[Samba] Problems with migrating users and groups with classicupgrade

Rowland Penny rowlandpenny241155 at gmail.com
Thu Sep 17 07:58:47 UTC 2015 

On 16/09/15 22:15, Robert Moskowitz wrote:
>
>
> On 09/16/2015 05:03 PM, Rowland Penny wrote:
>> On 16/09/15 19:17, Robert Moskowitz wrote:
>>> I am assuming that I need to migrate my users and groups if I expect 
>>> to move my user profiles.
>>>
>>> Migrating computers is a second question.  But on with details.
>>>
>>> My current setup is a ClearOS server running as a PDC.  I get the 
>>> following information from it:
>>>
>>> # wbinfo -u
>>> winadmin
>>> guest
>>> rgm
>>> abba
>>> imma
>>> guest2
>>> superrgm
>>>
>>> After running:
>>>
>>> samba-tool domain classicupgrade --dbdir=/root/samba.PDC/dbdir/ 
>>> --use-xattrs=yes --realm=HOME.HTT --dns-backend=BIND9_DLZ 
>>> /root/samba.PDC/etc/smb.conf
>>>
>>> and getting all the services running here I get:
>>>
>>> # wbinfo -u
>>> administrator
>>> dns-homebase
>>> dhcpduser
>>> krbtgt
>>> guest
>>>
>>> So what went wrong?  Why did not my users make it through the 
>>> migration?  I am attaching the output of the upgrade.  I have 
>>> already changed the password, so don't yell at me for not blanking 
>>> that out.
>>>
>>> # samba-tool domain classicupgrade --dbdir=/root/samba.PDC/dbdir/ 
>>> --use-xattrs=yes --realm=HOME.HTT --dns-backend=BIND9_DLZ 
>>> /root/samba.PDC/etc/smb.conf
>>> Reading smb.conf
>>> NOTE: Service printers is flagged unavailable.
>>> NOTE: Service print$ is flagged unavailable.
>>> Unknown parameter encountered: "force directory security mode"
>>> Ignoring unknown parameter "force directory security mode"
>>> Provisioning
>>> Exporting account policy
>>> Exporting groups
>>> Exporting users
>>> Next rid = 1000
>>> Exporting posix attributes
>>> Reading WINS database
>>> Looking up IPv4 addresses
>>> Looking up IPv6 addresses
>>> No IPv6 address will be assigned
>>> Setting up share.ldb
>>> Setting up secrets.ldb
>>> Setting up the registry
>>> Setting up the privileges database
>>> Setting up idmap db
>>> Setting up SAM db
>>> Setting up sam.ldb partitions and settings
>>> Setting up sam.ldb rootDSE
>>> Pre-loading the Samba 4 and AD schema
>>> Adding DomainDN: DC=home,DC=htt
>>> Adding configuration container
>>> Setting up sam.ldb schema
>>> Setting up sam.ldb configuration data
>>> Setting up display specifiers
>>> Modifying display specifiers
>>> Adding users container
>>> Modifying users container
>>> Adding computers container
>>> Modifying computers container
>>> Setting up sam.ldb data
>>> Setting up well known security principals
>>> Setting up sam.ldb users and groups
>>> Setting up self join
>>> Setting acl on sysvol skipped
>>> Adding DNS accounts
>>> Creating CN=MicrosoftDNS,CN=System,DC=home,DC=htt
>>> Creating DomainDnsZones and ForestDnsZones partitions
>>> Populating DomainDnsZones and ForestDnsZones partitions
>>> Unable to find group id for BIND,
>>>                 set permissions to sam.ldb* files manually
>>> BIND version unknown, please modify 
>>> /var/lib/samba/private/named.conf manually.
>>> See /var/lib/samba/private/named.conf for an example configuration 
>>> include file for BIND
>>> and /var/lib/samba/private/named.txt for further documentation 
>>> required for secure DNS updates
>>> Setting up sam.ldb rootDSE marking as synchronized
>>> Fixing provision GUIDs
>>> A Kerberos configuration suitable for Samba 4 has been generated at 
>>> /var/lib/samba/private/krb5.conf
>>> Setting up fake yp server settings
>>> Once the above files are installed, your Samba4 server will be ready 
>>> to use
>>> Admin password:        ~G6;C~ojZ3<elpCAx[MH
>>> Server Role:           active directory domain controller
>>> Hostname:              homebase
>>> NetBIOS Domain:        HOME
>>> DNS Domain:            home.htt
>>> DOMAIN SID: S-1-5-21-4240919292-2417995422-4236335894
