[Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04
GG
jojomi at gmail.com
Fri Apr 9 09:43:45 MDT 2010
Hello,
I would delete sambaAccount but all users also use samba to logon to
windows machines, wouldn't this prevent them from entering the domain
etc?
> dn: *uid=Christian Sanvi*,dc=Sistemi
> *uid: csanvi*
- I see what you mean. correct uid is csanvi: shall I make all dn:
uid=*uid later defined*,dc,dc,dc?
- I imported user correctly with no sambaAccount but what are the
consequences for usage with samba?
- sambaSID = should I put here the domain SID?
http://www.aput.net/~jheiss/samba/ldap.shtml (seems he )
sambaLMPassword = this should be like on LDAP any info?
sambaNTPassword = this should be like on LDAP any info?
sambaAcctFlags =
sambaDomain = this should be like domain-name??
The thing is I have to import LDAP and also make samba work after.
- Is it possible to just import all LDAP without sambaAccount or
sambaSamAccount and then add samba and domain part?
Ldap is just the back end, what then needs to work is samba and domain PDC etc..
Giorgio
On 4/9/10, Vladimir Psenicka <vladimir.psenicka at prodeco.cz> wrote:
> Hi.
>
> Can you change *objectClass: sambaAccount* to *objectClass:
> sambaSamAccount* in whole ldif, but object class 'sambaSamAccount'
> requires attribute 'sambaSID' and maybee other samba* attributes. Or
> delete objectClass: sambaAccount from this dn when no samba* attribute
> is specified in this dn. I can't see objectClass: sambaAccount in our
> Samba 3.0 samba.schema.
>
> You can tune your old atributes (rid) in samba.schema: see HISTORICAL
>
>
> Next your uid in dn must exactly be same as atribute uid
>
>
> dn: *uid=Christian Sanvi*,dc=Sistemi
> Informativi,dc=People,dc=GG-s-Domain,dc=it
> structuralObjectClass: inetOrgPerson
> entryUUID: e969a5fc-584e-1027-9dc7-fa88d05ed16f
> creatorsName: cn=Manager,dc=GG-s-Domain,dc=it
> createTimestamp: 20030801093311Z
> objectClass: inetOrgPerson
> objectClass: person
> objectClass: posixAccount
> objectClass: shadowAccount
> mail: christian.sanvi at GG-s-Domain.it
> mailHost: mail.GG-s-Domain.it
> mailMessageStore: /var/qmail/maildirs/GG-s-Domain.it/christian.sanvi
> *uid: Christian Sanvi*
> cn: csanvi
> sn: sanvi
> shadowMax: 99999
> shadowWarning: 7
> loginShell: /bin/bash
> uidNumber: 1000
> gidNumber: 100
> homeDirectory: /home/christian
> gecos: Christian Sanvi,,,
> entryCSN: 2008042908:48:24Z#0x0002#0#0000
> modifiersName: cn=Manager,dc=GG-s-Domain,dc=it
> modifyTimestamp: 20080429084824Z
> userPassword:: e2NyeXB0fVc4Tmx0ck9pZDZhd3M=
> shadowLastChange: 14695
>
>
> This dn imported me fine (delete qmail and samba objectclass and rid
> attribute).
>
>
> Dne 9.4.2010 12:40, GG napsal(a):
> > Hello!
> >
> > So I added openldap.schema and qmail.schema, deleted /var/lib/ldap/*
> > and slapadd the ldif; I still get the same errors though!
> >
> > Being on the first line it seems as if dn: uid=,dc=,dc=,dc= is not ok
> > for the new version, because it imports groups correctly dn:
> > dc=,dc=,dc=
> >
> > Ideas?
> >
> > Cheers,
> > Giorgio
> >
> > On 4/8/10, Vladimir Psenicka <vladimir.psenicka at prodeco.cz> wrote:
> >> You have in gg-edited.ldif (first error on line 52):
> >>
> >> dn: uid=name surname,dc=Sistemi
> >> Informativi,dc=People,dc=GG-s-Domain,dc=it
> >> structuralObjectClass: inetOrgPerson
> >> entryUUID: e969a5fc-584e-1027-9dc7-fa88d05ed16f
> >> creatorsName: cn=Manager,dc=GG-s-Domain,dc=it
> >> createTimestamp: 20030801093311Z
> >> objectClass: inetOrgPerson
> >> objectClass: person
> >> objectClass: sambaAccount
> >> objectClass: qmailUser
> >> objectClass: posixAccount
> >> objectClass: shadowAccount
> >>
> >> Dou you have all apropriate schemas in your slapd.conf and in
> >> /etc/ldap/schema/ on your new server? You should have all schemas in new
> >> slapd.conf as you had in slapd.conf on old server...qmail schema etc...
> >>
> >> Dne 8.4.2010 11:44, GG napsal(a):
> >>> Hello Vladimir and NG,
> >>>
> >>> I added samba.schema and removed the "" and it imported ldif without
> >>> saying anything about groups now :-)
> >>>
> >>> There are some warnings I am attaching.
