[Samba] SAMBA4: pdbedit not changing SID

[simon+samba at matthews.eu]

On Tue, 2 Apr 2013, Andrew Bartlett wrote:

>  On Mon, 2013-04-01 at 09:26 +0200, Gémes Géza wrote:
> >  2013-04-01 02:36 keltezéssel, simon+samba at matthews.eu írta:
> > >  Since I don't seem to be having any luck with the classicupgrade, I 
> > >  decided to try starting from scratch and then adding users.
> > > 
> > >  I ran the command:
> > >  /usr/local/samba/bin/samba-tool domain provision --realm=<my realm> \ 
> > >  --domain=<mydomain> --adminpass 'mypass' --server-role=dc  \
> > >  --dns-backend=BIND9_DLZ
> > > 
> > >  Then I tried both adding and changing users. In neither case can I 
> > >  change the SID with pdbedit. It seems to be added with a system-defined 
> > >  SID, irrespective of what I specify. pdbedit -v is able to list the 
> > >  user's parameters, including the SID.
> > > 
> > >  Any suggestions? I am pretty much stuck here trying to figure out how to 
> > >  migrate from an existing SAMBA3 domain to SAMBA4.
> > > 
> > > 
> >  Hi,
> > 
> >  Trying to add users one by one (preserving SID) is IMHO a lot harder (you 
> >  would probably need to ldbmodify the user record of each one) to do, than 
> >  fixing your samba3 install to have it classicupgraded.
>
>  Indeed.  The only way to safely import a list of users who already have
>  SIDs is to migrate them to Samba 4.0's AD DC using one of the supported
>  migration tools.
>
>  These are 'samba-tool domain join dc' and 'samba-tool domain
>  classicupgrade'.

Perhaps I need to address why the "classicupgrade" did not work. I see now that 
I did not pass the --dbdir option when running it before. I'll try again.

If I could change the subject somewhat, I am also not clear on how to configure 
SAMBA4 and the DNS server if my network has an existing DNS server on another 
machine and I don't really want to move it. The DNS server is a stock install 
of bind from the distro's repository: bind-9.8.2-0.17.rc1.el6_4.4.x86_64

Simon