[Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04
Vladimir Psenicka
vladimir.psenicka at prodeco.cz
Sat Mar 27 10:31:43 MDT 2010
On Fri, 26 Mar 2010 15:32:50 +0100, GG <jojomi at gmail.com> wrote:
> wow I made it!
>
> I copied net and all the libs it complained about from another suse
> server which was not missing it :-)
>
> [2010/03/26 15:07:37, 0] param/loadparm.c:map_parameter(2435)
> Unknown parameter encountered: "domain admin group"
> [2010/03/26 15:07:37, 0] param/loadparm.c:lp_do_parameter(3125)
> Ignoring unknown parameter "domain admin group"
> SID for domain ThisIsLikeTheHostNameOrMaybeAtestDomain???
> is: S-1-5-21-1bla bla
> SID for domain THISISMYDOMAIN is: S-1-5-other-bla bla
>
> Which shall I import?
>
Import both for sure:-). First is localsid, second is domainsid
> So now back to mail number 2 :-)
>
> LDAP: I exported ldif :-) now
> I copied /etc/groups passwd shadow aliases
>
> now on the new server:
>
> how do I import LDAP and all its configs,
> samba and all its configs are only in smb.conf?
>
Import only data to LDAP no configs (slapcat->slapadd)
Configs yes, live data no, but if you have ldap it *should* be enough to
import ldif from old server, configure samba to use ldap and run smbpasswd
-W to store ldap admin dn pass to secrets.tdb. After that you can test if
samba see imported users in ldap (pdbedit -L).
> :-)
> Giorgio
>
>
>
> On 3/26/10, Vladimir Psenicka <vladimir.psenicka at prodeco.cz> wrote:
>> Paste ldap admin dn or ldap suffix in your smb.conf
>>
>> Dne 26.3.2010 15:24, Vladimir Psenicka napsal(a):
>> > try this:
>> >
>> > ldapsearch -x -h localhost -D "cn=Manager,dc=WORKGROUP,dc=it" -W -b
>> > "sambaDomainName=WORKGROUP,dc=WORKGROUP,dc=it"
>> >
>> > Dne 26.3.2010 15:00, GG napsal(a):
>> >> Hello!
>> >>
>> >> I'm stuck on getdomainsid: Net command is missing even though libs
and
>> >> smbclient are installed.
>> >>
>> >> I tried this:
>> >> # ldapsearch -x -h localhost -D "cn=Manager,dc=domain,dc=it" -W -b
>> >> "sambaDomainName=WORKGROUP,dc=domain,dc=it"
>> >> Enter LDAP Password:
>> >> # extended LDIF
>> >> #
>> >> # LDAPv3
>> >> # base <sambaDomainName=WORKGROUP,dc=domain,dc=it> with scope sub
>> >> # filter: (objectclass=*)
>> >> # requesting: ALL
>> >> #
>> >>
>> >> # search result
>> >> search: 2
>> >> result: 34 Invalid DN syntax
>> >> text: invalid DN
>> >>
>> >> # numResponses: 1
>> >>
>> >> So: I'm not sure what is sambaDomainName=domain,dc=domain,dc=it...
>> >> I used WORKGROUP as it is the domain we use on pcs and the only one
>> >> defined in smb.conf
>> >>
>> >> I also tried using my pdc HOSTNAME
>> >>
>> >> and this was returned
>> >> # LDAPv3
>> >> # base <sambaDomainName=hostname,dc=domain,dc=it> with scope sub
>> >> # filter: (objectclass=*)
>> >> # requesting: ALL
>> >> #
>> >>
>> >> # search result
>> >> search: 2
>> >> result: 34 Invalid DN syntax
>> >> text: invalid DN
>> >>
>> >> # numResponses: 1
>> >>
>> >> Any way to get through this or how to use net command? Maybe
updating
>> >> samba-client?
>> >>
>> >> I tried rpm -i samba-client but it says
>> >> file /usr/share/man/man1/smbclient.1.gz from install of
>> >> samba-client-2.2.12-1.suse82 conflicts with file from package
>> >> samba-client-2.2.7a-72 when trying to rpm -i
samba-client-2.2.12-1.rpm
>> >>
>> >> I found also the original package but it says it is already
installed.
