[Samba] Problems with migrating users and groups with classicupgrade
Rowland Penny
rowlandpenny241155 at gmail.com
Thu Sep 17 07:58:47 UTC 2015
On 16/09/15 22:15, Robert Moskowitz wrote:
>
>
> On 09/16/2015 05:03 PM, Rowland Penny wrote:
>> On 16/09/15 19:17, Robert Moskowitz wrote:
>>> I am assuming that I need to migrate my users and groups if I expect
>>> to move my user profiles.
>>>
>>> Migrating computers is a second question. But on with details.
>>>
>>> My current setup is a ClearOS server running as a PDC. I get the
>>> following information from it:
>>>
>>> # wbinfo -u
>>> winadmin
>>> guest
>>> rgm
>>> abba
>>> imma
>>> guest2
>>> superrgm
>>>
>>> After running:
>>>
>>> samba-tool domain classicupgrade --dbdir=/root/samba.PDC/dbdir/
>>> --use-xattrs=yes --realm=HOME.HTT --dns-backend=BIND9_DLZ
>>> /root/samba.PDC/etc/smb.conf
>>>
>>> and getting all the services running here I get:
>>>
>>> # wbinfo -u
>>> administrator
>>> dns-homebase
>>> dhcpduser
>>> krbtgt
>>> guest
>>>
>>> So what went wrong? Why did not my users make it through the
>>> migration? I am attaching the output of the upgrade. I have
>>> already changed the password, so don't yell at me for not blanking
>>> that out.
>>>
>>> # samba-tool domain classicupgrade --dbdir=/root/samba.PDC/dbdir/
>>> --use-xattrs=yes --realm=HOME.HTT --dns-backend=BIND9_DLZ
>>> /root/samba.PDC/etc/smb.conf
>>> Reading smb.conf
>>> NOTE: Service printers is flagged unavailable.
>>> NOTE: Service print$ is flagged unavailable.
>>> Unknown parameter encountered: "force directory security mode"
>>> Ignoring unknown parameter "force directory security mode"
>>> Provisioning
>>> Exporting account policy
>>> Exporting groups
>>> Exporting users
>>> Next rid = 1000
>>> Exporting posix attributes
>>> Reading WINS database
>>> Looking up IPv4 addresses
>>> Looking up IPv6 addresses
>>> No IPv6 address will be assigned
>>> Setting up share.ldb
>>> Setting up secrets.ldb
>>> Setting up the registry
>>> Setting up the privileges database
>>> Setting up idmap db
>>> Setting up SAM db
>>> Setting up sam.ldb partitions and settings
>>> Setting up sam.ldb rootDSE
>>> Pre-loading the Samba 4 and AD schema
>>> Adding DomainDN: DC=home,DC=htt
>>> Adding configuration container
>>> Setting up sam.ldb schema
>>> Setting up sam.ldb configuration data
>>> Setting up display specifiers
>>> Modifying display specifiers
>>> Adding users container
>>> Modifying users container
>>> Adding computers container
>>> Modifying computers container
>>> Setting up sam.ldb data
>>> Setting up well known security principals
>>> Setting up sam.ldb users and groups
>>> Setting up self join
>>> Setting acl on sysvol skipped
>>> Adding DNS accounts
>>> Creating CN=MicrosoftDNS,CN=System,DC=home,DC=htt
>>> Creating DomainDnsZones and ForestDnsZones partitions
>>> Populating DomainDnsZones and ForestDnsZones partitions
>>> Unable to find group id for BIND,
>>> set permissions to sam.ldb* files manually
>>> BIND version unknown, please modify
>>> /var/lib/samba/private/named.conf manually.