> >>>
> >>> It moans about
> >>> str2entry: invalid value for attributeType objectClass #3 (syntax
> >>> 1.3.6.1.4.1.1466.115.121.1.38)
> >>> slapadd: could not parse entry (line=11937)
> >>> and if I look at the ldif I find this
> >>> dn: uid=someuid,dc=Filiali,dc=People,dc=domain,dc=it
> >>>
> >>> and other error
> >>> slapadd: could not parse entry (line=11116)
> >>> <= str2entry: str2ad(mailHost): attribute type undefined
> >>> this is the line in ldfi...
> >>>
> >>> dn: uid=otheruid,dc=Esterni,dc=People,dc=domain,dc=it
> >>> cn: otheruid
> >>>
> >>> But the line is always the dn:
> >>> uid=someuid,dc=SomeSubDc,dc=People,dc=domain,dc=it
> >>>
> >>> but reading mailHost: I have a line in many accounts with maildir and
> >>> mail host etc that I don't need any more; shall I remove lines
> >>> containing mail attributes? (mytextools.com <http://mytextools.com> is
> >>> great but I suppose there must be some regular expression too)
> >>>
> >>> I did a slapcat from destination server and it imported groups but no
> >>> actual users.
> >>>
> >>> I removed mail alternate attibutes (not mail: as it used for creating
> >>> alias from ldap into mail server) anyway the error seems to be in the
> >>> DN. it needs a dn but it gives this error
> >>> str2entry: invalid value for attributeType objectClass #3 (syntax
> >>> 1.3.6.1.4.1.1466.115.121.1.38)
> >>> slapadd: could not parse entry (line=1)
> >>>
> >>> importing a single user from a partial ldif..
> >>>
> >>>
> >>> Giorgio
> >>>
> >>> On 4/8/10, Vladimir Psenicka <vladimir.psenicka at prodeco.cz
> >>> <mailto:vladimir.psenicka at prodeco.cz>> wrote:
> >>>> 1. comments to slapd.conf:
> >>>>
> >>>> if slapd.conf.destination is on your new server, then you are missing
> >>>> samba schema in your slapd.conf.destination.
> >>>>
> >>>> slapd.conf on new server:
> >>>> ....
> >>>> include /etc/ldap/schema/samba.schema
> >>>> ....
> >>>>
> >>>> Get samba.schema from your current samba instalation on new server. It
> >>>> should be in somewhere in: /usr/share/doc/samba-doc/examples/LDAP/
> >>>>
> >>>> 2. comments on error importing ldif:
> >>>>
> >>>> slapadd-ing.LOG:
> >>>>
> >>>> slapadd: dn="dc=People,dc=GG-s-Domain,dc=it" (line=26): (64) value of
> >>>> naming attribute 'dc' is not present in entry
> >>>>
> >>>> which is in gg-edited.ldif:
> >>>>
> >>>> dn: dc=People,dc=GG-s-Domain,dc=it
> >>>> objectClass: dcObject
> >>>> objectClass: organizationalUnit
> >>>> ou: "People"
> >>>> dc: "People"
> >>>> structuralObjectClass: organizationalUnit
> >>>> entryUUID: 067e823e-5845-1027-9dc5-fa88d05ed16f
> >>>> creatorsName: cn=Manager,dc=GG-s-Domain,dc=it
> >>>> createTimestamp: 20030801082225Z
> >>>> entryCSN: 2003080108:22:25Z#0x0001#0#0000
> >>>> modifiersName: cn=Manager,dc=GG-s-Domain,dc=it
> >>>> modifyTimestamp: 20030801082225Z
> >>>>
> >>>> Can you try delete quotes in ou: "People" and dc: "People" and try to
> >>>> import ldif again? Or you can try delete objectClass: dcObject and dc:
> >>>> "People". In our ldap we haven't objectClass: dcObject in dn:
> >>>> ou=Users,dc=pavouk,dc=cz
> >>>>
> >>>> my ldif:
> >>>>
> >>>> dn: ou=Users,dc=pavouk,dc=cz
> >>>> objectClass: organizationalUnit
> >>>> ou: Users
> >>>> structuralObjectClass: organizationalUnit
> >>>> entryUUID: 00014016-c3a2-1029-9d4e-9147cb3e97d5
> >>>> creatorsName: cn=Manager,dc=pavouk,dc=cz
> >>>> createTimestamp: 20050927125727Z
> >>>> entryCSN: 20050927125727.000000Z#000001#000#000000
> >>>> modifiersName: cn=Manager,dc=pavouk,dc=cz
> >>>> modifyTimestamp: 20050927125727Z
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> Dne 7.4.2010 16:14, GG napsal(a):
> >>>>> Hello Vladimir and anyone else reading :-) !
