[Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04

Vladimir Psenicka vladimir.psenicka at prodeco.cz
Fri Mar 26 08:30:00 MDT 2010


Paste ldap admin dn or ldap suffix in your smb.conf

Dne 26.3.2010 15:24, Vladimir Psenicka napsal(a):
> try this:
> 
> ldapsearch -x -h localhost -D "cn=Manager,dc=WORKGROUP,dc=it" -W -b
> "sambaDomainName=WORKGROUP,dc=WORKGROUP,dc=it"
> 
> Dne 26.3.2010 15:00, GG napsal(a):
>> Hello!
>>
>> I'm stuck on getdomainsid: Net command is missing even though libs and
>> smbclient are installed.
>>
>> I tried this:
>> # ldapsearch -x -h localhost -D "cn=Manager,dc=domain,dc=it" -W -b
>> "sambaDomainName=WORKGROUP,dc=domain,dc=it"
>> Enter LDAP Password:
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <sambaDomainName=WORKGROUP,dc=domain,dc=it> with scope sub
>> # filter: (objectclass=*)
>> # requesting: ALL
>> #
>>
>> # search result
>> search: 2
>> result: 34 Invalid DN syntax
>> text: invalid DN
>>
>> # numResponses: 1
>>
>> So: I'm not sure what is sambaDomainName=domain,dc=domain,dc=it...
>> I used WORKGROUP as it is the domain we use on pcs and the only one
>> defined in smb.conf
>>
>> I also tried using my pdc HOSTNAME
>>
>> and this was returned
>> # LDAPv3
>> # base <sambaDomainName=hostname,dc=domain,dc=it> with scope sub
>> # filter: (objectclass=*)
>> # requesting: ALL
>> #
>>
>> # search result
>> search: 2
>> result: 34 Invalid DN syntax
>> text: invalid DN
>>
>> # numResponses: 1
>>
>> Any way to get through this or how to use net command? Maybe updating
>> samba-client?
>>
>> I tried rpm -i samba-client but it says
>> file /usr/share/man/man1/smbclient.1.gz from install of
>> samba-client-2.2.12-1.suse82 conflicts with file from package
>> samba-client-2.2.7a-72 when trying to rpm -i samba-client-2.2.12-1.rpm
>>
>> I found also the original package but it says it is already installed.
>>
>> What happens if I remove samba-client and reinstall it soon after on
>> the production pdc?
>>
>>
>> Giorgio
>>
>> On 3/26/10, Vladimir Psenicka <vladimir.psenicka at prodeco.cz> wrote:
>>> Dne 26.3.2010 13:50, GG napsal(a):
>>>> Hello!
>>>>
>>>>>> Have you samba-client package installed?
>>>>>>
>>>>
>>>> yes I do at least smbclient is there! but no net command :-/
>>>>
>>>>>> PAVOUK\psenicka at psenicka:~> rpm -qf `which net`
>>>>>> samba-client-3.5.1-4.1.x86_64
>>>>
>>>> So here are the issues encountered...
>>>> file /usr/share/man/man1/smbclient.1.gz from install of
>>>> samba-client-2.2.12-1.suse82 conflicts with file from package
>>>> samba-client-2.2.7a-72 when trying to rpm -i samba-client-2.2.12-1.rpm
>>>> I found on net...
>>>>
>>>>>>
>>>>>> or you can dig domainsid from ldap
>>>>
>>>> This sounds interesting! How do I do that?
>>>>
>>>
>>> modify to your needs (domain):
>>>
>>> ldapsearch -x -h ldap -D "cn=admin,dc=domain,dc=cz" -W -b
>>> "sambaDomainName=domain,dc=domain,dc=cz"
>>>
>>> sambaSID: is your domainsid
>>>
>>> or you can use phpldapadmin to manage you ldap from browser
>>>
>>>> Thanks very much!
>>>> Giorgio
>>>>
>>>> On 3/26/10, GG <jojomi at gmail.com> wrote:
>>>>> Hi!
>>>>>
>>>>> I'll be at it in a few minutes installing samba client / net command :-)
>>>>>
>>>>> I have a question about the samba sernet repos:
>>>>> Shall I apt-get remove samba and use
>>>>> http://enterprisesamba.com/index.php?id=148 +
>>>>> http://enterprisesamba.com/index.php?id=56
>>>>>  instead from start?
>>>>>
>>>>> What is the real advantage of sernet? What about installing official
>>>>> samba.org packages, are there differences with sernet (stability?) or
>>>>> is it just a more liberal repository?
>>>>>
>>>>> Also I read
>>>>>>>> Ensure that all local user and group accounts that are used by samba
>>>>>>>> have the same uid/gid.
>>>>>
>>>>> Shall I copy /etc/shadow and /etc/passwd over? other files for groups
>>>>> and users?
>>>>>
>>>>> I use rsync --verbose  --progress --stats --compress --rsh=ssh \
>>>>>      --recursive --times --perms --links  \
>>>>>      --owner --group --devices --specials \
>>>>>      --exclude-from '/root/exclude.txt (if any, not in this case as
>>>>> I'm only syncing data dir)' \
