[Samba] classicupgrade

Pisch Tamás pischta at gmail.com
Thu Jul 9 09:42:52 UTC 2015


I have Samba3 domain, and I test the upgrade process to Samba4 AD (Samba
3.6.6->4.1.17). After classicupgrade I found a problem. I created a test
file, and wanted to change its group with chown "xy:Domain Users" testfile.
I got an error message: invalid group: "xy:Domain Users"  (I think, because
the message was localised).
chown xy testfile works.
I had old files with group Domain Users. I see now 513 as group for them. I
realised that in the ldap database, the "well known" groups don't have
gidNumber. The users and grups which I created in Samba3 seems ok, they
have correct gidNumber and uidNumber, and I can use chown locally with them.
I added the gidNumber attribute to the "well known" groups manually, but
Domain Users not yet resolvable locally. I can give Domain Users as group
from a Windows client.
How can I solve that, so I can list and give all groups for files on the
Another question. I wanted to do the classicupgrade with Sernet Samba 4.2,
but it turned out that Sernet Samba packages conflicts with openldap, and I
use Samba3 with ldap backend. Can I use classicupgrade with Sernet Samba?

Domain Users group in Samba3 LDAP:
# Domain Users, Groups, xxx.site
dn: cn=Domain Users,ou=Groups,dc=xxx,dc=site
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 513
cn: Domain Users
description: Netbios Domain Users
sambaSID: S-1-5-21-1056419617-429938706-1326152232-513
sambaGroupType: 2
displayName: Domain Users

Domain Users group in Samba4 LDAP:
# Domain Users, Users, xxx.site
dn: CN=Domain Users,CN=Users,DC=xxx,DC=site
objectClass: top
objectClass: group
cn: Domain Users
description: All domain users
instanceType: 4
whenCreated: 20150629123547.0Z
uSNCreated: 3541
name: Domain Users
objectGUID:: hHJ5GJofV0aJknLVt9Xm7g==
sAMAccountName: Domain Users
sAMAccountType: 268435456
groupType: -2147483646
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=xxx,DC=site
isCriticalSystemObject: TRUE
memberOf: CN=Users,CN=Builtin,DC=xxx,DC=site
gidNumber: 513
whenChanged: 20150707092753.0Z
uSNChanged: 9518
distinguishedName: CN=Domain Users,CN=Users,DC=xxx,DC=site

smb.conf global section:
    workgroup = XXX
    realm = xxx.site
    interfaces = lo, eth0
    bind interfaces only = Yes
    server role = active directory domain controller
    passdb backend = samba_dsdb
    kerberos method = system keytab
    client ldap sasl wrapping = sign
    winbind separator = /
    allow dns updates = nonsecure and secure
    nsupdate command = /usr/bin/nsupdate -g
    server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbind, ntp_signd, kcc, dnsupdate
    rpc_server:tcpip = no
    rpc_daemon:spoolssd = embedded
    rpc_server:spoolss = embedded
    rpc_server:winreg = embedded
    rpc_server:ntsvcs = embedded
    rpc_server:eventlog = embedded
    rpc_server:srvsvc = embedded
    rpc_server:svcctl = embedded
    rpc_server:default = external
    idmap_ldb:use rfc2307 = yes
    idmap config * : backend = tdb
    map archive = No
    map readonly = no
    store dos attributes = Yes
    vfs objects = dfs_samba4, acl_xattr



More information about the samba mailing list