> >>>>>
> >>>>> Attaching these files:
> >>>>>
> >>>>> - gg-edited.ldif
> >>>>> - slapd.conf.destination.txt
> >>>>> - slapd.conf.source.txt
> >>>>> - ldap.conf.destination.txt
> >>>>> - ldap.conf.source.txt
> >>>>> - slapadd-ing.LOG this was the log while importing ldif
> >>>>>
> >>>>>
> >>>>> NET SID ETC
> >>>>> net setlocalsid
> >>> S-1-5-21-1168...........-..................-...............2
> >>>>> net setdomainsid
> >>> S-1-5-21-1168...........-..................-...............1
> >>>>>
> >>>>> does net setlocal and domain sid have sense or should it be
> >>>>> net setdomainsid
> >>>>> twice with different sids?
> >>>>>
> >>>>> Thanks very much!
> >>>>>
> >>>>> Giorgio
> >>>>>
> >>>>> On 4/6/10, Vladimir Psenicka <vladimir.psenicka at prodeco.cz
> >>> <mailto:vladimir.psenicka at prodeco.cz>> wrote:
> >>>>>> Hi Gorgio
> >>>>>>
> >>>>>> Dne 2.4.2010 17:01, GG napsal(a):
> >>>>>>> Hi all,
> >>>>>>>
> >>>>>>> So I have
> >>>>>>> openldap2-2.1.12-74
> >>>>>>> samba-2.2.7a-72
> >>>>>>>
> >>>>>>> I would like to migrate this existing PDC service to a new server and
> >>>>>>> to current production / stable releases (especially for windows 7
> >>>>>>> joining to the domain).
> >>>>>>>
> >>>>>>> New server is Debian Lenny stable.
> >>>>>>>
> >>>>>>> I have exported the domain SID, and ldap.ldif
> >>>>>>>
> >>>>>>> Now lets get down to it :-)
> >>>>>>> Before importing should I do something about organizational units
> >>> and so? How?
> >>>>>>>
> >>>>>>>> Import only data to LDAP no configs (slapcat->slapadd)
> >>>>>>> slapadd -c -l slapcat.ldif
> >>>>>>> I did this but attached errors showed up.
> >>>>>>>
> >>>>>>> Error, entries missing!
> >>>>>>> entry 3: dc=people,dc=ExampleDomain,dc=it
> >>>>>>> entry 4: dc=groups,dc=people,dc=ExampleDomain,dc=it
> >>>>>>
> >>>>>> Can you post first 100 lines of your ldif you try to import? You
> >>>>>> probably missing some base ldif.
> >>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> I know nothing about ldap, but my ldap is probably missing some pre
> >>>>>>> required settings ? :-/
> >>>>>>>
> >>>>>>
> >>>>>> Can you post slapd.conf also?
> >>>>>>
> >>>>>>
> >>>>>>> Cheers!
> >>>>>>> Giorgio
> >>>>>>>
> >>>>>>>> Configs yes, live data no, but if you have ldap it *should* be
> >>> enough to
> >>>>>>>> import ldif from old server, configure samba to use ldap and run
> >>> smbpasswd
> >>>>>>>> -W to store ldap admin dn pass to secrets.tdb. After that you can
> >>> test if
> >>>>>>>> samba see imported users in ldap (pdbedit -L).
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> On 3/27/10, Vladimir Psenicka <vladimir.psenicka at prodeco.cz
> >>> <mailto:vladimir.psenicka at prodeco.cz>> wrote:
> >>>>>>>> On Fri, 26 Mar 2010 15:32:50 +0100, GG <jojomi at gmail.com
> >>> <mailto:jojomi at gmail.com>> wrote:
> >>>>>>>>> wow I made it!
> >>>>>>>>>
> >>>>>>>>> I copied net and all the libs it complained about from another suse
> >>>>>>>>> server which was not missing it :-)
> >>>>>>>>>
> >>>>>>>>> [2010/03/26 15:07:37, 0] param/loadparm.c:map_parameter(2435)
> >>>>>>>>> Unknown parameter encountered: "domain admin group"
> >>>>>>>>> [2010/03/26 15:07:37, 0] param/loadparm.c:lp_do_parameter(3125)
> >>>>>>>>> Ignoring unknown parameter "domain admin group"
> >>>>>>>>> SID for domain ThisIsLikeTheHostNameOrMaybeAtestDomain???
> >>>>>>>>> is: S-1-5-21-1bla bla
> >>>>>>>>> SID for domain THISISMYDOMAIN is: S-1-5-other-bla bla
> >>>>>>>>>
> >>>>>>>>> Which shall I import?
> >>>>>>>>>
> >>>>>>>>
> >>>>>>>> Import both for sure:-). First is localsid, second is domainsid
> >>>>>>>>
> >>>>>>>>> So now back to mail number 2 :-)
> >>>>>>>>>
> >>>>>>>>> LDAP: I exported ldif :-) now
> >>>>>>>>> I copied /etc/groups passwd shadow aliases
> >>>>>>>>>
> >>>>>>>>> now on the new server:
> >>>>>>>>>
> >>>>>>>>> how do I import LDAP and all its configs,
> >>>>>>>>> samba and all its configs are only in smb.conf?
