[Samba] security = ads, backend = ad parameter not working in samba 4.10.10

Sérgio Basto sergio at serjux.com
Thu Dec 5 19:08:11 UTC 2019


On Thu, 2019-12-05 at 18:34 +0000, Rowland penny via samba wrote:
> On 05/12/2019 17:48, Sérgio Basto wrote:
> > I did migration with something like this :
> > 
> > ldbsearch -H /opt/samba/private/sam.ldb -s sub -b
> > dc=old_ad,dc=local
> > '(objectClass=user)' > user-export2.ldif
> > scp user-export2.ldif to_the_new_machine:
> > 
> > in new machine :
> > 
> > sed -i 's/DC=old_ad/DC=corp/g; s/old_ad.local/corp.local/g' user-
> > export2.ldif
> > sed -i bla bla  user-export2.ldif
> > 
> > ldbmodify -H /var/lib/samba/private/sam.ldb --
> > controls=local_oid:1.3.6.1.4.1.7165.4.3.12:0 user-export2.ldif
> > 
> Sorry, but it is more involved than that, you should have joined a
> new 
> DC, then demoted the old DC, you might have had to do this a few
> times 
> to move from Samba 4.x.x to a supported Samba version.
> 
> I am very surprised that this worked in any way at all.

I did a new AD with a new name.  
Samba 4.0.0 don't have demote , I move from a Sernet software to a free
and open software in Centos 7 (I use RedHat flavor since 2001) . 
I just migrate the users and his password nothing more  ... I had to
remove a lot of fields,  OU(s) etc for example: [1] .

And is working very well, I'm very happy, yesterday I upgrade all DC(s)
to samba 4.10.10 and it was very smooth .

And well, I want add a new uidNumber and gidNumber to every user and
group in AD , how I can do that  ? to use backend = ad , I want use
backend = ad .

Thank you.


[1]

sed -i
'/^instanceType/d;/^whenCreated/d;/^whenChanged/d;/^uSNCreated/d;/^uSNC
hanged/d;/^objectGUID/d;/^codePage/d;/^countryCode/d;/^pwdLastSet/d;/^p
rimaryGroupID/d;/^objectSid/d;/^sAMAccountType/d;/^sAMAccountType/d;/^l
ockoutTime/d;/^isCriticalSystemObject/d' user-exporttest.ldif 



> Rowland
> 
> 
> 
> 
-- 
Sérgio M. B.




More information about the samba mailing list