[Samba] need help cleaning up my smb3 databases to complete smb4 classic upgrade

Adam Wojnarski adam.wojnarski at gmail.com
Mon May 26 02:38:28 MDT 2014

Since there is no response to my previous e-mail, I have an idea for a
different approach- perhaps I can use those commands
net rpc samdump         Dump SAM data of remote NT PDC
net rpc vampire         Sync a remote NT PDC's data into local passdb
net rpc getsid          Fetch the domain sid into local secrets.tdb
to pump my domain data to a fresh tdb database and ensure consistancy this way?

This way I would migrate oldsmb3->newsmb3(as secondary
DC)->newsmb4(->and then finally be able to build a trust with ad2008
but that's a different story)
Or will the invalid entries be copied as well? I prefer to ask prior
to doing something that will turn out to be a total waste of time. If
It is supposed to work as I wrote, which options should I use?

Or coming back to my previous approach - perhaps I need to dump the db
in a special way or it's a ssid not connected to users at all and I
need to check another tdb? I still think that identifying and deleting
the offending record is the best approach.

Maybe the classic upgrade has some kind of --force equivalent I could
You to try to migrate overlooking errorous entries in tdb's?

I've been struggling for a few weeks now so any help will be welcome.

Best Regards,

2014-05-21 10:59 GMT+02:00 Adam Wojnarski <adam.wojnarski at gmail.com>:
> Hello Marc,
> Thank You for Your reply
>> Hello Adam,
>> Am 19.05.2014 10:53, schrieb Adam Wojnarski:
>>> My issue is:
>>> How do i find the offending sid in my old dbs and get rid of it?
>> What kind of backend do you use on your classic domain?
> My smb3 config (excluding hosts shares fallows)
> [global]
> workgroup = MyCOMPANYNAME
> server string = THISHOSTSNAME
> hosts allow = 192.168. 127.
> log file = /var/log/samba/%m.log
> max log size = 50
> log level = 10
> security = user
> passdb backend = tdbsam
> domain master = yes
> domain logons = yes
> logon drive = Q:
> logon home = \\%N\%U
> logon path = \\%N\%U\profile
> add machine script = /usr/sbin/useradd -d /var/lib/nobody -s /sbin/nologin "%u"
> local master = yes
> preferred master = yes
> wins support = yes
> load printers = no
> cups options = raw
> create mask = 0660
> directory mask = 0770
> unix extensions = no
> max open files = 100000
> [homes]
> comment = Home Directories
> browseable = no
> writable = yes
> valid users = %S
> valid users = MYCOMPANYNAME\%S
> [netlogon]
> comment = Network Logon Service
> path = /var/lib/samba/netlogon
> guest ok = yes
> writable = no
> share modes = no
>>> I got my samba 4 from git://git.samba.org/samba.git samba-master
>>> my smb3 server is a an ancient fedora build samba-3.2.15-0.36.fc10.x86_64 -
>>> am I right to think that upgrading it to a current 3.x line version might
>>> help things or will the db's collect even more garbage with the upgrade? A
>>> few people managed it before me so I don't know it's full history.
>> If you have any concerns, you can simply update to 4.1.7 and if
>> everything works like it should, then do the classicupgrade to AD a few
>> days later.
>> But why do you want to use a developer/git version and not a released
>> one (4.1.7)? Releases are stable. I would not run a git version in
>> production.
> Tried the current stable release - I have the exact same error. I
> googled it multiple times and am sure that It's an issue with the old
> samba. tried to locate the offending use/host using wbinfo or dumping
> the winbindd_idmap.tdb file but failed to find it there. I was trying
> the one from git hoping that a fresher version will do better. From
> what I learned this haunts users ever since classicupgrade is
> available.
>> Regards,
>> Marc
> p.s. listing of all tdb databases I have in my old system
> # ls  /var/lib/samba/
> account_policy.tdb      connections.tdb.bak
> idmap_cache.tdb.bak  mutex.tdb.bak              notify.tdb.bak
> ntprinters.tdb.bak  scripts             unexpected.tdb.bak
> wins.dat
> account_policy.tdb.bak  gencache.tdb                locking.tdb
>   namelist.debug             ntdrivers.tdb      perfmon
> sessionid.tdb       winbindd_cache.tdb      wins.tdb
> brlock.tdb              gencache.tdb.bak            locking.tdb.bak
>   netlogon                   ntdrivers.tdb.bak  printing
> sessionid.tdb.bak   winbindd_cache.tdb.bak  wins.tdb.bak
> brlock.tdb.bak          group_mapping.ldb           messages.tdb
>   netsamlogon_cache.tdb      ntforms.tdb        private
> share_info.tdb      winbindd_idmap.tdb
> browse.dat              group_mapping.tdb.upgraded  messages.tdb.bak
>   netsamlogon_cache.tdb.bak  ntforms.tdb.bak    registry.tdb
> share_info.tdb.bak  winbindd_idmap.tdb.bak
> connections.tdb         idmap_cache.tdb             mutex.tdb
>   notify.tdb                 ntprinters.tdb     registry.tdb.bak
> unexpected.tdb      winbindd_privileged
> # ls  /var/lib/samba/private/
> passdb.tdb  schannel_store.tdb  secrets.tdb  smbpasswd
> Best Regards,
> Adam

More information about the samba mailing list