> >>>>>>>>>
> >>>>>>>> Import only data to LDAP no configs (slapcat->slapadd)
> >>>>>>>> Configs yes, live data no, but if you have ldap it *should* be
> >>> enough to
> >>>>>>>> import ldif from old server, configure samba to use ldap and run
> >>> smbpasswd
> >>>>>>>> -W to store ldap admin dn pass to secrets.tdb. After that you can
> >>> test if
> >>>>>>>> samba see imported users in ldap (pdbedit -L).
> >>>>>>>>
> >>>>>>>>> :-)
> >>>>>>>>> Giorgio
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> On 3/26/10, Vladimir Psenicka <vladimir.psenicka at prodeco.cz
> >>> <mailto:vladimir.psenicka at prodeco.cz>> wrote:
> >>>>>>>>>> Paste ldap admin dn or ldap suffix in your smb.conf
> >>>>>>>>>>
> >>>>>>>>>> Dne 26.3.2010 15:24, Vladimir Psenicka napsal(a):
> >>>>>>>>>>> try this:
> >>>>>>>>>>>
> >>>>>>>>>>> ldapsearch -x -h localhost -D "cn=Manager,dc=WORKGROUP,dc=it"
> >>> -W -b
> >>>>>>>>>>> "sambaDomainName=WORKGROUP,dc=WORKGROUP,dc=it"
> >>>>>>>>>>>
> >>>>>>>>>>> Dne 26.3.2010 15:00, GG napsal(a):
> >>>>>>>>>>>> Hello!
> >>>>>>>>>>>>
> >>>>>>>>>>>> I'm stuck on getdomainsid: Net command is missing even though
> >>> libs
> >>>>>>>> and
> >>>>>>>>>>>> smbclient are installed.
> >>>>>>>>>>>>
> >>>>>>>>>>>> I tried this:
> >>>>>>>>>>>> # ldapsearch -x -h localhost -D "cn=Manager,dc=domain,dc=it"
> >>> -W -b
> >>>>>>>>>>>> "sambaDomainName=WORKGROUP,dc=domain,dc=it"
> >>>>>>>>>>>> Enter LDAP Password:
> >>>>>>>>>>>> # extended LDIF
> >>>>>>>>>>>> #
> >>>>>>>>>>>> # LDAPv3
> >>>>>>>>>>>> # base <sambaDomainName=WORKGROUP,dc=domain,dc=it> with scope sub
> >>>>>>>>>>>> # filter: (objectclass=*)
> >>>>>>>>>>>> # requesting: ALL
> >>>>>>>>>>>> #
> >>>>>>>>>>>>
> >>>>>>>>>>>> # search result
> >>>>>>>>>>>> search: 2
> >>>>>>>>>>>> result: 34 Invalid DN syntax
> >>>>>>>>>>>> text: invalid DN
> >>>>>>>>>>>>
> >>>>>>>>>>>> # numResponses: 1
> >>>>>>>>>>>>
> >>>>>>>>>>>> So: I'm not sure what is
> >>> sambaDomainName=domain,dc=domain,dc=it...
> >>>>>>>>>>>> I used WORKGROUP as it is the domain we use on pcs and the
> >>> only one
> >>>>>>>>>>>> defined in smb.conf
> >>>>>>>>>>>>
> >>>>>>>>>>>> I also tried using my pdc HOSTNAME
> >>>>>>>>>>>>
> >>>>>>>>>>>> and this was returned
> >>>>>>>>>>>> # LDAPv3
> >>>>>>>>>>>> # base <sambaDomainName=hostname,dc=domain,dc=it> with scope sub
> >>>>>>>>>>>> # filter: (objectclass=*)
> >>>>>>>>>>>> # requesting: ALL
> >>>>>>>>>>>> #
> >>>>>>>>>>>>
> >>>>>>>>>>>> # search result
> >>>>>>>>>>>> search: 2
> >>>>>>>>>>>> result: 34 Invalid DN syntax
> >>>>>>>>>>>> text: invalid DN
> >>>>>>>>>>>>
> >>>>>>>>>>>> # numResponses: 1
> >>>>>>>>>>>>
> >>>>>>>>>>>> Any way to get through this or how to use net command? Maybe
> >>>>>>>> updating
> >>>>>>>>>>>> samba-client?
> >>>>>>>>>>>>
> >>>>>>>>>>>> I tried rpm -i samba-client but it says
> >>>>>>>>>>>> file /usr/share/man/man1/smbclient.1.gz from install of
> >>>>>>>>>>>> samba-client-2.2.12-1.suse82 conflicts with file from package
> >>>>>>>>>>>> samba-client-2.2.7a-72 when trying to rpm -i
> >>>>>>>> samba-client-2.2.12-1.rpm
> >>>>>>>>>>>>
> >>>>>>>>>>>> I found also the original package but it says it is already
> >>>>>>>> installed.