>> >>
>> >> What happens if I remove samba-client and reinstall it soon after on
>> >> the production pdc?
>> >>
>> >>
>> >> Giorgio
>> >>
>> >> On 3/26/10, Vladimir Psenicka <vladimir.psenicka at prodeco.cz> wrote:
>> >>> Dne 26.3.2010 13:50, GG napsal(a):
>> >>>> Hello!
>> >>>>
>> >>>>>> Have you samba-client package installed?
>> >>>>>>
>> >>>>
>> >>>> yes I do at least smbclient is there! but no net command :-/
>> >>>>
>> >>>>>> PAVOUK\psenicka at psenicka:~> rpm -qf `which net`
>> >>>>>> samba-client-3.5.1-4.1.x86_64
>> >>>>
>> >>>> So here are the issues encountered...
>> >>>> file /usr/share/man/man1/smbclient.1.gz from install of
>> >>>> samba-client-2.2.12-1.suse82 conflicts with file from package
>> >>>> samba-client-2.2.7a-72 when trying to rpm -i
>> >>>> samba-client-2.2.12-1.rpm
>> >>>> I found on net...
>> >>>>
>> >>>>>>
>> >>>>>> or you can dig domainsid from ldap
>> >>>>
>> >>>> This sounds interesting! How do I do that?
>> >>>>
>> >>>
>> >>> modify to your needs (domain):
>> >>>
>> >>> ldapsearch -x -h ldap -D "cn=admin,dc=domain,dc=cz" -W -b
>> >>> "sambaDomainName=domain,dc=domain,dc=cz"
>> >>>
>> >>> sambaSID: is your domainsid
>> >>>
>> >>> or you can use phpldapadmin to manage you ldap from browser
>> >>>
>> >>>> Thanks very much!
>> >>>> Giorgio
>> >>>>
>> >>>> On 3/26/10, GG <jojomi at gmail.com> wrote<script
type="text/javascript"
src="https://mail.prodeco.cz/roundcube/program/js/tiny_mce/themes/advanced/langs/cs.js?s=1240817786"></script>:
>> >>>>> Hi!
>> >>>>>
>> >>>>> I'll be at it in a few minutes installing samba client / net
>> >>>>> command :-)
>> >>>>>
>> >>>>> I have a question about the samba sernet repos:
>> >>>>> Shall I apt-get remove samba and use
>> >>>>> http://enterprisesamba.com/index.php?id=148 +
>> >>>>> http://enterprisesamba.com/index.php?id=56
>> >>>>> instead from start?
>> >>>>>
>> >>>>> What is the real advantage of sernet? What about installing
>> >>>>> official
>> >>>>> samba.org packages, are there differences with sernet
(stability?)
>> >>>>> or
>> >>>>> is it just a more liberal repository?
>> >>>>>
>> >>>>> Also I read
>> >>>>>>>> Ensure that all local user and group accounts that are used by
>> >>>>>>>> samba
>> >>>>>>>> have the same uid/gid.
>> >>>>>
>> >>>>> Shall I copy /etc/shadow and /etc/passwd over? other files for
>> >>>>> groups
>> >>>>> and users?
>> >>>>>
>> >>>>> I use rsync --verbose --progress --stats --compress --rsh=ssh \
>> >>>>> --recursive --times --perms --links \
>> >>>>> --owner --group --devices --specials \
>> >>>>> --exclude-from '/root/exclude.txt (if any, not in this case
as
>> >>>>> I'm only syncing data dir)' \
>> >>>>> root at old_PDC:/DATA /DATA
>> >>>>>
>> >>>>> This should bring over every attribute set on files... correct?
>> >>>>>
>> >>>>> [[[did only partially in one case: I set up a twin install (fresh
>> >>>>> install then live cd and full rsync and after that I kept mbr,
but
>> >>>>> changed /boot and the /ect/fstab settings) and the server started
>> >>>>> etc.. LDAP did not work though: authentication was not
available...