>>>>>      root at old_PDC:/DATA /DATA
>>>>>
>>>>> This should bring over every attribute set on files... correct?
>>>>>
>>>>> [[[did only partially in one case: I set up a twin install (fresh
>>>>> install then live cd and full rsync and after that I kept mbr, but
>>>>> changed /boot and the /ect/fstab settings) and the server started
>>>>> etc.. LDAP did not work though: authentication was not available...
>>>>> So I must be missing something or this rsync parameter set must be
>>>>> missing something.. I had disconnected old PDC, set same IP and
>>>>> hostname to the VM well this worked well for other virtualizations and
>>>>> in this PDC I need to upgrade to win7 compatible samba version anyway
>>>>> :-)
>>>>> This was another story but just to share it as it is an excellent way
>>>>> of migrating sometimes specially for machines you do not master and
>>>>> this is my case very often.]]]
>>>>>
>>>>> Cheers,
>>>>> Giorgio
>>>>>
>>>>> On Fri, Mar 26, 2010 at 9:14 AM, Vladimir Psenicka
>>>>> <vladimir.psenicka at prodeco.cz> wrote:
>>>>>> Hi
>>>>>>
>>>>>> Dne 25.3.2010 17:41, GG napsal(a):
>>>>>>> Hello Vladimir, John and all the NG :-)
>>>>>>> Thanks so much for answering. I really hoped someone would :-)
>>>>>>>
>>>>>>> So I installed Debian latest stable netinst on the future production
>>>>>>> server and here are my issues in the quotes :-( no net command on my
>>>>>>> suse 8.2
>>>>>>>
>>>>>>> Cheers :-)
>>>>>>> Giorgio
>>>>>>>
>>>>>>>
>>>>>>>> On Thu, Mar 25, 2010 at 14:00, John H Terpstra <*@samba.org> wrote:
>>>>>>>>> On 03/25/2010 03:33 AM, Vladimir Psenicka wrote:
>>>>>>>>> What about Debian Stable with Sernet samba repo, where you can choose
>>>>>>>>> Samba 3.4.x or 3.5.x
>>>>>>>>>
>>>>>>>>> My hints on migrating to new server:
>>>>>>>>>
>>>>>>>>> 1. install new server (Samba,ldap etc.)
>>>>>>>
>>>>>>> done :-) Debian Stable netinst
>>>>>>>
>>>>>>>>> 2. set same hostname on new server
>>>>>>> My ignorance comes out :-)
>>>>>>> Must I set it different from the production server as FW points
>>>>>>> production.domain.com - I have clients using DNS=oldPDC and PDC
>>>>>>> forwards queries to FW. FW has pdc.domain.com defined to point to lan
>>>>>>> ip.
>>>>>>>
>>>>>>
>>>>>> Ok, can be changed later
>>>>>>
>>>>>>>>> 3. export ldap data from old server and import them to new server
>>>>>>>
>>>>>>> slapcat -f /etc/openldap/ldap.conf -l /ldap.ldif
>>>>>>> OK
>>>>>>>
>>>>>>>> Ensure that all local user and group accounts that are used by samba
>>>>>>>> have the same uid/gid.
>>>>>>> my ignorance again... another hint?
>>>>>>>>
>>>>>>>>> 4. export SID (net getlocalsid) and set it on new server (net
>>>>>>>>> setlocalsid oldsid)
>>>>>>>>
>>>>>>>> Note:
>>>>>>>>  net getdomainsid (on old server)
>>>>>>>>  net setdomainsid (on new server)
>>>>>>> thanks :-)
>>>>>>>
>>>>>>> # net getdomainsid
>>>>>>> -bash: net: command not found :-( and not found in yast
>>>>>>>
>>>>>>> I understand it has to do with extracting the sid from
>>>>>>> /etc/samba/secrets.tdb but how do I install the command? suse 8.2 yast
>>>>>>> has now net package and googling net is.. well wow!
>>>>>>>
>>>>>>
>>>>>> Have you samba-client package installed?
>>>>>>
>>>>>> PAVOUK\psenicka at psenicka:~> rpm -qf `which net`
>>>>>> samba-client-3.5.1-4.1.x86_64
>>>>>>
>>>>>> or you can dig domainsid from ldap
>>>>>>
>>>>>>>>> 5. configure samba on new server as PDC with ldap and shares in smb.conf
>>>>>>>>> from old samba smb.conf (check with testparm)
>>>>>>>
>>>>>>> I see it only contains shares so I bet smb.conf would just keep all
>>>>>>> the old settings rigth? /DATA will be rsynced
>>>>>>>
>>>>>>
>>>>>> Maybe smb.conf from Samba2 is too different from Samba 3. I will keep
>>>>>> current smb.conf on new server and add only shares from old smb.conf to
>>>>>> new smb.conf.
>>>>>>
>>>>>>>>> 6. stop samba on old server
>>>>>>>>> 7. copy all data (with perms) and netlogon share to new server
>>>>>>>>> 8. stop old server
>>>>>>>>> 9. start samba on new server a check everything is working fine (domain
>>>>>>>>> logon from windows box, shares and perms)
>>>>>>>>>
