[Samba] Unable_to_migrate_shares_from_AD_to_file_server

Srikar Somineni srikars at vedams.com
Fri Jun 2 11:55:43 UTC 2017 

Hi Rowland,
            I followed your suggestions and changed the smb.conf file.
Currently my smb.conf file looks like below.
[global]
    workgroup = SAMDOM
    security = ADS
    realm = SAMDOM.LOCAL
    wins server = SAMDOM.LOCAL
    password server = SAMDOM.LOCAL
    domain master = no
    local master = no
    preferred master = no
    idmap backend = tdb
    idmap config *:range = 20000-99999
    idmap config SAMDOM:backend = rid
    idmap config SAMDOM:range = 10000-99999
    winbind enum users = yes
    winbind enum groups = yes
    winbind use default domain = yes
    winbind nested groups = yes
    winbind refresh tickets = yes
    winbind offline logon = true
    template shell = /bin/bash
    client use spnego = yes
    client ntlmv2 auth = yes
    encrypt passwords = yes
    restrict anonymous = 2
    log file = /var/log/samba/samba.log
    log level = 2
    passdb backend = tdbsam
    map untrusted to domain = Yes
    username map = /usr/local/samba/etc/user.map
[demouser]
    path = /tmp/demouser
    users = @SAMDOM/Administrator
    force group = "domain users"
    writable = yes
    read only = no
    force create mode = 0660
    create mask = 0777
    directory mask = 0777
    force directory mode = 0770
    access based share enum = yes
    hide unreadable = yes

I have mapped "Administrator" domain user to local root in user.map file
and added the location of file to smb.conf.
Also changed idmap config from "*" to AD Domain name.
After making these changes restarted the samba and winbind servers, left
the domain and joined again. Again restarted the samba and winbind servers.
Later when I ran "net rpc share migrate shares" command, faced the same
error (WERR_ACCESS_DENIED) again.
Also for "net rpc share migrate files" command got the previous
error(NT_STATUS_REVISION_MISMATCH).
Am I still missing anything in the configuration file ?

I went through Samba-HOWTO document and learned that, it is better to run
"net rpc vampire" command prior to migrating shares or files with "net rpc"
and got the below error.

# net rpc vampire -U administrator -S samdom.local --force
Cannot import users from samdom at this time, as the current domain:
        <Domain-Member-Server>: S-1-5-21-3946493590-2691586179-362208375
conflicts with the remote domain
        SAMDOM: S-1-5-21-3130717435-2775834446-724000085
Perhaps you need to set:

        security=user
        workgroup=SAMDOM

 in your smb.conf?

Can you please tell me what the above error is?


Thanks & Regards,
S.Srikar.

More information about the samba mailing list