[Samba] classic upgrade woes, ignores realm

Patrick von der Hagen patrick.vdhagen at wiso-tech.de
Sun Mar 31 11:37:44 UTC 2019 

I am running samba as a fileserver, having some users (LDAP backend) and 
lots of files. No machines ever joined this setup. Now I want to join 
some clients, but want to upgrade to AD before I do that. Configuration 
is quite old, but had no issues so far. I've been following 
https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade)

Since the LDAP backend runs on the old server and blocks ports 389/636, 
I want to follow "Upgrading on a new server" and I want to follow 
"Domain Controller name" because the new server has a different name, 
which should be "DC1".

The new server ist running Ubuntu 18.10, which provides samba 4.8.4. 
Provisioning a new domain works flawless, no issues there. But I really 
want to perform an upgrade, migrating users and groups.

In smb.conf, "netbios name = DC1" and "workgroup = WORKGROUP", hostname 
returns "dc1", hostname -f returns "dc1.samdom.domain.de".

I prepared a local slapd and copied the samba-databases.

I start the process like this:

samba-tool domain classicupgrade --dbdir=/root/samba/ 
--realm=samdom.domain.de --dns-backend=SAMBA_INTERNAL -d 2 /root/smb.conf

Output:
...
smbldap_search_domain_info: Searching 
for:[(&(objectClass=sambaDomain)(sambaDomainName=DC1))]
...
sid S-1-5-21-... does not belong to our domain
...
Cannot open wins database, Ignoring: [Errno 2] No such file or 
directory: '/root/samba/wins.dat'
...
Adding DomainDN: DC=DC1
DN: DC=DC1 is a NC
...
Admin password:        xxxxxxxxxxxxxxxxxxxxx
Server Role:           standalone server
Hostname:              dc1
NetBIOS Domain:        DC1
DNS Domain:            dc1
DOMAIN SID:            S-1-5-21-2467318493-10260708-2946515883
...
Cannot open idmap database, Ignoring: [Errno 2] No such file or directory
...

Content of /etc/samba/smb.conf (complete!):
[global]
         log level = 2
         netbios name = DC1
         passdb backend = samba_dsdb
         realm = SAMDOM.DOMAIN.DE
         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, 
drepl, winbindd, ntp_signd, kcc, dnsupdate
         workgroup = WORKGROUP
         idmap_ldb:use rfc2307 = yes

Obviously, smb.conf is no complete.

My questions:

Documentation says, to change "netbios name" before upgrade if you want 
to change the domain controller name. But it is used in the ldap query 
for sambaDomainName, so currently I have to change it to WORKGROUP in 
order to import the LDAP data. How do I fix that?

"DNS Domain" should be the realm I specified at the commandline? Why is 
it ignored and why is sambaDomainName used instead?

Is it normal to get a smb.conf file that does not work? Is it indended 
as a starting point of should it convert my previous configuration? At 
least "server role" is missing and "server services" contains 
"dnsupdate" which it should not with SAMBA_INTERNAL.

Do I have to worry about wins.dat missing? I don't have such a file.

Best regards
Patrick

More information about the samba mailing list