[Samba] Migrating from Samba 3: no groups/users are imported ("listed, but then not found", "does not belong to our domain")

Konstantin Boyandin lists at boyandin.info
Thu Sep 6 09:03:23 UTC 2018 

Rowland Penny via samba wrote 2018-09-06 14:37:
> On Thu, 06 Sep 2018 12:22:11 +0700
> Konstantin Boyandin via samba <samba at lists.samba.org> wrote:
> 
>> Rowland Penny via samba wrote 2018-09-05 15:56:
>> > On Wed, 05 Sep 2018 15:26:30 +0700
>> > Konstantin Boyandin via samba <samba at lists.samba.org> wrote:
>> >>
>> >> Exactly that. I need to create a separate domain; after all the
>> >> checks are done that switching to it works, the computers will
>> >> rejoin the new domain. Our Samba 3 domain is used for years; since
>> >> Window 10 is unable to join it any more, we are finally migrating
>> >> everything to Samba 4.
>> >
>> > Then you might as well just provision a new domain, dump your users,
>> > groups etc to a file. Write a script to parse the file and then add
>> > them to your new AD.
>> 
>> Current approach does import users and groups; it only fails to
>> assign users to groups properly. It can do already, but I would
>> prefer less manual interaction.
>> 
>> >> Note: every user belongs to "Domain Users" group, other group
>> >> memberships are lost.
>> >
>> > Yes, every AD users primary group is Domain Users, your other
>> > problem is very probably being caused by the way you are trying to
>> > bend the classicupgrade upgrade script
>> 
>> I am not sure what I am "bending".
> 
> The whole idea behind a classicupgrade is that you start with an
> NT4-style PDC and end up with an AD DC. Your users, groups, etc have
> the same RID's, the domain has the SID, all passwords are retained,
> all RFC2307 attrinutes are retained and finally, the clients do not
> notice.
> 
>> The classic upgrade did fail in exactly the same way even when I
>> tried to do it literally as the corresponding guide tells:
> 
> Then there must be something wrong with your PDC, perhaps it was just
> too old.

samba-3.6.23 based (CentOS 6).

In any case, re-adding users to groups manually is a lesser evil, it can 
be done in batch mode.

Sincerely,
Konstantin

More information about the samba mailing list