> >>>>>>>>>>>>
> >>>>>>>>>>>> What happens if I remove samba-client and reinstall it soon
> >>> after on
> >>>>>>>>>>>> the production pdc?
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>> Giorgio
> >>>>>>>>>>>>
> >>>>>>>>>>>> On 3/26/10, Vladimir Psenicka <vladimir.psenicka at prodeco.cz
> >>> <mailto:vladimir.psenicka at prodeco.cz>> wrote:
> >>>>>>>>>>>>> Dne 26.3.2010 13:50, GG napsal(a):
> >>>>>>>>>>>>>> Hello!
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> Have you samba-client package installed?
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> yes I do at least smbclient is there! but no net command :-/
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> PAVOUK\psenicka at psenicka:~> rpm -qf `which net`
> >>>>>>>>>>>>>>>> samba-client-3.5.1-4.1.x86_64
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> So here are the issues encountered...
> >>>>>>>>>>>>>> file /usr/share/man/man1/smbclient.1.gz from install of
> >>>>>>>>>>>>>> samba-client-2.2.12-1.suse82 conflicts with file from package
> >>>>>>>>>>>>>> samba-client-2.2.7a-72 when trying to rpm -i
> >>>>>>>>>>>>>> samba-client-2.2.12-1.rpm
> >>>>>>>>>>>>>> I found on net...
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> or you can dig domainsid from ldap
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> This sounds interesting! How do I do that?
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> modify to your needs (domain):
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> ldapsearch -x -h ldap -D "cn=admin,dc=domain,dc=cz" -W -b
> >>>>>>>>>>>>> "sambaDomainName=domain,dc=domain,dc=cz"
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> sambaSID: is your domainsid
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> or you can use phpldapadmin to manage you ldap from browser
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>> Thanks very much!
> >>>>>>>>>>>>>> Giorgio
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> On 3/26/10, GG <jojomi at gmail.com <mailto:jojomi at gmail.com>>
> >>> wrote<script
> >>>>>>>> type="text/javascript"
> >>>>>>>>
> >>> src="https://mail.prodeco.cz/roundcube/program/js/tiny_mce/themes/advanced/langs/cs.js?s=1240817786"></script>:
> >>>>>>>>>>>>>>> Hi!
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> I'll be at it in a few minutes installing samba client / net
> >>>>>>>>>>>>>>> command :-)
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> I have a question about the samba sernet repos:
> >>>>>>>>>>>>>>> Shall I apt-get remove samba and use
> >>>>>>>>>>>>>>> http://enterprisesamba.com/index.php?id=148 +
> >>>>>>>>>>>>>>> http://enterprisesamba.com/index.php?id=56
> >>>>>>>>>>>>>>> instead from start?
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> What is the real advantage of sernet? What about installing
> >>>>>>>>>>>>>>> official
> >>>>>>>>>>>>>>> samba.org <http://samba.org> packages, are there
> >>> differences with sernet
> >>>>>>>> (stability?)
> >>>>>>>>>>>>>>> or
> >>>>>>>>>>>>>>> is it just a more liberal repository?
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> Also I read
> >>>>>>>>>>>>>>>>>> Ensure that all local user and group accounts that are
> >>> used by
> >>>>>>>>>>>>>>>>>> samba
> >>>>>>>>>>>>>>>>>> have the same uid/gid.
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> Shall I copy /etc/shadow and /etc/passwd over? other files for
> >>>>>>>>>>>>>>> groups
> >>>>>>>>>>>>>>> and users?
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> I use rsync --verbose --progress --stats --compress
> >>> --rsh=ssh \
> >>>>>>>>>>>>>>> --recursive --times --perms --links \
> >>>>>>>>>>>>>>> --owner --group --devices --specials \
> >>>>>>>>>>>>>>> --exclude-from '/root/exclude.txt (if any, not in
> >>> this case
> >>>>>>>> as
> >>>>>>>>>>>>>>> I'm only syncing data dir)' \
> >>>>>>>>>>>>>>> root at old_PDC:/DATA /DATA
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> This should bring over every attribute set on files...
> >>> correct?
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> [[[did only partially in one case: I set up a twin install
> >>> (fresh
> >>>>>>>>>>>>>>> install then live cd and full rsync and after that I kept mbr,
> >>>>>>>> but
> >>>>>>>>>>>>>>> changed /boot and the /ect/fstab settings) and the server
> >>> started
> >>>>>>>>>>>>>>> etc.. LDAP did not work though: authentication was not
> >>>>>>>> available...
