[Samba] SAMBA4: pdbedit not changing SID

Ricky Nance ricky.nance at weaubleau.k12.mo.us
Mon Apr 1 23:56:42 MDT 2013 

http://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO<https://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO>
should
help.

Ricky


On Tue, Apr 2, 2013 at 12:06 AM, Gémes Géza <geza at kzsdabas.hu> wrote:

> 2013-04-02 05:35 keltezéssel, simon+samba at matthews.eu írta:
>
>
>>
>> On Mon, 1 Apr 2013, simon+samba at matthews.eu wrote:
>>
>>
>>> On Tue, 2 Apr 2013, Andrew Bartlett wrote:
>>>
>>>    On Mon, 2013-04-01 at 09:26 +0200, Gémes Géza wrote:
>>>> >   2013-04-01 02:36 keltezéssel, simon+samba at matthews.eu írta:
>>>> > >   Since I don't seem to be having any luck with the classicupgrade,
>>>> I > >   decided to try starting from scratch and then adding users.
>>>> > > > >   I ran the command:
>>>> > >   /usr/local/samba/bin/samba-**tool domain provision --realm=<my
>>>> realm> \ > > --domain=<mydomain> --adminpass 'mypass' --server-role=dc  \
>>>> > >   --dns-backend=BIND9_DLZ
>>>> > > > >   Then I tried both adding and changing users. In neither case
>>>> can I > >   change the SID with pdbedit. It seems to be added with a > >
>>>> system-defined SID, irrespective of what I specify. pdbedit -v is > >
>>>> able to list the user's parameters, including the SID.
>>>> > > > >   Any suggestions? I am pretty much stuck here trying to figure
>>>> out how > >   to migrate from an existing SAMBA3 domain to SAMBA4.
>>>> > > > > >   Hi,
>>>> > >   Trying to add users one by one (preserving SID) is IMHO a lot
>>>> harder >   (you would probably need to ldbmodify the user record of each
>>>> one) to >   do, than fixing your samba3 install to have it classicupgraded.
>>>>
>>>>   Indeed.  The only way to safely import a list of users who already
>>>> have
>>>>   SIDs is to migrate them to Samba 4.0's AD DC using one of the
>>>> supported
>>>>   migration tools.
>>>>
>>>>   These are 'samba-tool domain join dc' and 'samba-tool domain
>>>>   classicupgrade'.
>>>>
>>>
>>> Perhaps I need to address why the "classicupgrade" did not work. I see
>>> now that I did not pass the --dbdir option when running it before. I'll try
>>> again.
>>>
>>>
>> I went back to trying to get the classicupgrade to work:
>> /usr/local/samba/bin/samba-**tool domain classicupgrade  \
>> --dbdir=/var/lib/samba/ --dbdir=/var/lib/samba/ --realm=a.b  \
>> /etc/samba/smb.conf --use-xattrs=yes
>>
>> For the realm, I used a subdomain of one of the two existing dns domains
>> in the LAN. It appears to be processing the information from the old domain
>> tdb files, although I see some errors:
>> Cannot open idmap database, Ignoring: [Errno 2] No such file or directory
>> Importing groups
>> Could not add group name=Remote Desktop Users ((68, "samldb: Account name
>> (sAMAccountName) 'Remote Desktop Users' already in use!"))
>> Could not modify AD idmap entry for sid=S-1-5-21-4254857281-**3346836279-4152649156-555,
>> id=5077, type=ID_TYPE_GID ((32, "Base-DN '<SID=S-1-5-21-4254857281-**3346836279-4152649156-555>'
>> not found"))
>> Could not add posix attrs for AD entry for sid=S-1-5-21-4254857281-**3346836279-4152649156-555,
>> ((32, "Base-DN '<SID=S-1-5-21-4254857281-**3346836279-4152649156-555>'
>> not found"))
>> Group already exists sid=S-1-5-21-4254857281-**3346836279-4152649156-512,
>> groupname=Domain Admins existing_groupname=Domain Admins, Ignoring.
>>
>> However, after this, all I get from pdbedit -L is:
>> # pdbedit -L
>> RAIDSERVER$:4294967295:
>> Administrator:4294967295:
>> [root at samba ~]# pdbedit -L
>> RAIDSERVER$:4294967295:
>> Administrator:4294967295:
>> krbtgt:4294967295:--dbdir=/**var/lib/samba/ --realm=a.b
>> /etc/samba/smb.confnobody:99:**Nobody
>>
>> Any ideas? What information might help debug this?
>>
>> Simon
>>
>>
>>  Could this happen because pdbedit is from the samba3 install?
>
> I recommend doing upgrade on a new box/virtual machine where no samba3 is
> installed, and copying the tdb files to the new box.
>
> Regards
>
> Geza Gemes
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/**mailman/options/samba<https://lists.samba.org/mailman/options/samba>
>



--

More information about the samba mailing list