[Samba] Problems with migrating users and groups with classicupgrade

Robert Moskowitz rgm at htt-consult.com
Wed Sep 16 21:15:19 UTC 2015 


On 09/16/2015 05:03 PM, Rowland Penny wrote:
> On 16/09/15 19:17, Robert Moskowitz wrote:
>> I am assuming that I need to migrate my users and groups if I expect 
>> to move my user profiles.
>>
>> Migrating computers is a second question.  But on with details.
>>
>> My current setup is a ClearOS server running as a PDC.  I get the 
>> following information from it:
>>
>> # wbinfo -u
>> winadmin
>> guest
>> rgm
>> abba
>> imma
>> guest2
>> superrgm
>>
>> After running:
>>
>> samba-tool domain classicupgrade --dbdir=/root/samba.PDC/dbdir/ 
>> --use-xattrs=yes --realm=HOME.HTT --dns-backend=BIND9_DLZ 
>> /root/samba.PDC/etc/smb.conf
>>
>> and getting all the services running here I get:
>>
>> # wbinfo -u
>> administrator
>> dns-homebase
>> dhcpduser
>> krbtgt
>> guest
>>
>> So what went wrong?  Why did not my users make it through the 
>> migration?  I am attaching the output of the upgrade.  I have already 
>> changed the password, so don't yell at me for not blanking that out.
>>
>> # samba-tool domain classicupgrade --dbdir=/root/samba.PDC/dbdir/ 
>> --use-xattrs=yes --realm=HOME.HTT --dns-backend=BIND9_DLZ 
>> /root/samba.PDC/etc/smb.conf
>> Reading smb.conf
>> NOTE: Service printers is flagged unavailable.
>> NOTE: Service print$ is flagged unavailable.
>> Unknown parameter encountered: "force directory security mode"
>> Ignoring unknown parameter "force directory security mode"
>> Provisioning
>> Exporting account policy
>> Exporting groups
>> Exporting users
>> Next rid = 1000
>> Exporting posix attributes
>> Reading WINS database
>> Looking up IPv4 addresses
>> Looking up IPv6 addresses
>> No IPv6 address will be assigned
>> Setting up share.ldb
>> Setting up secrets.ldb
>> Setting up the registry
>> Setting up the privileges database
>> Setting up idmap db
>> Setting up SAM db
>> Setting up sam.ldb partitions and settings
>> Setting up sam.ldb rootDSE
>> Pre-loading the Samba 4 and AD schema
>> Adding DomainDN: DC=home,DC=htt
>> Adding configuration container
>> Setting up sam.ldb schema
>> Setting up sam.ldb configuration data
>> Setting up display specifiers
>> Modifying display specifiers
>> Adding users container
>> Modifying users container
>> Adding computers container
>> Modifying computers container
>> Setting up sam.ldb data
>> Setting up well known security principals
>> Setting up sam.ldb users and groups
>> Setting up self join
>> Setting acl on sysvol skipped
>> Adding DNS accounts
>> Creating CN=MicrosoftDNS,CN=System,DC=home,DC=htt
>> Creating DomainDnsZones and ForestDnsZones partitions
>> Populating DomainDnsZones and ForestDnsZones partitions
>> Unable to find group id for BIND,
>>                 set permissions to sam.ldb* files manually
>> BIND version unknown, please modify /var/lib/samba/private/named.conf 
>> manually.
>> See /var/lib/samba/private/named.conf for an example configuration 
>> include file for BIND
>> and /var/lib/samba/private/named.txt for further documentation 
>> required for secure DNS updates
>> Setting up sam.ldb rootDSE marking as synchronized
>> Fixing provision GUIDs
>> A Kerberos configuration suitable for Samba 4 has been generated at 
>> /var/lib/samba/private/krb5.conf
>> Setting up fake yp server settings
>> Once the above files are installed, your Samba4 server will be ready 
>> to use
>> Admin password:        ~G6;C~ojZ3<elpCAx[MH
>> Server Role:           active directory domain controller
>> Hostname:              homebase
>> NetBIOS Domain:        HOME
>> DNS Domain:            home.htt
>> DOMAIN SID:            S-1-5-21-4240919292-2417995422-4236335894
>> Importing WINS database
>> Importing Account policy
>> Importing idmap database
>> Cannot open idmap database, Ignoring: [Errno 2] No such file or 
>> directory
>> Adding groups
>> Importing groups
>> Committing 'add groups' transaction to disk
>> Adding users
>> Importing users
>> Committing 'add users' transaction to disk
>> Adding users to groups
>> Committing 'add users to groups' transaction to disk
>>
>>
>>
>
> what version of Clearos, where were the users & groups stored, can you 
> post the smb.conf from the Clearos server

