[Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04

Vladimir Psenicka vladimir.psenicka at prodeco.cz
Fri Mar 26 07:12:02 MDT 2010


Dne 26.3.2010 13:50, GG napsal(a):
> Hello!
> 
>>> Have you samba-client package installed?
>>>
> 
> yes I do at least smbclient is there! but no net command :-/
> 
>>> PAVOUK\psenicka at psenicka:~> rpm -qf `which net`
>>> samba-client-3.5.1-4.1.x86_64
> 
> So here are the issues encountered...
> file /usr/share/man/man1/smbclient.1.gz from install of
> samba-client-2.2.12-1.suse82 conflicts with file from package
> samba-client-2.2.7a-72 when trying to rpm -i samba-client-2.2.12-1.rpm
> I found on net...
> 
>>>
>>> or you can dig domainsid from ldap
> 
> This sounds interesting! How do I do that?
> 

modify to your needs (domain):

ldapsearch -x -h ldap -D "cn=admin,dc=domain,dc=cz" -W -b
"sambaDomainName=domain,dc=domain,dc=cz"

sambaSID: is your domainsid

or you can use phpldapadmin to manage you ldap from browser

> Thanks very much!
> Giorgio
> 
> On 3/26/10, GG <jojomi at gmail.com> wrote:
>> Hi!
>>
>> I'll be at it in a few minutes installing samba client / net command :-)
>>
>> I have a question about the samba sernet repos:
>> Shall I apt-get remove samba and use
>> http://enterprisesamba.com/index.php?id=148 +
>> http://enterprisesamba.com/index.php?id=56
>>  instead from start?
>>
>> What is the real advantage of sernet? What about installing official
>> samba.org packages, are there differences with sernet (stability?) or
>> is it just a more liberal repository?
>>
>> Also I read
>>>>> Ensure that all local user and group accounts that are used by samba
>>>>> have the same uid/gid.
>>
>> Shall I copy /etc/shadow and /etc/passwd over? other files for groups
>> and users?
>>
>> I use rsync --verbose  --progress --stats --compress --rsh=ssh \
>>      --recursive --times --perms --links  \
>>      --owner --group --devices --specials \
>>      --exclude-from '/root/exclude.txt (if any, not in this case as
>> I'm only syncing data dir)' \
>>      root at old_PDC:/DATA /DATA
>>
>> This should bring over every attribute set on files... correct?
>>
>> [[[did only partially in one case: I set up a twin install (fresh
>> install then live cd and full rsync and after that I kept mbr, but
>> changed /boot and the /ect/fstab settings) and the server started
>> etc.. LDAP did not work though: authentication was not available...
>> So I must be missing something or this rsync parameter set must be
>> missing something.. I had disconnected old PDC, set same IP and
>> hostname to the VM well this worked well for other virtualizations and
>> in this PDC I need to upgrade to win7 compatible samba version anyway
>> :-)
>> This was another story but just to share it as it is an excellent way
>> of migrating sometimes specially for machines you do not master and
>> this is my case very often.]]]
>>
>> Cheers,
>> Giorgio
>>
>> On Fri, Mar 26, 2010 at 9:14 AM, Vladimir Psenicka
>> <vladimir.psenicka at prodeco.cz> wrote:
>>> Hi
>>>
>>> Dne 25.3.2010 17:41, GG napsal(a):
>>>> Hello Vladimir, John and all the NG :-)
>>>> Thanks so much for answering. I really hoped someone would :-)
>>>>
>>>> So I installed Debian latest stable netinst on the future production
>>>> server and here are my issues in the quotes :-( no net command on my
>>>> suse 8.2
>>>>
>>>> Cheers :-)
>>>> Giorgio
>>>>
>>>>
>>>>> On Thu, Mar 25, 2010 at 14:00, John H Terpstra <*@samba.org> wrote:
>>>>>> On 03/25/2010 03:33 AM, Vladimir Psenicka wrote:
>>>>>> What about Debian Stable with Sernet samba repo, where you can choose
>>>>>> Samba 3.4.x or 3.5.x
>>>>>>
>>>>>> My hints on migrating to new server:
>>>>>>
>>>>>> 1. install new server (Samba,ldap etc.)
>>>>
>>>> done :-) Debian Stable netinst
>>>>
>>>>>> 2. set same hostname on new server
>>>> My ignorance comes out :-)
>>>> Must I set it different from the production server as FW points
>>>> production.domain.com - I have clients using DNS=oldPDC and PDC
>>>> forwards queries to FW. FW has pdc.domain.com defined to point to lan
>>>> ip.
>>>>
>>>
>>> Ok, can be changed later
>>>
>>>>>> 3. export ldap data from old server and import them to new server
>>>>
>>>> slapcat -f /etc/openldap/ldap.conf -l /ldap.ldif
>>>> OK
>>>>
>>>>> Ensure that all local user and group accounts that are used by samba
>>>>> have the same uid/gid.
>>>> my ignorance again... another hint?
>>>>>
>>>>>> 4. export SID (net getlocalsid) and set it on new server (net
>>>>>> setlocalsid oldsid)
>>>>>
>>>>> Note:
>>>>>  net getdomainsid (on old server)
>>>>>  net setdomainsid (on new server)
>>>> thanks :-)
>>>>
>>>> # net getdomainsid
>>>> -bash: net: command not found :-( and not found in yast