>>>>>>>>> This can be done best when no users are logged in samba (maybe at weekend?)
>>>>>>>>>
>>>>>>>>> P.S. We have ubuntu 8.04 as PDC and Windows 7 can't join to domain
>>>>>>>
>>>>>>> thanks I move to Debian with ease :-) ubuntu is a great deb derived right?
>>>>>>>
>>>>>> Ubuntu 8.04 LTS is now older than Debian Stable. When Ubuntu 10.04 LTS
>>>>>> comes out this will be no longer truth.
>>>>>>
>>>>>>>> Check http://wiki.samba.org for info regarding Windows 7.
>>>>>>>>
>>>>>>>> Cheers,
>>>>>>>> John T.
>>>>>>>>
>>>>>>>>> Dne 25.3.2010 01:05, GG napsal(a):
>>>>>>>>>> Hello Vladimir and hi all,
>>>>>>>>>>
>>>>>>>>>> Thanks very much for replying!
>>>>>>>>>>
>>>>>>>>>> Any suggested os? I'd go for debian or what advised, I just happen to
>>>>>>>>>> know ubuntu more...
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Any strategy or hint on migrating from ancient ldap + samba to a new server?
>>>>>>>>>> Already tried rsyncing (using all options to keep perms and attributes
>>>>>>>>>> grp  own mod etc) on a twin v-machine but server starts and the ldap
>>>>>>>>>> auth fails to work :-(
>>>>>>>>>>
>>>>>>>>>> I'm a bit stuck at the moment :-( and I have posponed the problem for
>>>>>>>>>> too long grrr
>>>>>>>>>>
>>>>>>>>>> Giorgio
>>>>>>>>>>
>>>>>>>>>> On Wed, Mar 24, 2010 at 9:20 AM, Vladimir Psenicka
>>>>>>>>>> <vladimir.psenicka at prodeco.cz> wrote:
>>>>>>>>>>> Dne 23.3.2010 15:48, Giorgio napsal(a):
>>>>>>>>>>>> Hello,
>>>>>>>>>>>> Hopefully I'm in the right place asking for help :-)
>>>>>>>>>>>>
>>>>>>>>>>>> I need to move from an old physical Suse 8.2 - samba 2.2.7 + ldap - to
>>>>>>>>>>>> latest samba versions, I would like to use an ubuntu 8.04 virtual machine.
>>>>>>>>>>>>
>>>>>>>>>>>> The domain is in production on the physical server, to be dismissed after
>>>>>>>>>>>> migration. It is also the file server!!! so /DATA/ has all shared and
>>>>>>>>>>>> permission driven file access..
>>>>>>>>>>>>
>>>>>>>>>>>> I was following https://help.ubuntu.com/8.10/serverguide/C/samba-dc.html but
>>>>>>>>>>>> I realize I am in a different scenario...
>>>>>>>>>>>>
>>>>>>>>>>>> Production so no errors are admitted :-(, migration to new os and versions..
>>>>>>>>>>>> all at once?
>>>>>>>>>>>>
>>>>>>>>>>>> I have a dump of the physical server (dd sda mbr and single partitions :)
>>>>>>>>>>>> plus an rsync with all permissions daily backup, just to be safe ;)
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> What would you guru's suggest as a strategy?
>>>>>>>>>>>>
>>>>>>>>>>>> Can I create a new server and add it as secondary domain controller and then
>>>>>>>>>>>> once the replica is up? I'd feel quite comfortable with this method.
>>>>>>>>>>>>
>>>>>>>>>>>> BTW I need a new version of samba as they have already bought Windows 7
>>>>>>>>>>>> boxes (without asking if they were supported arrgh).
>>>>>>>>>>>>
>>>>>>>>>>>> Thanks to all of you who read or answered :-)
>>>>>>>>>>>>
>>>>>>>>>>>> Gio
>>>>>>>>>>>
>>>>>>>>>>> Hi.
>>>>>>>>>>>
>>>>>>>>>>> Ubuntu 8.10 is bad idea if you will be connecting Windows 7 into domain,
>>>>>>>>>>> because of old Samba version. Samba 3.4.x or 3.5.x is recommended for
>>>>>>>>>>> Win7. Wait for Ubuntu 10.04 LTS (next month) if you want Ubuntu.
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> Vladimir Psenicka
>>>>>>>>>>> --
>>>>>>>>>>> To unsubscribe from this list go to the following URL and read the
>>>>>>>>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> To unsubscribe from this list go to the following URL and read the
>>>>>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Vladimir Psenicka
>>>>>> IT system engineer
>>>>>> PRODECO, a.s.
>>>>>> Tel.: 417 633 762
>>>>>> --
>>>>>> To unsubscribe from this list go to the following URL and read the
>>>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>>>>
>>>>>
>>>
>>>
>>> --
>>> Vladimir Psenicka
>>> IT system engineer
>>> PRODECO, a.s.
>>> Tel.: 417 633 762
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
> 
> 


-- 
Vladimir Psenicka
IT system engineer
PRODECO, a.s.
Tel.: 417 633 762


More information about the samba mailing list