[Samba] classic upgrade woes, ignores realm
Patrick von der Hagen
patrick.vdhagen at wiso-tech.de
Sun Mar 31 12:37:44 UTC 2019
Am 31.03.19 um 14:08 schrieb Rowland Penny via samba:
> On Sun, 31 Mar 2019 13:37:44 +0200
> Patrick von der Hagen via samba <samba at lists.samba.org> wrote:
>
>> I am running samba as a fileserver, having some users (LDAP backend)
>> and lots of files. No machines ever joined this setup. Now I want to
>> join some clients, but want to upgrade to AD before I do that.
>> Configuration is quite old, but had no issues so far. I've been
>> following
>> https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade)
>>
>> Since the LDAP backend runs on the old server and blocks ports
>> 389/636, I want to follow "Upgrading on a new server" and I want to
>> follow "Domain Controller name" because the new server has a
>> different name, which should be "DC1".
>>
>> The new server ist running Ubuntu 18.10, which provides samba 4.8.4.
>> Provisioning a new domain works flawless, no issues there. But I
>> really want to perform an upgrade, migrating users and groups.
>>
>> In smb.conf, "netbios name = DC1" and "workgroup = WORKGROUP",
>> hostname returns "dc1", hostname -f returns "dc1.samdom.domain.de".
>>
>> I prepared a local slapd and copied the samba-databases.
>>
>> I start the process like this:
>>
>> samba-tool domain classicupgrade --dbdir=/root/samba/
>> --realm=samdom.domain.de --dns-backend=SAMBA_INTERNAL -d
>> 2 /root/smb.conf
>>
>> Output:
>> ...
>> smbldap_search_domain_info: Searching
>> for:[(&(objectClass=sambaDomain)(sambaDomainName=DC1))]
>> ...
>> sid S-1-5-21-... does not belong to our domain
>> ...
>> Cannot open wins database, Ignoring: [Errno 2] No such file or
>> directory: '/root/samba/wins.dat'
>> ...
>> Adding DomainDN: DC=DC1
>> DN: DC=DC1 is a NC
>> ...
>> Admin password: xxxxxxxxxxxxxxxxxxxxx
>> Server Role: standalone server
>> Hostname: dc1
>> NetBIOS Domain: DC1
>> DNS Domain: dc1
>> DOMAIN SID: S-1-5-21-2467318493-10260708-2946515883
>> ...
>> Cannot open idmap database, Ignoring: [Errno 2] No such file or
>> directory ...
>>
>> Content of /etc/samba/smb.conf (complete!):
>> [global]
>> log level = 2
>> netbios name = DC1
>> passdb backend = samba_dsdb
>> realm = SAMDOM.DOMAIN.DE
>> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
>> drepl, winbindd, ntp_signd, kcc, dnsupdate
>> workgroup = WORKGROUP
>> idmap_ldb:use rfc2307 = yes
>>
>> Obviously, smb.conf is no complete.
>>
>> My questions:
>>
>> Documentation says, to change "netbios name" before upgrade if you
>> want to change the domain controller name. But it is used in the ldap
>> query for sambaDomainName, so currently I have to change it to
>> WORKGROUP in order to import the LDAP data. How do I fix that?
>>
>> "DNS Domain" should be the realm I specified at the commandline? Why
>> is it ignored and why is sambaDomainName used instead?
>>
>> Is it normal to get a smb.conf file that does not work? Is it
>> indended as a starting point of should it convert my previous
>> configuration? At least "server role" is missing and "server
>> services" contains "dnsupdate" which it should not with
>> SAMBA_INTERNAL.
>>
>> Do I have to worry about wins.dat missing? I don't have such a file.
>>
>> Best regards
>> Patrick
>>
>>
> Lets start with the obvious questions:
>
> What is the original OS ?
> What OS are you moving to ?
> What version of Samba is on the original OS ?
> and finally and most importantly, What is in the original smb.conf ?
the old server runs Ubuntu 18.04 (LTS) and samba 4.7.6-Ubuntu. I'd stick
with LTS, but it has the same issues, so I upgraded the new server to
Ubuntu 18.10 and samba 4.8.4
Configuration:
[global]
security = user
workgroup = WORKGROUP
netbios name = DC1
server string = %h server (Samba, Ubuntu)
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
panic action = /usr/share/samba/panic-action %d
server role = standalone server
passdb backend = ldapsam:ldap://localhost
ldap suffix = dc=domain,dc=de
ldap user suffix = ou=People
ldap group suffix = ou=Group
ldap machine suffix = ou=machines
ldap idmap suffix = ou=Idmap
ldap admin dn = cn=admin,dc=domain,dc=de
ldap ssl = off
ldap passwd sync = yes
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
and some shares, which should not matter.
Best regards
Patrick
More information about the samba
mailing list