>>> See /var/lib/samba/private/named.conf for an example configuration
>>> include file for BIND
>>> and /var/lib/samba/private/named.txt for further documentation
>>> required for secure DNS updates
>>> Setting up sam.ldb rootDSE marking as synchronized
>>> Fixing provision GUIDs
>>> A Kerberos configuration suitable for Samba 4 has been generated at
>>> /var/lib/samba/private/krb5.conf
>>> Setting up fake yp server settings
>>> Once the above files are installed, your Samba4 server will be ready
>>> to use
>>> Admin password: ~G6;C~ojZ3<elpCAx[MH
>>> Server Role: active directory domain controller
>>> Hostname: homebase
>>> NetBIOS Domain: HOME
>>> DNS Domain: home.htt
>>> DOMAIN SID: S-1-5-21-4240919292-2417995422-4236335894
>>> Importing WINS database
>>> Importing Account policy
>>> Importing idmap database
>>> Cannot open idmap database, Ignoring: [Errno 2] No such file or
>>> directory
>>> Adding groups
>>> Importing groups
>>> Committing 'add groups' transaction to disk
>>> Adding users
>>> Importing users
>>> Committing 'add users' transaction to disk
>>> Adding users to groups
>>> Committing 'add users to groups' transaction to disk
>>>
>>>
>>>
>>
>> what version of Clearos, where were the users & groups stored, can
>> you post the smb.conf from the Clearos server
>
> # cat /etc/clearos-release
> ClearOS Community release 6.6.0 (Final)
>
> But I built it on 6.0. Back in Dec 2013.
>
> I am using linux users:
>
> # ls /home/ -ls
> total 216
> 4 drwx------. 3 abba allusers 4096 Jun 10 22:48 abba
> 4 drwx------ 2 guest2 allusers 4096 Apr 13 2013 guest2
> 184 drwx------ 120 imma allusers 184320 Sep 13 18:25 imma
> 16 drwx------. 2 root root 16384 Apr 11 2013 lost+found
> 4 drwx------. 2 rgm allusers 4096 Apr 11 2013 rgm
> 4 drwx------ 2 superrgm allusers 4096 Apr 13 2013 superrgm
>
>
> # cat /etc/samba/smb.conf
> [global]
> # General
> netbios name = HOMEBASE
> workgroup = HOME
> server string = home
> security = user
>
> # Logging
> syslog = 0
> log level = 1
> log file = /var/log/samba/%L-%m
> max log size = 0
> utmp = Yes
>
> # Network
> bind interfaces only = No
> interfaces = lo eth0
> smb ports = 139
>
> # Printing
> printcap name = /etc/printcap
> load printers = Yes
>
> # Security settings
> guest account = guest
> #restrict anonymous = 2
>
> # WINS
> wins support = Yes
> wins server =
>
> # PDC/BDC
> domain logons = Yes
> add machine script = /usr/sbin/samba-add-machine "%u"
> logon drive = H:
> logon script = %U.cmd
> logon path = \\%L\profiles\%U
> logon home = \\%L\%U
>
> # Winbind
> idmap config * : backend = ldap
> idmap config * : range = 20000000-29999999
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind offline logon = false
> winbind use default domain = true
> winbind separator = +
> template homedir = /home/%U
> template shell = /sbin/nologin
>
> # Other
> preferred master = Yes
> domain master = Yes
> passwd program = /usr/sbin/userpasswd %u
> passwd chat = *password:* %n\n *password:* %n\n *successfully.*
> passwd chat timeout = 10
> username map = /etc/samba/smbusers
> wide links = No
>
> # LDAP settings
> include = /etc/samba/smb.ldap.conf
>
> # Winbind LDAP settings
> include = /etc/samba/smb.winbind.conf
>
> #============================ Share Definitions
> ==============================
>
> # Flexshare
> # include = /etc/samba/flexshare.conf
>
> include = /etc/samba/flexshare.conf
>
> include = /etc/samba/extras.conf
>
> [homes]
> comment = Home Directories
> path = /home/%U
> valid users = %D\%S, %D+%S, %S
> read only = No
> browseable = No
> available = Yes
>
> [printers]
> comment = Print Spool
> path = /var/spool/samba
> printing = cups
> cups options = raw
> use client driver = Yes
> printable = Yes
> read only = No
> browseable = No
> available = No
>
> [print$]
> comment = Printer Drivers
> path = /var/samba/drivers
> read only = No
> browseable = No
> available = No
>
> [netlogon]
> comment = Network Logon Service
> path = /var/samba/netlogon
> read only = No
> locking = No
> browseable = No
> available = Yes
>
> [profiles]
> comment = Profile Share
> path = /var/samba/profiles
> read only = No
> profile acls = Yes
> browseable = No
> available = Yes
> force group = domain_users
> force directory mode = 02775
> force directory security mode = 02775
>
>
>
What is in the include files, it looks like the user & group info is
stored in ldap
Rowland
More information about the samba
mailing list