# cat /etc/clearos-release
ClearOS Community release 6.6.0 (Final)

But I built it on 6.0.  Back in Dec 2013.

I am using linux users:

# ls /home/ -ls
total 216
   4 drwx------.   3 abba     allusers   4096 Jun 10 22:48 abba
   4 drwx------    2 guest2   allusers   4096 Apr 13  2013 guest2
184 drwx------  120 imma     allusers 184320 Sep 13 18:25 imma
  16 drwx------.   2 root     root      16384 Apr 11  2013 lost+found
   4 drwx------.   2 rgm      allusers   4096 Apr 11  2013 rgm
   4 drwx------    2 superrgm allusers   4096 Apr 13  2013 superrgm


# cat /etc/samba/smb.conf
[global]
# General
netbios name = HOMEBASE
workgroup = HOME
server string = home
security = user

# Logging
syslog = 0
log level = 1
log file = /var/log/samba/%L-%m
max log size = 0
utmp = Yes

# Network
bind interfaces only = No
interfaces = lo eth0
smb ports = 139

# Printing
printcap name = /etc/printcap
load printers = Yes

# Security settings
guest account = guest
#restrict anonymous = 2

# WINS
wins support = Yes
wins server =

# PDC/BDC
domain logons = Yes
add machine script = /usr/sbin/samba-add-machine "%u"
logon drive = H:
logon script = %U.cmd
logon path = \\%L\profiles\%U
logon home = \\%L\%U

# Winbind
idmap config * : backend = ldap
idmap config * : range = 20000000-29999999
winbind enum users = Yes
winbind enum groups = Yes
winbind offline logon = false
winbind use default domain = true
winbind separator = +
template homedir = /home/%U
template shell = /sbin/nologin

# Other
preferred master = Yes
domain master = Yes
passwd program = /usr/sbin/userpasswd %u
passwd chat = *password:* %n\n *password:* %n\n *successfully.*
passwd chat timeout = 10
username map = /etc/samba/smbusers
wide links = No

# LDAP settings
include = /etc/samba/smb.ldap.conf

# Winbind LDAP settings
include = /etc/samba/smb.winbind.conf

#============================ Share Definitions 
==============================

# Flexshare
# include = /etc/samba/flexshare.conf

include = /etc/samba/flexshare.conf

include = /etc/samba/extras.conf

[homes]
     comment = Home Directories
     path = /home/%U
     valid users = %D\%S, %D+%S, %S
     read only = No
     browseable = No
     available = Yes

[printers]
     comment = Print Spool
     path = /var/spool/samba
     printing = cups
     cups options = raw
     use client driver = Yes
     printable = Yes
     read only = No
     browseable = No
     available = No

[print$]
     comment = Printer Drivers
     path = /var/samba/drivers
     read only = No
     browseable = No
     available = No

[netlogon]
     comment = Network Logon Service
     path = /var/samba/netlogon
     read only = No
     locking = No
     browseable = No
     available = Yes

[profiles]
     comment = Profile Share
     path = /var/samba/profiles
     read only = No
     profile acls = Yes
     browseable = No
     available = Yes
     force group = domain_users
     force directory mode = 02775
     force directory security mode = 02775

More information about the samba mailing list