[Samba] Why would "net rpc rights grant" fail ?

Mon Apr 14 08:51:50 MDT 2014

Are you sure that classic-upgrade has not failed ?

redirect output (standard and error) to file.

-----------------------------------
Stéphane PURNELLE                         Admin. Systèmes et Réseaux 
Service Informatique       Corman S.A.           Tel : 00 32 (0)87/342467

samba-bounces at lists.samba.org wrote on 14/04/2014 16:44:55:

> De : Koenraad Lelong <samba.k.lelong at ace-electronics.be>
> A : samba at lists.samba.org, 
> Date : 14/04/2014 16:45
> Objet : Re: [Samba] Why would "net rpc rights grant" fail ?
> Envoyé par : samba-bounces at lists.samba.org
> 
> op 14-04-14 11:42, Rowland Penny schreef:
> 
> > Hi,
> >
> > As far as I can see (never actually having had to do an upgrade) the
> > procedure is:
> >
> > Make sure the info in your LDAP server is correct (no duplicate SID's 
etc)
> 
> I don't use ldap on samba3. It a tdb-file setup.
> 
> >
> > Install samba4 on the same server that LDAP is running on, but do not
> > provision
> >
> > With LDAP running, run the classicupgrade with samba-tool
> >
> > Once finished, stop LDAP and any DNS. make resolv.conf point to
> > '127.0.0.1' and start samba4
> >
> > Is this basically what you are doing ?
> >
> > Have you read and understood this page in the wiki ? :
> >
> > https://wiki.samba.org/index.php/Samba_Classic_Upgrade_%28NT4-
> style_domain_to_AD%29
> >
> I read it several times, and I understand it I think.
> 
> >
> > Once you have your information in AD and Samba4 is running, forget 
root
> > when 'talking' to AD, only use 'Administrator', the user 'root' does 
not
> > exist in AD. You would only use the 'root' user when you are doing
> > something that directly affects the machine that samba4 is running on,
> > i.e. creating a directory
> 
> I'll forget about root in samba, but what about the root that's in 
> samba-tool user list ? Can I remove that ? That root is member of 
> "Domain Admins".
> 
> >
> > You talk about moving .tdb files to the new server, Just what did you
> > move and to where ?
> 
> I copied all tdb-files I could find on the samba3-server over to a 
> temp-directory on the new server. Also the smb.conf of the old server, 
> passwd and group, group_mapping.ldb.
> 
> >
> >  From what you have written, I think that you are trying to do all 
this
> > on the new samba4 AD server, is this correct ?
> >
> 
> Yes, it's on the new samba4 server.
> 
> Koenraad.
> 
> P.S. I was writing this when I saw your new response. I tried something 
> new, but this does not work : I saw your remark about resolv.conf 
> pointing to 127.0.0.1. I had it to 192.168.200.10, which is the address 
> of the NIC of the samba4 server.
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba