[Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04
Giorgio Gallo
giorgiogallo at gmail.com
Sat Apr 10 13:32:19 MDT 2010
Hi Vladimir!
Ok for changing into sambaSamAccount but what about the sambaSID?
It appears to be required!
Cheers,
Giorgio
-----Original Message-----
From: Vladimir Psenicka <vladimir.psenicka at prodeco.cz>
Sent: sabato 10 aprile 2010 18.40
To: GG <jojomi at gmail.com>
Cc: samba at lists.samba.org
Subject: Re: [Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04
Hi GG
1. no delete, change objectClass:sambaAccount to
objectClass:sambaSamAccount in ldif, sambaAccount is deprecated
2. uncomment lines with rid in samba.schema in HISTORICAL if you want to
preserve rid attribute, else delete it (don't see rid in our ldif)
3. make all dn:uid=uid attribute
And after this try to import ldif ...
On Fri, 9 Apr 2010 17:43:45 +0200, GG <jojomi at gmail.com> wrote:
> Hello,
>
> I would delete sambaAccount but all users also use samba to logon to
> windows machines, wouldn't this prevent them from entering the domain
> etc?
>
>> dn: *uid=Christian Sanvi*,dc=Sistemi
>> *uid: csanvi*
>
> - I see what you mean. correct uid is csanvi: shall I make all dn:
> uid=*uid later defined*,dc,dc,dc?
>
> - I imported user correctly with no sambaAccount but what are the
> consequences for usage with samba?
>
> - sambaSID = should I put here the domain SID?
> http://www.aput.net/~jheiss/samba/ldap.shtml (seems he )
> sambaLMPassword = this should be like on LDAP any info?
> sambaNTPassword = this should be like on LDAP any info?
> sambaAcctFlags =
> sambaDomain = this should be like domain-name??
>
> The thing is I have to import LDAP and also make samba work after.
>
> - Is it possible to just import all LDAP without sambaAccount or
> sambaSamAccount and then add samba and domain part?
>
> Ldap is just the back end, what then needs to work is samba and domain
PDC
> etc..
>
> Giorgio
>
>
>
> On 4/9/10, Vladimir Psenicka <vladimir.psenicka at prodeco.cz> wrote:
>> Hi.
>>
>> Can you change *objectClass: sambaAccount* to *objectClass:
>> sambaSamAccount* in whole ldif, but object class 'sambaSamAccount'
>> requires attribute 'sambaSID' and maybee other samba* attributes. Or
>> delete objectClass: sambaAccount from this dn when no samba* attribute
>> is specified in this dn. I can't see objectClass: sambaAccount in our
>> Samba 3.0 samba.schema.
>>
>> You can tune your old atributes (rid) in samba.schema: see HISTORICAL
>>
>>
>> Next your uid in dn must exactly be same as atribute uid
>>
>>
>> dn: *uid=Christian Sanvi*,dc=Sistemi
>> Informativi,dc=People,dc=GG-s-Domain,dc=it
>> structuralObjectClass: inetOrgPerson
>> entryUUID: e969a5fc-584e-1027-9dc7-fa88d05ed16f
>> creatorsName: cn=Manager,dc=GG-s-Domain,dc=it
>> createTimestamp: 20030801093311Z
>> objectClass: inetOrgPerson
>> objectClass: person
>> objectClass: posixAccount
>> objectClass: shadowAccount
>> mail: christian.sanvi at GG-s-Domain.it
>> mailHost: mail.GG-s-Domain.it
>> mailMessageStore: /var/qmail/maildirs/GG-s-Domain.it/christian.sanvi
>> *uid: Christian Sanvi*
>> cn: csanvi
>> sn: sanvi
>> shadowMax: 99999
>> shadowWarning: 7
>> loginShell: /bin/bash
>> uidNumber: 1000
>> gidNumber: 100
>> homeDirectory: /home/christian
>> gecos: Christian Sanvi,,,
>> entryCSN: 2008042908:48:24Z#0x0002#0#0000
>> modifiersName: cn=Manager,dc=GG-s-Domain,dc=it
>> modifyTimestamp: 20080429084824Z
>> userPassword:: e2NyeXB0fVc4Tmx0ck9pZDZhd3M=
>> shadowLastChange: 14695
>>
>>
>> This dn imported me fine (delete qmail and samba objectclass and rid
>> attribute).
>>
>>
>> Dne 9.4.2010 12:40, GG napsal(a):
>> > Hello!
>> >
>> > So I added openldap.schema and qmail.schema, deleted /var/lib/ldap/*
>> > and slapadd the ldif; I still get the same errors though!
>> >
>> > Being on the first line it seems as if dn: uid=,dc=,dc=,dc= is not ok
>> > for the new version, because it imports groups correctly dn:
>> > dc=,dc=,dc=
>> >
>> > Ideas?
>> >
>> > Cheers,
>> > Giorgio
>> >
>> > On 4/8/10, Vladimir Psenicka <vladimir.psenicka at prodeco.cz> wrote:
>> >> You have in gg-edited.ldif (first error on line 52):
>> >>
>> >> dn: uid=name surname,dc=Sistemi
>> >> Informativi,dc=People,dc=GG-s-Domain,dc=it
>> >> structuralObjectClass: inetOrgPerson
>> >> entryUUID: e969a5fc-584e-1027-9dc7-fa88d05ed16f
>> >> creatorsName: cn=Manager,dc=GG-s-Domain,dc=it
>> >> createTimestamp: 20030801093311Z
>> >> objectClass: inetOrgPerson
>> >> objectClass: person
>> >> objectClass: sambaAccount
>> >> objectClass: qmailUser
>> >> objectClass: posixAccount
>> >> objectClass: shadowAccount
>> >>
>> >> Dou you have all apropriate schemas in your slapd.conf and in
>> >> /etc/ldap/schema/ on your new server? You should have all schemas in
>> >> new
>> >> slapd.conf as you had in slapd.conf on old server...qmail schema
>> >> etc...
>> >>
>> >> Dne 8.4.2010 11:44, GG napsal(a):
>> >>> Hello Vladimir and NG,
>> >>>
>> >>> I added samba.schema and removed the "" and it imported ldif
without
>> >>> saying anything about groups now :-)
>> >>>
>> >>> There are some warnings I am attaching.
>> >>>
>> >>> It moans about
>> >>> str2entry: invalid value for attributeType objectClass #3 (syntax
>> >>> 1.3.6.1.4.1.1466.115.121.1.38)
>> >>> slapadd: could not parse entry (line=11937)
>> >>> and if I look at the ldif I find this
>> >>> dn: uid=someuid,dc=Filiali,dc=People,dc=domain,dc=it
>> >>>
>> >>> and other error
>> >>> slapadd: could not parse entry (line=11116)
>
[The entire original message is not included]
More information about the samba
mailing list