>> >>>>> So I must be missing something or this rsync parameter set must
be
>> >>>>> missing something.. I had disconnected old PDC, set same IP and
>> >>>>> hostname to the VM well this worked well for other
virtualizations
>> >>>>> and
>> >>>>> in this PDC I need to upgrade to win7 compatible samba version
>> >>>>> anyway
>> >>>>> :-)
>> >>>>> This was another story but just to share it as it is an excellent
>> >>>>> way
>> >>>>> of migrating sometimes specially for machines you do not master
and
>> >>>>> this is my case very often.]]]
>> >>>>>
>> >>>>> Cheers,
>> >>>>> Giorgio
>> >>>>>
>> >>>>> On Fri, Mar 26, 2010 at 9:14 AM, Vladimir Psenicka
>> >>>>> <vladimir.psenicka at prodeco.cz> wrote:
>> >>>>>> Hi
>> >>>>>>
>> >>>>>> Dne 25.3.2010 17:41, GG napsal(a):
>> >>>>>>> Hello Vladimir, John and all the NG :-)
>> >>>>>>> Thanks so much for answering. I really hoped someone would :-)
>> >>>>>>>
>> >>>>>>> So I installed Debian latest stable netinst on the future
>> >>>>>>> production
>> >>>>>>> server and here are my issues in the quotes :-( no net command
>> >>>>>>> on my
>> >>>>>>> suse 8.2
>> >>>>>>>
>> >>>>>>> Cheers :-)
>> >>>>>>> Giorgio
>> >>>>>>>
>> >>>>>>>
>> >>>>>>>> On Thu, Mar 25, 2010 at 14:00, John H Terpstra <*@samba.org>
>> >>>>>>>> wrote:
>> >>>>>>>>> On 03/25/2010 03:33 AM, Vladimir Psenicka wrote:
>> >>>>>>>>> What about Debian Stable with Sernet samba repo, where you
can
>> >>>>>>>>> choose
>> >>>>>>>>> Samba 3.4.x or 3.5.x
>> >>>>>>>>>
>> >>>>>>>>> My hints on migrating to new server:
>> >>>>>>>>>
>> >>>>>>>>> 1. install new server (Samba,ldap etc.)
>> >>>>>>>
>> >>>>>>> done :-) Debian Stable netinst
>> >>>>>>>
>> >>>>>>>>> 2. set same hostname on new server
>> >>>>>>> My ignorance comes out :-)
>> >>>>>>> Must I set it different from the production server as FW points
>> >>>>>>> production.domain.com - I have clients using DNS=oldPDC and PDC
>> >>>>>>> forwards queries to FW. FW has pdc.domain.com defined to point
>> >>>>>>> to lan
>> >>>>>>> ip.
>> >>>>>>>
>> >>>>>>
>> >>>>>> Ok, can be changed later
>> >>>>>>
>> >>>>>>>>> 3. export ldap data from old server and import them to new
>> >>>>>>>>> server
>> >>>>>>>
>> >>>>>>> slapcat -f /etc/openldap/ldap.conf -l /ldap.ldif
>> >>>>>>> OK
>> >>>>>>>
>> >>>>>>>> Ensure that all local user and group accounts that are used by
>> >>>>>>>> samba
>> >>>>>>>> have the same uid/gid.
>> >>>>>>> my ignorance again... another hint?
>> >>>>>>>>
>> >>>>>>>>> 4. export SID (net getlocalsid) and set it on new server (net
>> >>>>>>>>> setlocalsid oldsid)
>> >>>>>>>>
>> >>>>>>>> Note:
>> >>>>>>>> net getdomainsid (on old server)
>> >>>>>>>> net setdomainsid (on new server)
>> >>>>>>> thanks :-)
>> >>>>>>>
>> >>>>>>> # net getdomainsid
>> >>>>>>> -bash: net: command not found :-( and not found in yast
>> >>>>>>>
>> >>>>>>> I understand it has to do with extracting the sid from
>> >>>>>>> /etc/samba/secrets.tdb but how do I install the command? suse
>> >>>>>>> 8.2 yast
>> >>>>>>> has now net package and googling net is.. well wow!
