[Samba] classicupgrade try #1

Robert Moskowitz rgm at htt-consult.com
Fri Aug 28 12:20:20 UTC 2015

On 08/28/2015 05:57 AM, Rowland Penny wrote:
> On 28/08/15 10:47, Robert Moskowitz wrote:
>> On 08/28/2015 03:56 AM, Rowland Penny wrote:
>>> On 27/08/15 23:23, Robert Moskowitz wrote:
>>>> So as I said, I grabbed EVERYTHING that was in the /etc/samba dir 
>>>> along with ALL .tbd files and ran:
>>>> # samba-tool domain classicupgrade --dbdir=/root/samba.PDC/dbdir/ 
>>>> --use-xattrs=yes --realm=home.htt --dns-backend=BIND9_DLZ 
>>>> /root/samba.PDC/etc/smb.conf
>>>> ANd it resulted in (note ldap error):
>>>> Reading smb.conf
>>>> NOTE: Service printers is flagged unavailable.
>>>> NOTE: Service print$ is flagged unavailable.
>>>> Unknown parameter encountered: "force directory security mode"
>>>> Ignoring unknown parameter "force directory security mode"
>>>> Provisioning
>>>> Exporting account policy
>>>> Exporting groups
>>>> Exporting users
>>>> Next rid = 1000
>>>> Exporting posix attributes
>>>> Reading WINS database
>>>> Looking up IPv4 addresses
>>>> Looking up IPv6 addresses
>>>> No IPv6 address will be assigned
>>>> Setting up secrets.ldb
>>>> Setting up the registry
>>>> Setting up the privileges database
>>>> Setting up idmap db
>>>> Setting up SAM db
>>>> Setting up sam.ldb partitions and settings
>>>> Setting up sam.ldb rootDSE
>>>> Pre-loading the Samba 4 and AD schema
>>>> Adding DomainDN: DC=home,DC=htt
>>>> Adding configuration container
>>>> Setting up sam.ldb schema
>>>> Setting up sam.ldb configuration data
>>>> Setting up display specifiers
>>>> Modifying display specifiers
>>>> Adding users container
>>>> Modifying users container
>>>> Adding computers container
>>>> Modifying computers container
>>>> Setting up sam.ldb data
>>>> Setting up well known security principals
>>>> Setting up sam.ldb users and groups
>>>> Setting up self join
>>>> Setting acl on sysvol skipped
>>>> Adding DNS accounts
>>>> Creating CN=MicrosoftDNS,CN=System,DC=home,DC=htt
>>>> Creating DomainDnsZones and ForestDnsZones partitions
>>>> Populating DomainDnsZones and ForestDnsZones partitions
>>>> See /var/lib/samba/private/named.conf for an example configuration 
>>>> include file for BIND
>>>> and /var/lib/samba/private/named.txt for further documentation 
>>>> required for secure DNS updates
>>>> Setting up sam.ldb rootDSE marking as synchronized
>>>> Fixing provision GUIDs
>>>> A Kerberos configuration suitable for Samba 4 has been generated at 
>>>> /var/lib/samba/private/krb5.conf
>>>> Setting up fake yp server settings
>>>> Once the above files are installed, your Samba4 server will be 
>>>> ready to use
>>>> Admin password:        ---------------
>>>> Server Role:           active directory domain controller
>>>> Hostname:              homebase
>>>> NetBIOS Domain:        HOME
>>>> DNS Domain:            home.htt
>>>> DOMAIN SID: S-1-5-21-4240919292-2417995422-4236335894
>>>> Importing WINS database
>>>> Importing Account policy
>>>> Importing idmap database
>>>> Cannot open idmap database, Ignoring: [Errno 2] No such file or 
>>>> directory
>> What is this error about?
>>>> Adding groups
>>>> Importing groups
>>>> Committing 'add groups' transaction to disk
>>>> Adding users
>>>> Importing users
>>>> Committing 'add users' transaction to disk
>>>> Adding users to groups
>>>> Committing 'add users to groups' transaction to disk
>>> What ldap error?
>> Too fast last evening...  See above about idmap, not ldap. ARGH!
> That is a fairly common error, now I have never actually done a 
> classicupgrade, but I think what it means is that it cannot find any 
> idmap info, seeing as how mostly this setting wasn't used, this is not 
> surprising.
>>> As far as I can see, you just upgraded to AD
>> That is good to know.
> Try running some tests with ldapsearch or ldbsearch, see if your users 
> & groups are there etc.

I have not worked with ldap.  Can you provide/point me to examples of 
such commands?

My users were all unix users that I have not created on my new server.  
In fact, I am wondering if I want to maintain that or do a different 
user method and put their homedir someplace other than /home/user.  What 
do you advise?  I will only have 2 - 8 users.  But I would like to 
generalize this.  Perhaps I can sell a arm7 based NAS  :)

More information about the samba mailing list