>>>>>>>>>>>>> thanks :-)
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> # net getdomainsid
>>>>>>>>>>>>>>>>> -bash: net: command not found :-( and not found in yast
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> I understand it has to do with extracting the sid from
>>>>>>>>>>>>>>>>> /etc/samba/secrets.tdb but how do I install the command?
>>> suse
>>>>>>>>>>>>>>>>> 8.2 yast
>>>>>>>>>>>>>>>>> has now net package and googling net is.. well wow!
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Have you samba-client package installed?
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> PAVOUK\psenicka at psenicka:~> rpm -qf `which net`
>>>>>>>>>>>>>>>> samba-client-3.5.1-4.1.x86_64
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> or you can dig domainsid from ldap
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> 5. configure samba on new server as PDC with ldap and
>>> shares
>>>>>>>>>>>>>>>>>>> in smb.conf
>>>>>>>>>>>>>>>>>>> from old samba smb.conf (check with testparm)
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> I see it only contains shares so I bet smb.conf would
>>> just keep
>>>>>>>>>>>>>>>>> all
>>>>>>>>>>>>>>>>> the old settings rigth? /DATA will be rsynced
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Maybe smb.conf from Samba2 is too different from Samba 3.
>>> I will
>>>>>>>>>>>>>>>> keep
>>>>>>>>>>>>>>>> current smb.conf on new server and add only shares from old
>>>>>>>>>>>>>>>> smb.conf to
>>>>>>>>>>>>>>>> new smb.conf.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> 6. stop samba on old server
>>>>>>>>>>>>>>>>>>> 7. copy all data (with perms) and netlogon share to new
>>>>>>>> server
>>>>>>>>>>>>>>>>>>> 8. stop old server
>>>>>>>>>>>>>>>>>>> 9. start samba on new server a check everything is working
>>>>>>>>>>>>>>>>>>> fine (domain
>>>>>>>>>>>>>>>>>>> logon from windows box, shares and perms)
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> This can be done best when no users are logged in samba
>>>>>>>> (maybe
>>>>>>>>>>>>>>>>>>> at weekend?)
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> P.S. We have ubuntu 8.04 as PDC and Windows 7 can't
>>> join to
>>>>>>>>>>>>>>>>>>> domain
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> thanks I move to Debian with ease :-) ubuntu is a great deb
>>>>>>>>>>>>>>>>> derived right?
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Ubuntu 8.04 LTS is now older than Debian Stable. When Ubuntu
>>>>>>>>>>>>>>>> 10.04 LTS
>>>>>>>>>>>>>>>> comes out this will be no longer truth.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Check http://wiki.samba.org for info regarding Windows 7.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Cheers,
>>>>>>>>>>>>>>>>>> John T.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> Dne 25.3.2010 01:05, GG napsal(a):
>>>>>>>>>>>>>>>>>>>> Hello Vladimir and hi all,
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Thanks very much for replying!
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Any suggested os? I'd go for debian or what advised,
>>> I just
>>>>>>>>>>>>>>>>>>>> happen to
>>>>>>>>>>>>>>>>>>>> know ubuntu more...
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Any strategy or hint on migrating from ancient ldap +
>>> samba
>>>>>>>>>>>>>>>>>>>> to a new server?
>>>>>>>>>>>>>>>>>>>> Already tried rsyncing (using all options to keep
>>> perms and
>>>>>>>>>>>>>>>>>>>> attributes
>>>>>>>>>>>>>>>>>>>> grp own mod etc) on a twin v-machine but server
>>> starts and
>>>>>>>>>>>>>>>>>>>> the ldap
>>>>>>>>>>>>>>>>>>>> auth fails to work :-(
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> I'm a bit stuck at the moment :-( and I have posponed the
>>>>>>>>>>>>>>>>>>>> problem for
>>>>>>>>>>>>>>>>>>>> too long grrr
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Giorgio
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> On Wed, Mar 24, 2010 at 9:20 AM, Vladimir Psenicka
>>>>>>>>>>>>>>>>>>>> <vladimir.psenicka at prodeco.cz
>>> <mailto:vladimir.psenicka at prodeco.cz>> wrote:
>>>>>>>>>>>>>>>>>>>>> Dne 23.3.2010 15:48, Giorgio napsal(a):
>>>>>>>>>>>>>>>>>>>>>> Hello,
>>>>>>>>>>>>>>>>>>>>>> Hopefully I'm in the right place asking for help :-)
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> I need to move from an old physical Suse 8.2 -
>>> samba 2.2.7
>>>>>>>>>>>>>>>>>>>>>> + ldap - to
>>>>>>>>>>>>>>>>>>>>>> latest samba versions, I would like to use an
>>> ubuntu 8.04
>>>>>>>>>>>>>>>>>>>>>> virtual machine.