>> >>>>>>>
>> >>>>>>
>> >>>>>> Have you samba-client package installed?
>> >>>>>>
>> >>>>>> PAVOUK\psenicka at psenicka:~> rpm -qf `which net`
>> >>>>>> samba-client-3.5.1-4.1.x86_64
>> >>>>>>
>> >>>>>> or you can dig domainsid from ldap
>> >>>>>>
>> >>>>>>>>> 5. configure samba on new server as PDC with ldap and shares
>> >>>>>>>>> in smb.conf
>> >>>>>>>>> from old samba smb.conf (check with testparm)
>> >>>>>>>
>> >>>>>>> I see it only contains shares so I bet smb.conf would just keep
>> >>>>>>> all
>> >>>>>>> the old settings rigth? /DATA will be rsynced
>> >>>>>>>
>> >>>>>>
>> >>>>>> Maybe smb.conf from Samba2 is too different from Samba 3. I will
>> >>>>>> keep
>> >>>>>> current smb.conf on new server and add only shares from old
>> >>>>>> smb.conf to
>> >>>>>> new smb.conf.
>> >>>>>>
>> >>>>>>>>> 6. stop samba on old server
>> >>>>>>>>> 7. copy all data (with perms) and netlogon share to new
server
>> >>>>>>>>> 8. stop old server
>> >>>>>>>>> 9. start samba on new server a check everything is working
>> >>>>>>>>> fine (domain
>> >>>>>>>>> logon from windows box, shares and perms)
>> >>>>>>>>>
>> >>>>>>>>> This can be done best when no users are logged in samba
(maybe
>> >>>>>>>>> at weekend?)
>> >>>>>>>>>
>> >>>>>>>>> P.S. We have ubuntu 8.04 as PDC and Windows 7 can't join to
>> >>>>>>>>> domain
>> >>>>>>>
>> >>>>>>> thanks I move to Debian with ease :-) ubuntu is a great deb
>> >>>>>>> derived right?
>> >>>>>>>
>> >>>>>> Ubuntu 8.04 LTS is now older than Debian Stable. When Ubuntu
>> >>>>>> 10.04 LTS
>> >>>>>> comes out this will be no longer truth.
>> >>>>>>
>> >>>>>>>> Check http://wiki.samba.org for info regarding Windows 7.
>> >>>>>>>>
>> >>>>>>>> Cheers,
>> >>>>>>>> John T.
>> >>>>>>>>
>> >>>>>>>>> Dne 25.3.2010 01:05, GG napsal(a):
>> >>>>>>>>>> Hello Vladimir and hi all,
>> >>>>>>>>>>
>> >>>>>>>>>> Thanks very much for replying!
>> >>>>>>>>>>
>> >>>>>>>>>> Any suggested os? I'd go for debian or what advised, I just
>> >>>>>>>>>> happen to
>> >>>>>>>>>> know ubuntu more...
>> >>>>>>>>>>
>> >>>>>>>>>>
>> >>>>>>>>>> Any strategy or hint on migrating from ancient ldap + samba
>> >>>>>>>>>> to a new server?
>> >>>>>>>>>> Already tried rsyncing (using all options to keep perms and
>> >>>>>>>>>> attributes
>> >>>>>>>>>> grp own mod etc) on a twin v-machine but server starts and
>> >>>>>>>>>> the ldap
>> >>>>>>>>>> auth fails to work :-(
>> >>>>>>>>>>
>> >>>>>>>>>> I'm a bit stuck at the moment :-( and I have posponed the
>> >>>>>>>>>> problem for
>> >>>>>>>>>> too long grrr
>> >>>>>>>>>>
>> >>>>>>>>>> Giorgio
>> >>>>>>>>>>
>> >>>>>>>>>> On Wed, Mar 24, 2010 at 9:20 AM, Vladimir Psenicka
>> >>>>>>>>>> <vladimir.psenicka at prodeco.cz> wrote:
>> >>>>>>>>>>> Dne 23.3.2010 15:48, Giorgio napsal(a):
>> >>>>>>>>>>>> Hello,
>> >>>>>>>>>>>> Hopefully I'm in the right place asking for help :-)
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> I need to move from an old physical Suse 8.2 - samba 2.2.7
>> >>>>>>>>>>>> + ldap - to
>> >>>>>>>>>>>> latest samba versions, I would like to use an ubuntu 8.04
>> >>>>>>>>>>>> virtual machine.