> >>>>>>>>>>>>>>> So I must be missing something or this rsync parameter set
> >>> must
> >>>>>>>> be
> >>>>>>>>>>>>>>> missing something.. I had disconnected old PDC, set same
> >>> IP and
> >>>>>>>>>>>>>>> hostname to the VM well this worked well for other
> >>>>>>>> virtualizations
> >>>>>>>>>>>>>>> and
> >>>>>>>>>>>>>>> in this PDC I need to upgrade to win7 compatible samba version
> >>>>>>>>>>>>>>> anyway
> >>>>>>>>>>>>>>> :-)
> >>>>>>>>>>>>>>> This was another story but just to share it as it is an
> >>> excellent
> >>>>>>>>>>>>>>> way
> >>>>>>>>>>>>>>> of migrating sometimes specially for machines you do not
> >>> master
> >>>>>>>> and
> >>>>>>>>>>>>>>> this is my case very often.]]]
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> Cheers,
> >>>>>>>>>>>>>>> Giorgio
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> On Fri, Mar 26, 2010 at 9:14 AM, Vladimir Psenicka
> >>>>>>>>>>>>>>> <vladimir.psenicka at prodeco.cz
> >>> <mailto:vladimir.psenicka at prodeco.cz>> wrote:
> >>>>>>>>>>>>>>>> Hi
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> Dne 25.3.2010 17:41, GG napsal(a):
> >>>>>>>>>>>>>>>>> Hello Vladimir, John and all the NG :-)
> >>>>>>>>>>>>>>>>> Thanks so much for answering. I really hoped someone
> >>> would :-)
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> So I installed Debian latest stable netinst on the future
> >>>>>>>>>>>>>>>>> production
> >>>>>>>>>>>>>>>>> server and here are my issues in the quotes :-( no net
> >>> command
> >>>>>>>>>>>>>>>>> on my
> >>>>>>>>>>>>>>>>> suse 8.2
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> Cheers :-)
> >>>>>>>>>>>>>>>>> Giorgio
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> On Thu, Mar 25, 2010 at 14:00, John H Terpstra
> >>> <*@samba.org <http://samba.org>>
> >>>>>>>>>>>>>>>>>> wrote:
> >>>>>>>>>>>>>>>>>>> On 03/25/2010 03:33 AM, Vladimir Psenicka wrote:
> >>>>>>>>>>>>>>>>>>> What about Debian Stable with Sernet samba repo, where you
> >>>>>>>> can
> >>>>>>>>>>>>>>>>>>> choose
> >>>>>>>>>>>>>>>>>>> Samba 3.4.x or 3.5.x
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> My hints on migrating to new server:
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> 1. install new server (Samba,ldap etc.)
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> done :-) Debian Stable netinst
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> 2. set same hostname on new server
> >>>>>>>>>>>>>>>>> My ignorance comes out :-)
> >>>>>>>>>>>>>>>>> Must I set it different from the production server as FW
> >>> points
> >>>>>>>>>>>>>>>>> production.domain.com <http://production.domain.com> - I
> >>> have clients using DNS=oldPDC and PDC
> >>>>>>>>>>>>>>>>> forwards queries to FW. FW has pdc.domain.com
> >>> <http://pdc.domain.com> defined to point
> >>>>>>>>>>>>>>>>> to lan
> >>>>>>>>>>>>>>>>> ip.
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> Ok, can be changed later
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> 3. export ldap data from old server and import them to new
> >>>>>>>>>>>>>>>>>>> server
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> slapcat -f /etc/openldap/ldap.conf -l /ldap.ldif
> >>>>>>>>>>>>>>>>> OK
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> Ensure that all local user and group accounts that are
> >>> used by
> >>>>>>>>>>>>>>>>>> samba
> >>>>>>>>>>>>>>>>>> have the same uid/gid.
> >>>>>>>>>>>>>>>>> my ignorance again... another hint?
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> 4. export SID (net getlocalsid) and set it on new
> >>> server (net
> >>>>>>>>>>>>>>>>>>> setlocalsid oldsid)
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> Note:
> >>>>>>>>>>>>>>>>>> net getdomainsid (on old server)
> >>>>>>>>>>>>>>>>>> net setdomainsid (on new server)
> >>>>>>>>>>>>>>>>> thanks :-)
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> # net getdomainsid
> >>>>>>>>>>>>>>>>> -bash: net: command not found :-( and not found in yast
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> I understand it has to do with extracting the sid from
> >>>>>>>>>>>>>>>>> /etc/samba/secrets.tdb but how do I install the command?
> >>> suse
> >>>>>>>>>>>>>>>>> 8.2 yast
> >>>>>>>>>>>>>>>>> has now net package and googling net is.. well wow!
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> Have you samba-client package installed?
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> PAVOUK\psenicka at psenicka:~> rpm -qf `which net`
> >>>>>>>>>>>>>>>> samba-client-3.5.1-4.1.x86_64
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> or you can dig domainsid from ldap
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> 5. configure samba on new server as PDC with ldap and
> >>> shares
> >>>>>>>>>>>>>>>>>>> in smb.conf
> >>>>>>>>>>>>>>>>>>> from old samba smb.conf (check with testparm)
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> I see it only contains shares so I bet smb.conf would
> >>> just keep
> >>>>>>>>>>>>>>>>> all
> >>>>>>>>>>>>>>>>> the old settings rigth? /DATA will be rsynced
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> Maybe smb.conf from Samba2 is too different from Samba 3.