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> The domain is in production on the physical server,
>>> to be
>>>>>>>>>>>>>>>>>>>>>> dismissed after
>>>>>>>>>>>>>>>>>>>>>> migration. It is also the file server!!! so /DATA/
>>> has all
>>>>>>>>>>>>>>>>>>>>>> shared and
>>>>>>>>>>>>>>>>>>>>>> permission driven file access..
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> I was following
>>>>>>>>>>>>>>>>>>>>>>
>>> https://help.ubuntu.com/8.10/serverguide/C/samba-dc.html
>>>>>>>> but
>>>>>>>>>>>>>>>>>>>>>> I realize I am in a different scenario...
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> Production so no errors are admitted :-(, migration
>>> to new
>>>>>>>>>>>>>>>>>>>>>> os and versions..
>>>>>>>>>>>>>>>>>>>>>> all at once?
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> I have a dump of the physical server (dd sda mbr and
>>>>>>>> single
>>>>>>>>>>>>>>>>>>>>>> partitions :)
>>>>>>>>>>>>>>>>>>>>>> plus an rsync with all permissions daily backup,
>>> just to
>>>>>>>> be
>>>>>>>>>>>>>>>>>>>>>> safe ;)
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> What would you guru's suggest as a strategy?
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> Can I create a new server and add it as secondary
>>> domain
>>>>>>>>>>>>>>>>>>>>>> controller and then
>>>>>>>>>>>>>>>>>>>>>> once the replica is up? I'd feel quite comfortable with
>>>>>>>>>>>>>>>>>>>>>> this method.
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> BTW I need a new version of samba as they have already
>>>>>>>>>>>>>>>>>>>>>> bought Windows 7
>>>>>>>>>>>>>>>>>>>>>> boxes (without asking if they were supported arrgh).
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> Thanks to all of you who read or answered :-)
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> Gio
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> Hi.
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> Ubuntu 8.10 is bad idea if you will be connecting
>>> Windows 7
>>>>>>>>>>>>>>>>>>>>> into domain,
>>>>>>>>>>>>>>>>>>>>> because of old Samba version. Samba 3.4.x or 3.5.x is
>>>>>>>>>>>>>>>>>>>>> recommended for
>>>>>>>>>>>>>>>>>>>>> Win7. Wait for Ubuntu 10.04 LTS (next month) if you want
>>>>>>>>>>>>>>>>>>>>> Ubuntu.
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>>>>>>> Vladimir Psenicka
>>>>>>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>>>>>>> To unsubscribe from this list go to the following
>>> URL and
>>>>>>>>>>>>>>>>>>>>> read the
>>>>>>>>>>>>>>>>>>>>> instructions:
>>>>>>>> https://lists.samba.org/mailman/options/samba
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>>>> To unsubscribe from this list go to the following URL
>>> and read
>>>>>>>>>>>>>>>>>> the
>>>>>>>>>>>>>>>>>>
>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>> Vladimir Psenicka
>>>>>>>>>>>>>>>> IT system engineer
>>>>>>>>>>>>>>>> PRODECO, a.s.
>>>>>>>>>>>>>>>> Tel.: 417 633 762
>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>> To unsubscribe from this list go to the following URL and
>>> read
>>>>>>>> the
>>>>>>>>>>>>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> --
>>>>>>>>>>>>> Vladimir Psenicka
>>>>>>>>>>>>> IT system engineer
>>>>>>>>>>>>> PRODECO, a.s.
>>>>>>>>>>>>> Tel.: 417 633 762
>>>>>>>>>>>>> --
>>>>>>>>>>>>> To unsubscribe from this list go to the following URL and
>>> read the
>>>>>>>>>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Vladimir Psenicka
>>>>>>>>>> IT system engineer
>>>>>>>>>> PRODECO, a.s.
>>>>>>>>>> Tel.: 417 633 762
>>>>>>>>>> --
>>>>>>>>>> To unsubscribe from this list go to the following URL and read the
>>>>>>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>>>>>>>
>>>>>>>> --
>>>>>>>> To unsubscribe from this list go to the following URL and read the
>>>>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Vladimir Psenicka
>>>>>> IT system engineer
>>>>>> PRODECO, a.s.
>>>>>> Tel.: 417 633 762
>>>>>>
>>>>
>>>>
>>>> --
>>>> Vladimir Psenicka
>>>> IT system engineer
>>>> PRODECO, a.s.
>>>> Tel.: 417 633 762
>>>>
>>>
>>>
>>
>>
>> --
>> Vladimir Psenicka
>> IT system engineer
>> PRODECO, a.s.
>> Tel.: 417 633 762
>>
--
Vladimir Psenicka
IT system engineer
PRODECO, a.s.
Tel.: 417 633 762
More information about the samba
mailing list