[Samba] How to change objectSid?

Andrew Bartlett abartlet at samba.org
Thu Feb 6 20:51:53 MST 2014 

On Wed, 2014-02-05 at 22:57 -0300, Diego Woitasen wrote:
> On Wed, Feb 5, 2014 at 10:12 PM, Diego Woitasen <diego at woitasen.com.ar> wrote:
> > On Wed, Feb 5, 2014 at 6:17 PM, Andrew Bartlett <abartlet at samba.org> wrote:
> >> On Wed, 2014-02-05 at 16:46 -0300, Diego Woitasen wrote:
> >>> On Wed, Feb 5, 2014 at 3:43 PM, Andrew Bartlett <abartlet at samba.org> wrote:
> >>> > On Wed, 2014-02-05 at 09:18 -0300, Diego Woitasen wrote:
> >>> >> I'm migrating from Samba3 o Samba4 in en environment where I have a
> >>> >> central location and branches. Every branch with its own Samba3, using
> >>> >> OpenLDAP.
> >>> >
> >>> > In each of these locations, did Samba have it's own domain, or was this
> >>> > one big domain?
> >>>
> >>> One big domain.
> >>>
> >>> >
> >>> >> I can't migrate all the locations at the same time. I'm
> >>> >> going to migrate the central site and then I'm one site per week
> >>> >> (around 10 locations).
> >>> >
> >>> > OK.
> >>> >
> >>> >> In the meantime, users and groups will be created in Samba3, so I was
> >>> >> thinking about injecting the new users and groups in the Samba4 until
> >>> >> we eliminate Samba3 definitely.
> >>> >
> >>> > Could you create them into Samba4, and instead back-populate them into
> >>> > Samba3?
> >>>
> >>> Yes, I like that solution. I'm going to do it in that way.
> >>>
> >>> The only remaining issue are the new workstations. I'll need to copy
> >>> the new machines from S3 to S4. If we don't do it, it's not a serious
> >>> issue, but it would be great. I think our client is not going to buy a
> >>> lot of machine in the middle of the migration :)
> >>
> >> It should be pretty easy to rejoin those machines, if that helps avoid
> >> another special case to handle.
> >
> > By rejoin, you mean that I can rejoin the machines without going one
> > by one typing user and password? Could you explain this better?
> >
> >>
> >>> My modified classsicupgrade works to copy wks, but I'd prefer
> >>> something more simple. I'll open another thread about an script that
> >>> I've tried to do without success.
> >>
> >> OK.  I would like to understand how to make this tool and Samba in
> >> general more helpful for those doing complex migrations, particularly
> >> those for whom a once-over cut just isn't practical.
> >
> > Something like this?
> >
> > s3_passdb = get_s3_db()
> > s4_passdb = get_s4_db()
> >
> > wkslist = s3db.search_users(0)
> > for entry in wkslist:
> >     machine_name = entry['account_name']
> >     machine = s3db.getsampwnam(machine_name)
> >     acct_type = get_account_type(machine)
> >     if acct_type == (samr.ACB_WSTRUST) and machine_name[-1] == '$':
> >         try:
> >             userentry = s4_passdb.getsampwnam(user)
> >         except passdb.error:
> >             s4_passdb.add_sam_account(data)
> >
> > For some reason I can't connect to s3 and s4 like classicupgrade does,
> > I'll post about this tomorrow. Anyway, We need something simple like
> > that to inject workstations created in the middle of the migration
> > process.
> >
> 
> Here is the code snippet that I'm using to connect passdb to s3 and s4:
> 
> from samba.samba3 import param as s3param
> from samba.samba3 import passdb
> from samba.samba3 import Samba3
> 
> s4conf = s3param.get_context()
> s4conf.load('/usr/local/samba/etc/smb.conf')
> s4db = passdb.PDB(s4conf.get("passdb backend"))
> 
> print s4db.getsampwnam("dwoitasen").username
> 
> smbconf = '/root/etc/samba/smb.conf'
> s3conf = s3param.get_context()
> s3conf.set("private dir", "/root/var/lib/samba")
> s3conf.load(smbconf)
> samba3 = Samba3(smbconf, s3conf)
> s3db = passdb.PDB(s3conf.get("passdb backend"))
> 
> print s3db.getsampwnam("dwoitasen").username
> 
> This code works, but only for samba4 setup, samba3 fails with this error:
> 
>   File "passdb-example.py", line 20, in <module>
>     s3db = passdb.PDB(s3conf.get("passdb backend"))
> passdb.error: Cannot load backend methods for 'samba_dsdb' backend
> (-1073741823,Undetermined error)
> 
> If I switch the lines setting up Samba3 before Samba4, Samba4
> connection fails with the same error:
> 
>    File "passdb-example.py", line 20, in <module>
>     s4db = passdb.PDB(s4conf.get("passdb backend"))
> passdb.error: Cannot load backend methods for 'samba_dsdb' backend
> (-1073741823,Undetermined error)
> 
> I copied the code from classicupgrade, is very similar, I don't
> undertand where is the difference that makes this to fail.

The interactions between the s3conf.load calls is very subtle.  In
short, the clue you don't know is that there is really only one global
variable behind the s3param code.  What I suggest doing is hard-coding
in the pass to your 'samba3' backend, and only loading an smb.conf
once. 

Don't despair, we should be able to work something out here. 

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list