[Samba] Please help: classicupgrade not importing users

simon+samba at matthews.eu simon+samba at matthews.eu
Thu Apr 4 10:30:38 MDT 2013 

Does anyone have any ideas what I might have done wrong or why this is not 
working?

Simon

On Tue, 2 Apr 2013, simon+samba at matthews.eu wrote:

> I have tried everything that I can think of, but the users are still not 
> being imported.
>
> I deleted and re-created the /usr/local/samba directory (using make install), 
> I added users to the local passwd file (ypcat passwd >> /etc/passwd) and 
> then stopped ypbind.
>
> Still the same. The users are not imported while the groups are.
>
> I would really appreciate some help in getting past this step.
>
> The transcript of my last attempt at classicupgrade can be found here:
> http://pastebin.com/tP8bG5Yb
>
> I changed the realm that I used to "a.b" and made edits to the file to make 
> it consistent.
>
>
> Simon
>
> On Mon, 1 Apr 2013, simon+samba at matthews.eu wrote:
>
>> 
>>
>>  On Tue, 2 Apr 2013, Ricky Nance wrote:
>> 
>> >   http://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO<https://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO>
>> >   should
>> >   help.
>>
>>  I have been following those instructions. I have a tdb backend, I am
>>  working on a VM that does not have SAMBA3 installed. The command:
>>  # samba-tool user list
>>  does not show my users.
>>
>>  Interestingly, the groups seem to be there. If I use
>>  # samba-tool group list
>>  I see the expected groups.
>>
>>  Simon
>> 
>> 
>> 
>> > 
>> >   Ricky
>> > 
>> > 
>> >   On Tue, Apr 2, 2013 at 12:06 AM, Gémes Géza <geza at kzsdabas.hu> wrote:
>> > 
>> > >   2013-04-02 05:35 keltezéssel, simon+samba at matthews.eu írta:
>> > > 
>> > > 
>> > > > 
>> > > >   On Mon, 1 Apr 2013, simon+samba at matthews.eu wrote:
>> > > > 
>> > > > 
>> > > > >   On Tue, 2 Apr 2013, Andrew Bartlett wrote:
>> > > > > 
>> > > > >      On Mon, 2013-04-01 at 09:26 +0200, Gémes Géza wrote:
>> > > > > > >     2013-04-01 02:36 keltezéssel, simon+samba at matthews.eu írta:
>> > > > > > > >     Since I don't seem to be having any luck with the 
>> > > > > > > >     classicupgrade,
>> > > > > > I > >     decided to try starting from scratch and then adding 
>> > > > > > I > >     users.
>> > > > > > > > > >     I ran the command:
>> > > > > > > >     /usr/local/samba/bin/samba-**tool domain provision 
>> > > > > > > >     --realm=<my
>> > > > > > realm>   \ > > --domain=<mydomain> --adminpass 'mypass' 
>> > > > > > realm>   --server-role=dc  \
>> > > > > > > >     --dns-backend=BIND9_DLZ
>> > > > > > > > > >     Then I tried both adding and changing users. In 
>> > > > > > > > > >     neither case
>> > > > > >   can I > >   change the SID with pdbedit. It seems to be added 
>> > > > > >   with a > >
>> > > > > >   system-defined SID, irrespective of what I specify. pdbedit -v 
>> > > > > >   is 
>> > > > > > > > 
>> > > > > >   able to list the user's parameters, including the SID.
>> > > > > > > > > >     Any suggestions? I am pretty much stuck here trying 
>> > > > > > > > > >     to figure
>> > > > > >   out how > >   to migrate from an existing SAMBA3 domain to 
>> > > > > >   SAMBA4.
>> > > > > > > > > > >     Hi,
>> > > > > > > >     Trying to add users one by one (preserving SID) is IMHO a 
>> > > > > > > >     lot
>> > > > > >   harder >   (you would probably need to ldbmodify the user 
>> > > > > >   record of each
>> > > > > >   one) to >   do, than fixing your samba3 install to have it 