> >>> I will
> >>>>>>>>>>>>>>>> keep
> >>>>>>>>>>>>>>>> current smb.conf on new server and add only shares from old
> >>>>>>>>>>>>>>>> smb.conf to
> >>>>>>>>>>>>>>>> new smb.conf.
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> 6. stop samba on old server
> >>>>>>>>>>>>>>>>>>> 7. copy all data (with perms) and netlogon share to new
> >>>>>>>> server
> >>>>>>>>>>>>>>>>>>> 8. stop old server
> >>>>>>>>>>>>>>>>>>> 9. start samba on new server a check everything is working
> >>>>>>>>>>>>>>>>>>> fine (domain
> >>>>>>>>>>>>>>>>>>> logon from windows box, shares and perms)
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> This can be done best when no users are logged in samba
> >>>>>>>> (maybe
> >>>>>>>>>>>>>>>>>>> at weekend?)
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> P.S. We have ubuntu 8.04 as PDC and Windows 7 can't
> >>> join to
> >>>>>>>>>>>>>>>>>>> domain
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> thanks I move to Debian with ease :-) ubuntu is a great deb
> >>>>>>>>>>>>>>>>> derived right?
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> Ubuntu 8.04 LTS is now older than Debian Stable. When Ubuntu
> >>>>>>>>>>>>>>>> 10.04 LTS
> >>>>>>>>>>>>>>>> comes out this will be no longer truth.
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> Check http://wiki.samba.org for info regarding Windows 7.
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> Cheers,
> >>>>>>>>>>>>>>>>>> John T.
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> Dne 25.3.2010 01:05, GG napsal(a):
> >>>>>>>>>>>>>>>>>>>> Hello Vladimir and hi all,
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>> Thanks very much for replying!
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>> Any suggested os? I'd go for debian or what advised,
> >>> I just
> >>>>>>>>>>>>>>>>>>>> happen to
> >>>>>>>>>>>>>>>>>>>> know ubuntu more...
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>> Any strategy or hint on migrating from ancient ldap +
> >>> samba
> >>>>>>>>>>>>>>>>>>>> to a new server?
> >>>>>>>>>>>>>>>>>>>> Already tried rsyncing (using all options to keep
> >>> perms and
> >>>>>>>>>>>>>>>>>>>> attributes
> >>>>>>>>>>>>>>>>>>>> grp own mod etc) on a twin v-machine but server
> >>> starts and
> >>>>>>>>>>>>>>>>>>>> the ldap
> >>>>>>>>>>>>>>>>>>>> auth fails to work :-(
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>> I'm a bit stuck at the moment :-( and I have posponed the
> >>>>>>>>>>>>>>>>>>>> problem for
> >>>>>>>>>>>>>>>>>>>> too long grrr
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>> Giorgio
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>> On Wed, Mar 24, 2010 at 9:20 AM, Vladimir Psenicka
> >>>>>>>>>>>>>>>>>>>> <vladimir.psenicka at prodeco.cz
> >>> <mailto:vladimir.psenicka at prodeco.cz>> wrote:
> >>>>>>>>>>>>>>>>>>>>> Dne 23.3.2010 15:48, Giorgio napsal(a):
> >>>>>>>>>>>>>>>>>>>>>> Hello,
> >>>>>>>>>>>>>>>>>>>>>> Hopefully I'm in the right place asking for help :-)
> >>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>> I need to move from an old physical Suse 8.2 -
> >>> samba 2.2.7
> >>>>>>>>>>>>>>>>>>>>>> + ldap - to
> >>>>>>>>>>>>>>>>>>>>>> latest samba versions, I would like to use an
> >>> ubuntu 8.04
> >>>>>>>>>>>>>>>>>>>>>> virtual machine.
> >>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>> The domain is in production on the physical server,
> >>> to be
> >>>>>>>>>>>>>>>>>>>>>> dismissed after
> >>>>>>>>>>>>>>>>>>>>>> migration. It is also the file server!!! so /DATA/
> >>> has all
> >>>>>>>>>>>>>>>>>>>>>> shared and
> >>>>>>>>>>>>>>>>>>>>>> permission driven file access..
> >>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>> I was following
> >>>>>>>>>>>>>>>>>>>>>>
> >>> https://help.ubuntu.com/8.10/serverguide/C/samba-dc.html
> >>>>>>>> but
> >>>>>>>>>>>>>>>>>>>>>> I realize I am in a different scenario...
> >>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>> Production so no errors are admitted :-(, migration
> >>> to new
> >>>>>>>>>>>>>>>>>>>>>> os and versions..
> >>>>>>>>>>>>>>>>>>>>>> all at once?