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> The domain is in production on the physical server, to be
>> >>>>>>>>>>>> dismissed after
>> >>>>>>>>>>>> migration. It is also the file server!!! so /DATA/ has all
>> >>>>>>>>>>>> shared and
>> >>>>>>>>>>>> permission driven file access..
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> I was following
>> >>>>>>>>>>>> https://help.ubuntu.com/8.10/serverguide/C/samba-dc.html
but
>> >>>>>>>>>>>> I realize I am in a different scenario...
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> Production so no errors are admitted :-(, migration to new
>> >>>>>>>>>>>> os and versions..
>> >>>>>>>>>>>> all at once?
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> I have a dump of the physical server (dd sda mbr and
single
>> >>>>>>>>>>>> partitions :)
>> >>>>>>>>>>>> plus an rsync with all permissions daily backup, just to
be
>> >>>>>>>>>>>> safe ;)
>> >>>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> What would you guru's suggest as a strategy?
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> Can I create a new server and add it as secondary domain
>> >>>>>>>>>>>> controller and then
>> >>>>>>>>>>>> once the replica is up? I'd feel quite comfortable with
>> >>>>>>>>>>>> this method.
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> BTW I need a new version of samba as they have already
>> >>>>>>>>>>>> bought Windows 7
>> >>>>>>>>>>>> boxes (without asking if they were supported arrgh).
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> Thanks to all of you who read or answered :-)
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> Gio
>> >>>>>>>>>>>
>> >>>>>>>>>>> Hi.
>> >>>>>>>>>>>
>> >>>>>>>>>>> Ubuntu 8.10 is bad idea if you will be connecting Windows 7
>> >>>>>>>>>>> into domain,
>> >>>>>>>>>>> because of old Samba version. Samba 3.4.x or 3.5.x is
>> >>>>>>>>>>> recommended for
>> >>>>>>>>>>> Win7. Wait for Ubuntu 10.04 LTS (next month) if you want
>> >>>>>>>>>>> Ubuntu.
>> >>>>>>>>>>>
>> >>>>>>>>>>> --
>> >>>>>>>>>>> Vladimir Psenicka
>> >>>>>>>>>>> --
>> >>>>>>>>>>> To unsubscribe from this list go to the following URL and
>> >>>>>>>>>>> read the
>> >>>>>>>>>>> instructions:
https://lists.samba.org/mailman/options/samba
>> >>>>>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>
>> >>>>>>>> --
>> >>>>>>>> To unsubscribe from this list go to the following URL and read
>> >>>>>>>> the
>> >>>>>>>> instructions: https://lists.samba.org/mailman/options/samba
>> >>>>>>
>> >>>>>>
>> >>>>>> --
>> >>>>>> Vladimir Psenicka
>> >>>>>> IT system engineer
>> >>>>>> PRODECO, a.s.
>> >>>>>> Tel.: 417 633 762
>> >>>>>> --
>> >>>>>> To unsubscribe from this list go to the following URL and read
the
>> >>>>>> instructions: https://lists.samba.org/mailman/options/samba
>> >>>>>>
>> >>>>>
>> >>>
>> >>>
>> >>> --
>> >>> Vladimir Psenicka
>> >>> IT system engineer
>> >>> PRODECO, a.s.
>> >>> Tel.: 417 633 762
>> >>> --
>> >>> To unsubscribe from this list go to the following URL and read the
>> >>> instructions: https://lists.samba.org/mailman/options/samba
>> >>>
>> >
>> >
>>
>>
>> --
>> Vladimir Psenicka
>> IT system engineer
>> PRODECO, a.s.
>> Tel.: 417 633 762
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
More information about the samba
mailing list