>> > > > > >   classicupgraded.
>> > > > > > 
>> > > > > >     Indeed.  The only way to safely import a list of users who 
>> > > > > >   already
>> > > > > >   have
>> > > > > >     SIDs is to migrate them to Samba 4.0's AD DC using one of the
>> > > > > >   supported
>> > > > > >     migration tools.
>> > > > > > 
>> > > > > >     These are 'samba-tool domain join dc' and 'samba-tool domain
>> > > > > >     classicupgrade'.
>> > > > > > 
>> > > > > 
>> > > > >   Perhaps I need to address why the "classicupgrade" did not work. 
>> > > > >   I see
>> > > > >   now that I did not pass the --dbdir option when running it 
>> > > > >   before. I'll try
>> > > > >   again.
>> > > > > 
>> > > > > 
>> > > >   I went back to trying to get the classicupgrade to work:
>> > > >   /usr/local/samba/bin/samba-**tool domain classicupgrade  \
>> > > >   --dbdir=/var/lib/samba/ --dbdir=/var/lib/samba/ --realm=a.b  \
>> > > >   /etc/samba/smb.conf --use-xattrs=yes
>> > > > 
>> > > >   For the realm, I used a subdomain of one of the two existing dns 
>> > > >   domains
>> > > >   in the LAN. It appears to be processing the information from the 
>> > > >   old domain
>> > > >   tdb files, although I see some errors:
>> > > >   Cannot open idmap database, Ignoring: [Errno 2] No such file or 
>> > > >   directory
>> > > >   Importing groups
>> > > >   Could not add group name=Remote Desktop Users ((68, "samldb: 
>> > > >   Account name
>> > > >   (sAMAccountName) 'Remote Desktop Users' already in use!"))
>> > > >   Could not modify AD idmap entry for 
>> > > >   sid=S-1-5-21-4254857281-**3346836279-4152649156-555,
>> > > >   id=5077, type=ID_TYPE_GID ((32, "Base-DN 
>> > > >   '<SID=S-1-5-21-4254857281-**3346836279-4152649156-555>'
>> > > >   not found"))
>> > > >   Could not add posix attrs for AD entry for 
>> > > >   sid=S-1-5-21-4254857281-**3346836279-4152649156-555,
>> > > >   ((32, "Base-DN 
>> > > >   '<SID=S-1-5-21-4254857281-**3346836279-4152649156-555>'
>> > > >   not found"))
>> > > >   Group already exists 
>> > > >   sid=S-1-5-21-4254857281-**3346836279-4152649156-512,
>> > > >   groupname=Domain Admins existing_groupname=Domain Admins, Ignoring.
>> > > > 
>> > > >   However, after this, all I get from pdbedit -L is:
>> > > >   # pdbedit -L
>> > > >   RAIDSERVER$:4294967295:
>> > > >   Administrator:4294967295:
>> > > >   [root at samba ~]# pdbedit -L
>> > > >   RAIDSERVER$:4294967295:
>> > > >   Administrator:4294967295:
>> > > >   krbtgt:4294967295:--dbdir=/**var/lib/samba/ --realm=a.b
>> > > >   /etc/samba/smb.confnobody:99:**Nobody
>> > > > 
>> > > >   Any ideas? What information might help debug this?
>> > > > 
>> > > >   Simon
>> > > > 
>> > > > 
>> > > >    Could this happen because pdbedit is from the samba3 install?
>> > > 
>> > >   I recommend doing upgrade on a new box/virtual machine where no 
>> > >   samba3 is
>> > >   installed, and copying the tdb files to the new box.
>> > > 
>> > >   Regards
>> > > 
>> > >   Geza Gemes
>> > > 
>> > >   --
>> > >   To unsubscribe from this list go to the following URL and read the
>> > >   instructions: 
>> > >   https://lists.samba.org/**mailman/options/samba<https://lists.samba.org/mailman/options/samba>
>> > > 
>> > 
>> > 
>> > 
>> >   --
>> >   --
>> >   To unsubscribe from this list go to the following URL and read the
>> >   instructions:  https://lists.samba.org/mailman/options/samba
>> > 
>> 
>

More information about the samba mailing list