> >>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>> I have a dump of the physical server (dd sda mbr and
> >>>>>>>> single
> >>>>>>>>>>>>>>>>>>>>>> partitions :)
> >>>>>>>>>>>>>>>>>>>>>> plus an rsync with all permissions daily backup,
> >>> just to
> >>>>>>>> be
> >>>>>>>>>>>>>>>>>>>>>> safe ;)
> >>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>> What would you guru's suggest as a strategy?
> >>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>> Can I create a new server and add it as secondary
> >>> domain
> >>>>>>>>>>>>>>>>>>>>>> controller and then
> >>>>>>>>>>>>>>>>>>>>>> once the replica is up? I'd feel quite comfortable with
> >>>>>>>>>>>>>>>>>>>>>> this method.
> >>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>> BTW I need a new version of samba as they have already
> >>>>>>>>>>>>>>>>>>>>>> bought Windows 7
> >>>>>>>>>>>>>>>>>>>>>> boxes (without asking if they were supported arrgh).
> >>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>> Thanks to all of you who read or answered :-)
> >>>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>>> Gio
> >>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>> Hi.
> >>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>> Ubuntu 8.10 is bad idea if you will be connecting
> >>> Windows 7
> >>>>>>>>>>>>>>>>>>>>> into domain,
> >>>>>>>>>>>>>>>>>>>>> because of old Samba version. Samba 3.4.x or 3.5.x is
> >>>>>>>>>>>>>>>>>>>>> recommended for
> >>>>>>>>>>>>>>>>>>>>> Win7. Wait for Ubuntu 10.04 LTS (next month) if you want
> >>>>>>>>>>>>>>>>>>>>> Ubuntu.
> >>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>> --
> >>>>>>>>>>>>>>>>>>>>> Vladimir Psenicka
> >>>>>>>>>>>>>>>>>>>>> --
> >>>>>>>>>>>>>>>>>>>>> To unsubscribe from this list go to the following
> >>> URL and
> >>>>>>>>>>>>>>>>>>>>> read the
> >>>>>>>>>>>>>>>>>>>>> instructions:
> >>>>>>>> https://lists.samba.org/mailman/options/samba
> >>>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> --
> >>>>>>>>>>>>>>>>>> To unsubscribe from this list go to the following URL
> >>> and read
> >>>>>>>>>>>>>>>>>> the
> >>>>>>>>>>>>>>>>>>
> >>> instructions: https://lists.samba.org/mailman/options/samba
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> --
> >>>>>>>>>>>>>>>> Vladimir Psenicka
> >>>>>>>>>>>>>>>> IT system engineer
> >>>>>>>>>>>>>>>> PRODECO, a.s.
> >>>>>>>>>>>>>>>> Tel.: 417 633 762
> >>>>>>>>>>>>>>>> --
> >>>>>>>>>>>>>>>> To unsubscribe from this list go to the following URL and
> >>> read
> >>>>>>>> the
> >>>>>>>>>>>>>>>> instructions: https://lists.samba.org/mailman/options/samba
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> --
> >>>>>>>>>>>>> Vladimir Psenicka
> >>>>>>>>>>>>> IT system engineer
> >>>>>>>>>>>>> PRODECO, a.s.
> >>>>>>>>>>>>> Tel.: 417 633 762
> >>>>>>>>>>>>> --
> >>>>>>>>>>>>> To unsubscribe from this list go to the following URL and
> >>> read the
> >>>>>>>>>>>>> instructions: https://lists.samba.org/mailman/options/samba
> >>>>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> --
> >>>>>>>>>> Vladimir Psenicka
> >>>>>>>>>> IT system engineer
> >>>>>>>>>> PRODECO, a.s.
> >>>>>>>>>> Tel.: 417 633 762
> >>>>>>>>>> --
> >>>>>>>>>> To unsubscribe from this list go to the following URL and read the
> >>>>>>>>>> instructions: https://lists.samba.org/mailman/options/samba
> >>>>>>>>>>
> >>>>>>>> --
> >>>>>>>> To unsubscribe from this list go to the following URL and read the
> >>>>>>>> instructions: https://lists.samba.org/mailman/options/samba
> >>>>>>>>
> >>>>>>
> >>>>>>
> >>>>>> --
> >>>>>> Vladimir Psenicka
> >>>>>> IT system engineer
> >>>>>> PRODECO, a.s.
> >>>>>> Tel.: 417 633 762
> >>>>>>
> >>>>
> >>>>
> >>>> --
> >>>> Vladimir Psenicka
> >>>> IT system engineer
> >>>> PRODECO, a.s.
> >>>> Tel.: 417 633 762
> >>>>
> >>>
> >>>
> >>
> >>
> >> --
> >> Vladimir Psenicka
> >> IT system engineer
> >> PRODECO, a.s.
> >> Tel.: 417 633 762
> >>
>
>
> --
> Vladimir Psenicka
> IT system engineer
> PRODECO, a.s.
> Tel.: 417 633 762
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list