>>> Importing WINS database
>>> Importing Account policy
>>> Importing idmap database
>>> Cannot open idmap database, Ignoring: [Errno 2] No such file or 
>>> directory
>>> Adding groups
>>> Importing groups
>>> Committing 'add groups' transaction to disk
>>> Adding users
>>> Importing users
>>> Committing 'add users' transaction to disk
>>> Adding users to groups
>>> Committing 'add users to groups' transaction to disk
>>>
>>>
>>>
>>
>> what version of Clearos, where were the users & groups stored, can 
>> you post the smb.conf from the Clearos server
>
> # cat /etc/clearos-release
> ClearOS Community release 6.6.0 (Final)
>
> But I built it on 6.0.  Back in Dec 2013.
>
> I am using linux users:
>
> # ls /home/ -ls
> total 216
>   4 drwx------.   3 abba     allusers   4096 Jun 10 22:48 abba
>   4 drwx------    2 guest2   allusers   4096 Apr 13  2013 guest2
> 184 drwx------  120 imma     allusers 184320 Sep 13 18:25 imma
>  16 drwx------.   2 root     root      16384 Apr 11  2013 lost+found
>   4 drwx------.   2 rgm      allusers   4096 Apr 11  2013 rgm
>   4 drwx------    2 superrgm allusers   4096 Apr 13  2013 superrgm
>
>
> # cat /etc/samba/smb.conf
> [global]
> # General
> netbios name = HOMEBASE
> workgroup = HOME
> server string = home
> security = user
>
> # Logging
> syslog = 0
> log level = 1
> log file = /var/log/samba/%L-%m
> max log size = 0
> utmp = Yes
>
> # Network
> bind interfaces only = No
> interfaces = lo eth0
> smb ports = 139
>
> # Printing
> printcap name = /etc/printcap
> load printers = Yes
>
> # Security settings
> guest account = guest
> #restrict anonymous = 2
>
> # WINS
> wins support = Yes
> wins server =
>
> # PDC/BDC
> domain logons = Yes
> add machine script = /usr/sbin/samba-add-machine "%u"
> logon drive = H:
> logon script = %U.cmd
> logon path = \\%L\profiles\%U
> logon home = \\%L\%U
>
> # Winbind
> idmap config * : backend = ldap
> idmap config * : range = 20000000-29999999
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind offline logon = false
> winbind use default domain = true
> winbind separator = +
> template homedir = /home/%U
> template shell = /sbin/nologin
>
> # Other
> preferred master = Yes
> domain master = Yes
> passwd program = /usr/sbin/userpasswd %u
> passwd chat = *password:* %n\n *password:* %n\n *successfully.*
> passwd chat timeout = 10
> username map = /etc/samba/smbusers
> wide links = No
>
> # LDAP settings
> include = /etc/samba/smb.ldap.conf
>
> # Winbind LDAP settings
> include = /etc/samba/smb.winbind.conf
>
> #============================ Share Definitions 
> ==============================
>
> # Flexshare
> # include = /etc/samba/flexshare.conf
>
> include = /etc/samba/flexshare.conf
>
> include = /etc/samba/extras.conf
>
> [homes]
>     comment = Home Directories
>     path = /home/%U
>     valid users = %D\%S, %D+%S, %S
>     read only = No
>     browseable = No
>     available = Yes
>
> [printers]
>     comment = Print Spool
>     path = /var/spool/samba
>     printing = cups
>     cups options = raw
>     use client driver = Yes
>     printable = Yes
>     read only = No
>     browseable = No
>     available = No
>
> [print$]
>     comment = Printer Drivers
>     path = /var/samba/drivers
>     read only = No
>     browseable = No
>     available = No
>
> [netlogon]
>     comment = Network Logon Service
>     path = /var/samba/netlogon
>     read only = No
>     locking = No
>     browseable = No
>     available = Yes
>
> [profiles]
>     comment = Profile Share
>     path = /var/samba/profiles
>     read only = No
>     profile acls = Yes
>     browseable = No
>     available = Yes
>     force group = domain_users
>     force directory mode = 02775
>     force directory security mode = 02775
>
>
>

What is in the include files, it looks like the user & group info is 
stored in ldap

Rowland

More information about the samba mailing list