[Samba] SAMBA4: pdbedit not changing SID
ricky.nance at weaubleau.k12.mo.us
Mon Apr 1 23:56:42 MDT 2013
On Tue, Apr 2, 2013 at 12:06 AM, Gémes Géza <geza at kzsdabas.hu> wrote:
> 2013-04-02 05:35 keltezéssel, simon+samba at matthews.eu írta:
>> On Mon, 1 Apr 2013, simon+samba at matthews.eu wrote:
>>> On Tue, 2 Apr 2013, Andrew Bartlett wrote:
>>> On Mon, 2013-04-01 at 09:26 +0200, Gémes Géza wrote:
>>>> > 2013-04-01 02:36 keltezéssel, simon+samba at matthews.eu írta:
>>>> > > Since I don't seem to be having any luck with the classicupgrade,
>>>> I > > decided to try starting from scratch and then adding users.
>>>> > > > > I ran the command:
>>>> > > /usr/local/samba/bin/samba-**tool domain provision --realm=<my
>>>> realm> \ > > --domain=<mydomain> --adminpass 'mypass' --server-role=dc \
>>>> > > --dns-backend=BIND9_DLZ
>>>> > > > > Then I tried both adding and changing users. In neither case
>>>> can I > > change the SID with pdbedit. It seems to be added with a > >
>>>> system-defined SID, irrespective of what I specify. pdbedit -v is > >
>>>> able to list the user's parameters, including the SID.
>>>> > > > > Any suggestions? I am pretty much stuck here trying to figure
>>>> out how > > to migrate from an existing SAMBA3 domain to SAMBA4.
>>>> > > > > > Hi,
>>>> > > Trying to add users one by one (preserving SID) is IMHO a lot
>>>> harder > (you would probably need to ldbmodify the user record of each
>>>> one) to > do, than fixing your samba3 install to have it classicupgraded.
>>>> Indeed. The only way to safely import a list of users who already
>>>> SIDs is to migrate them to Samba 4.0's AD DC using one of the
>>>> migration tools.
>>>> These are 'samba-tool domain join dc' and 'samba-tool domain
>>> Perhaps I need to address why the "classicupgrade" did not work. I see
>>> now that I did not pass the --dbdir option when running it before. I'll try
>> I went back to trying to get the classicupgrade to work:
>> /usr/local/samba/bin/samba-**tool domain classicupgrade \
>> --dbdir=/var/lib/samba/ --dbdir=/var/lib/samba/ --realm=a.b \
>> /etc/samba/smb.conf --use-xattrs=yes
>> For the realm, I used a subdomain of one of the two existing dns domains
>> in the LAN. It appears to be processing the information from the old domain
>> tdb files, although I see some errors:
>> Cannot open idmap database, Ignoring: [Errno 2] No such file or directory
>> Importing groups
>> Could not add group name=Remote Desktop Users ((68, "samldb: Account name
>> (sAMAccountName) 'Remote Desktop Users' already in use!"))
>> Could not modify AD idmap entry for sid=S-1-5-21-4254857281-**3346836279-4152649156-555,
>> id=5077, type=ID_TYPE_GID ((32, "Base-DN '<SID=S-1-5-21-4254857281-**3346836279-4152649156-555>'
>> not found"))
>> Could not add posix attrs for AD entry for sid=S-1-5-21-4254857281-**3346836279-4152649156-555,
>> ((32, "Base-DN '<SID=S-1-5-21-4254857281-**3346836279-4152649156-555>'
>> not found"))
>> Group already exists sid=S-1-5-21-4254857281-**3346836279-4152649156-512,
>> groupname=Domain Admins existing_groupname=Domain Admins, Ignoring.
>> However, after this, all I get from pdbedit -L is:
>> # pdbedit -L
>> [root at samba ~]# pdbedit -L
>> krbtgt:4294967295:--dbdir=/**var/lib/samba/ --realm=a.b
>> Any ideas? What information might help debug this?
>> Could this happen because pdbedit is from the samba3 install?
> I recommend doing upgrade on a new box/virtual machine where no samba3 is
> installed, and copying the tdb files to the new box.
> Geza Gemes
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/**mailman/options/samba<https://lists.samba.org/mailman/options/samba>
More information about the samba