[Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04

Sun Apr 11 03:54:53 MDT 2010

I found this document to upgrade from samba 2 schema to 3:
http://samba.org/samba/docs/man/Samba-HOWTO-Collection/upgrading-to-3.0.html,
search "New Schema". Script is in /usr/share/doc/samba-doc/examples/LDAP/
on Ubuntu.

On Sat, 10 Apr 2010 21:32:19 +0200, Giorgio Gallo <giorgiogallo at gmail.com>
wrote:
> Hi Vladimir!
> 
> Ok for changing into sambaSamAccount but what about the sambaSID?
> It appears to be required!
> 
> Cheers,
> Giorgio
> 
> -----Original Message-----
> From: Vladimir Psenicka <vladimir.psenicka at prodeco.cz>
> Sent: sabato 10 aprile 2010 18.40
> To: GG <jojomi at gmail.com>
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to
> latest versions on ubuntu 8.04
> 
> Hi GG
> 
> 1. no delete, change objectClass:sambaAccount to
> objectClass:sambaSamAccount in ldif, sambaAccount is deprecated
> 2. uncomment lines with rid in samba.schema in HISTORICAL if you want to
> preserve rid attribute, else delete it (don't see rid in our ldif)
> 3. make all dn:uid=uid attribute
> 
> And after this try to import ldif ...
> 
> 
> On Fri, 9 Apr 2010 17:43:45 +0200, GG <jojomi at gmail.com> wrote:
>> Hello,
>> 
>> I would delete sambaAccount but all users also use samba to logon to
>> windows machines, wouldn't this prevent them from entering the domain
>> etc?
>> 
>>> dn: *uid=Christian Sanvi*,dc=Sistemi
>>> *uid: csanvi*
>> 
>> - I see what you mean. correct uid is csanvi: shall I make all dn:
>> uid=*uid later defined*,dc,dc,dc?
>> 
>> - I imported user correctly with no sambaAccount but what are the
>> consequences for usage with samba?
>> 
>> - sambaSID = should I put here the domain SID?
>> http://www.aput.net/~jheiss/samba/ldap.shtml (seems he )
>> sambaLMPassword = this should be like on LDAP any info?
>> sambaNTPassword = this should be like on LDAP any info?
>> sambaAcctFlags =
>> sambaDomain = this should be like domain-name??
>> 
>> The thing is I have to import LDAP and also make samba work after.
>> 
>> - Is it possible to just import all LDAP without sambaAccount or
>> sambaSamAccount and then add samba and domain part?
>> 
>> Ldap is just the back end, what then needs to work is samba and domain
> PDC
>> etc..
>> 
>> Giorgio
>> 
>> 
>> 
>> On 4/9/10, Vladimir Psenicka <vladimir.psenicka at prodeco.cz> wrote:
>>> Hi.
>>>
>>> Can you change *objectClass: sambaAccount* to *objectClass:
>>> sambaSamAccount* in whole ldif, but object class 'sambaSamAccount'
>>> requires attribute 'sambaSID' and maybee other samba* attributes. Or
>>> delete objectClass: sambaAccount from this dn when no samba* attribute
>>> is specified in this dn. I can't see objectClass: sambaAccount in our
>>> Samba 3.0 samba.schema.
>>>
>>> You can tune your old atributes (rid) in samba.schema: see HISTORICAL
>>>
>>>
>>> Next your uid in dn must exactly be same as atribute uid
>>>
>>>
>>> dn: *uid=Christian Sanvi*,dc=Sistemi
>>> Informativi,dc=People,dc=GG-s-Domain,dc=it
>>> structuralObjectClass: inetOrgPerson
>>> entryUUID: e969a5fc-584e-1027-9dc7-fa88d05ed16f
>>> creatorsName: cn=Manager,dc=GG-s-Domain,dc=it
>>> createTimestamp: 20030801093311Z
>>> objectClass: inetOrgPerson
>>> objectClass: person
>>> objectClass: posixAccount
>>> objectClass: shadowAccount
>>> mail: christian.sanvi at GG-s-Domain.it
>>> mailHost: mail.GG-s-Domain.it
>>> mailMessageStore: /var/qmail/maildirs/GG-s-Domain.it/christian.sanvi
>>> *uid: Christian Sanvi*
>>> cn: csanvi
>>> sn: sanvi
>>> shadowMax: 99999
>>> shadowWarning: 7
>>> loginShell: /bin/bash
>>> uidNumber: 1000
>>> gidNumber: 100
>>> homeDirectory: /home/christian
>>> gecos: Christian Sanvi,,,
>>> entryCSN: 2008042908:48:24Z#0x0002#0#0000
>>> modifiersName: cn=Manager,dc=GG-s-Domain,dc=it
>>> modifyTimestamp: 20080429084824Z
>>> userPassword:: e2NyeXB0fVc4Tmx0ck9pZDZhd3M=
>>> shadowLastChange: 14695
>>>
>>>
>>> This dn imported me fine (delete qmail and samba objectclass and rid
>>> attribute).
>>>
>>>
>>> Dne 9.4.2010 12:40, GG napsal(a):
>>> > Hello!
>>> >
>>> > So I added openldap.schema and qmail.schema, deleted /var/lib/ldap/*
>>> > and slapadd the ldif; I still get the same errors though!
>>> >
>>> > Being on the first line it seems as if dn: uid=,dc=,dc=,dc= is not
ok
>>> > for the new version, because it imports groups correctly  dn:
>>> > dc=,dc=,dc=
>>> >
>>> > Ideas?
>>> >
>>> > Cheers,
>>> > Giorgio
>>> >
>>> > On 4/8/10, Vladimir Psenicka <vladimir.psenicka at prodeco.cz> wrote:
>>> >> You have in gg-edited.ldif (first error on line 52):
>>> >>
>>> >> dn: uid=name surname,dc=Sistemi
>>> >> Informativi,dc=People,dc=GG-s-Domain,dc=it
>>> >> structuralObjectClass: inetOrgPerson
>>> >> entryUUID: e969a5fc-584e-1027-9dc7-fa88d05ed16f
>>> >> creatorsName: cn=Manager,dc=GG-s-Domain,dc=it
>>> >> createTimestamp: 20030801093311Z
>>> >> objectClass: inetOrgPerson
>>> >> objectClass: person
>>> >> objectClass: sambaAccount
>>> >> objectClass: qmailUser
>>> >> objectClass: posixAccount
>>> >> objectClass: shadowAccount
>>> >>
>>> >> Dou you have all apropriate schemas in your slapd.conf and in
>>> >> /etc/ldap/schema/ on your new server? You should have all schemas
in
>>> >> new
>>> >> slapd.conf as you had in slapd.conf on old server...qmail schema
>>> >> etc...
>>> >>
>>> >> Dne 8.4.2010 11:44, GG napsal(a):
>>> >>> Hello Vladimir and NG,
>>> >>>
>>> >>> I added samba.schema and removed the "" and it imported ldif
> without
>>> >>> saying anything about groups now :-)
>>> >>>
>>> >>> There are some warnings I am attaching.
>>> >>>
>>> >>> It moans about
>>> >>> str2entry: invalid value for attributeType objectClass #3 (syntax
>>> >>> 1.3.6.1.4.1.1466.115.121.1.38)
>>> >>> slapadd: could not parse entry (line=11937)
>>> >>> and if I look at the ldif I find this
>>> >>> dn: uid=someuid,dc=Filiali,dc=People,dc=domain,dc=it
>>> >>>
>>> >>> and other error
>>> >>> slapadd: could not parse entry (line=11116)
>>
> 
> [The entire original message is not included]