[Samba] SAMBA4: pdbedit not changing SID
simon at matthews-family.org.uk
Mon Apr 1 17:09:02 MDT 2013
On Tue, 2 Apr 2013, Andrew Bartlett wrote:
> On Mon, 2013-04-01 at 09:26 +0200, Gémes Géza wrote:
>> 2013-04-01 02:36 keltezéssel, simon+samba at matthews.eu írta:
>> > Since I don't seem to be having any luck with the classicupgrade, I
>> > decided to try starting from scratch and then adding users.
>> > I ran the command:
>> > /usr/local/samba/bin/samba-tool domain provision --realm=<my realm> \
>> > --domain=<mydomain> --adminpass 'mypass' --server-role=dc \
>> > --dns-backend=BIND9_DLZ
>> > Then I tried both adding and changing users. In neither case can I
>> > change the SID with pdbedit. It seems to be added with a
>> > system-defined SID, irrespective of what I specify. pdbedit -v is able
>> > to list the user's parameters, including the SID.
>> > Any suggestions? I am pretty much stuck here trying to figure out how
>> > to migrate from an existing SAMBA3 domain to SAMBA4.
>> Trying to add users one by one (preserving SID) is IMHO a lot harder
>> (you would probably need to ldbmodify the user record of each one) to
>> do, than fixing your samba3 install to have it classicupgraded.
> Indeed. The only way to safely import a list of users who already have
> SIDs is to migrate them to Samba 4.0's AD DC using one of the supported
> migration tools.
> These are 'samba-tool domain join dc' and 'samba-tool domain
Perhaps I need to address why the "classicupgrade" did not work. I see now
that I did not pass the --dbdir option when running it before. I'll try
If I could change the subject somewhat, I am also not clear on how to
configure SAMBA4 and the DNS server if my network has an existing DNS
server on another machine and I don't really want to move it. The DNS
server is a stock install of bind from the distro's repository:
More information about the samba