>>>>
>>>> I understand it has to do with extracting the sid from
>>>> /etc/samba/secrets.tdb but how do I install the command? suse 8.2 yast
>>>> has now net package and googling net is.. well wow!
>>>>
>>>
>>> Have you samba-client package installed?
>>>
>>> PAVOUK\psenicka at psenicka:~> rpm -qf `which net`
>>> samba-client-3.5.1-4.1.x86_64
>>>
>>> or you can dig domainsid from ldap
>>>
>>>>>> 5. configure samba on new server as PDC with ldap and shares in smb.conf
>>>>>> from old samba smb.conf (check with testparm)
>>>>
>>>> I see it only contains shares so I bet smb.conf would just keep all
>>>> the old settings rigth? /DATA will be rsynced
>>>>
>>>
>>> Maybe smb.conf from Samba2 is too different from Samba 3. I will keep
>>> current smb.conf on new server and add only shares from old smb.conf to
>>> new smb.conf.
>>>
>>>>>> 6. stop samba on old server
>>>>>> 7. copy all data (with perms) and netlogon share to new server
>>>>>> 8. stop old server
>>>>>> 9. start samba on new server a check everything is working fine (domain
>>>>>> logon from windows box, shares and perms)
>>>>>>
>>>>>> This can be done best when no users are logged in samba (maybe at weekend?)
>>>>>>
>>>>>> P.S. We have ubuntu 8.04 as PDC and Windows 7 can't join to domain
>>>>
>>>> thanks I move to Debian with ease :-) ubuntu is a great deb derived right?
>>>>
>>> Ubuntu 8.04 LTS is now older than Debian Stable. When Ubuntu 10.04 LTS
>>> comes out this will be no longer truth.
>>>
>>>>> Check http://wiki.samba.org for info regarding Windows 7.
>>>>>
>>>>> Cheers,
>>>>> John T.
>>>>>
>>>>>> Dne 25.3.2010 01:05, GG napsal(a):
>>>>>>> Hello Vladimir and hi all,
>>>>>>>
>>>>>>> Thanks very much for replying!
>>>>>>>
>>>>>>> Any suggested os? I'd go for debian or what advised, I just happen to
>>>>>>> know ubuntu more...
>>>>>>>
>>>>>>>
>>>>>>> Any strategy or hint on migrating from ancient ldap + samba to a new server?
>>>>>>> Already tried rsyncing (using all options to keep perms and attributes
>>>>>>> grp  own mod etc) on a twin v-machine but server starts and the ldap
>>>>>>> auth fails to work :-(
>>>>>>>
>>>>>>> I'm a bit stuck at the moment :-( and I have posponed the problem for
>>>>>>> too long grrr
>>>>>>>
>>>>>>> Giorgio
>>>>>>>
>>>>>>> On Wed, Mar 24, 2010 at 9:20 AM, Vladimir Psenicka
>>>>>>> <vladimir.psenicka at prodeco.cz> wrote:
>>>>>>>> Dne 23.3.2010 15:48, Giorgio napsal(a):
>>>>>>>>> Hello,
>>>>>>>>> Hopefully I'm in the right place asking for help :-)
>>>>>>>>>
>>>>>>>>> I need to move from an old physical Suse 8.2 - samba 2.2.7 + ldap - to
>>>>>>>>> latest samba versions, I would like to use an ubuntu 8.04 virtual machine.
>>>>>>>>>
>>>>>>>>> The domain is in production on the physical server, to be dismissed after
>>>>>>>>> migration. It is also the file server!!! so /DATA/ has all shared and
>>>>>>>>> permission driven file access..
>>>>>>>>>
>>>>>>>>> I was following https://help.ubuntu.com/8.10/serverguide/C/samba-dc.html but
>>>>>>>>> I realize I am in a different scenario...
>>>>>>>>>
>>>>>>>>> Production so no errors are admitted :-(, migration to new os and versions..
>>>>>>>>> all at once?
>>>>>>>>>
>>>>>>>>> I have a dump of the physical server (dd sda mbr and single partitions :)
>>>>>>>>> plus an rsync with all permissions daily backup, just to be safe ;)
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> What would you guru's suggest as a strategy?
>>>>>>>>>
>>>>>>>>> Can I create a new server and add it as secondary domain controller and then
>>>>>>>>> once the replica is up? I'd feel quite comfortable with this method.
>>>>>>>>>
>>>>>>>>> BTW I need a new version of samba as they have already bought Windows 7
>>>>>>>>> boxes (without asking if they were supported arrgh).
>>>>>>>>>
>>>>>>>>> Thanks to all of you who read or answered :-)
>>>>>>>>>
>>>>>>>>> Gio
>>>>>>>>
>>>>>>>> Hi.
>>>>>>>>
>>>>>>>> Ubuntu 8.10 is bad idea if you will be connecting Windows 7 into domain,
>>>>>>>> because of old Samba version. Samba 3.4.x or 3.5.x is recommended for
>>>>>>>> Win7. Wait for Ubuntu 10.04 LTS (next month) if you want Ubuntu.
>>>>>>>>
>>>>>>>> --
>>>>>>>> Vladimir Psenicka
>>>>>>>> --
>>>>>>>> To unsubscribe from this list go to the following URL and read the
>>>>>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>> To unsubscribe from this list go to the following URL and read the
>>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>>
>>> --
>>> Vladimir Psenicka
>>> IT system engineer
>>> PRODECO, a.s.
>>> Tel.: 417 633 762
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>


-- 
Vladimir Psenicka
IT system engineer
PRODECO, a.s.
Tel.: 417 633 762


More information about the samba mailing list