[Samba] Moving users from a Samba 3.6 to 4.9 (tdb)

Fri Oct 9 06:58:40 UTC 2020

Yes, without full config this is hard to analyze.. 
Smb.conf maybe some logs parts if there is something in the logs.. 

Now, TP starter said. 
> I copied system users and group, then /var/lib/samba/*.tdb  

Here im pointing to the "users" and "groups" 
What exactly did you copy? Only the passwd and groups ? 
Did you make sure you only copied the UID/GIDS above 1000? 
Because the numbers below it do change per install. 

You also know there is a "shadow" file? 
Did you test if you can login with the copies users ( if allowed and needed ) 

These are the important once.. 
accounts: /etc/passwd
passwords: /etc/shadow
groups and memberships: /etc/group
group passwords: /etc/gshadow
/etc/samba/*
/var/lib/samba/*

This one has a good and valid set to move accounts. 
https://www.cyberciti.biz/faq/howto-move-migrate-user-accounts-old-to-new-server/ 

Debian and Ubuntu Linux : Default is 1000 and upper limit is 29999 (/etc/adduser.conf).
Only that part, the upper limit is now 59999 

And have you seen? 
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server#Creating_a_Local_User_Account  
I dont think the underlaying problem here is samba, but how its copied. 

I say review above with the steps you did, you missed something. ( but thats clear already ) :-/ 

Greetz, 

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Rowland penny via samba
> Verzonden: donderdag 8 oktober 2020 19:32
> Aan: sambalist
> Onderwerp: Re: [Samba] Moving users from a Samba 3.6 to 4.9 (tdb)
> 
> On 08/10/2020 17:49, Emmanuel Florac wrote:
> > Le Thu, 8 Oct 2020 17:37:38 +0100
> > Rowland penny via samba <samba at lists.samba.org> écrivait:
> >
> >> On 08/10/2020 17:25, Emmanuel Florac via samba wrote:
> >>> But it's not a domain, no LDAP, no AD. Just a standalone server,
> >>> migrating to another standalone server. Should I do 
> something using
> >>> Samba tool?
> >> No, samba-tool is only used with AD.
> >>
> >> As far as I am aware, the standalone server hasn't changed 
> that much
> >> between 3.6 and 4.9 (both of which are EOL as far as Samba is
> >> concerned), so your method probably should have worked.
> >>
> >> What OS are you using ?
> > Debian, the old server running Debian 7 and the new one Debian 10
> > (current stable).
> >   
> >> Have you checked the file ownership on the files you copied ?
> > Yes, they belong to root, 600 access rights on both systems.
> >   
> >> What is in your smb.conf ?
> >>
> >> I take it that it isn't so much getting Samba to work, it 
> is the file
> >> ownership.
> > The smb.conf are quite different, because the old one 
> doesn't work out
> > of the box with the new machine.
> >
> > The main differences are:
> >
> > old box:
> >
> >      winbind separator = +
> >      winbind enum users = yes
> >      winbind enum groups = yes
> >      winbind cache time = 10
> >      idmap uid = 10000-20000
> >      idmap gid = 10000-20000
> >
> > (no idmap or winbind custom settings on the new one)
> >
> > Old box :
> >
> >      unix password sync = false
> >
> > New:
> >
> >      unix password sync = true
> >
> > Maybe that's the culprit? I don't really know what this 
> setting does.
> 
> You do not normally run winbind on standalone server, so I think you 
> need to post the [global] portion of your old smb.conf, so we 
> can find 
> out just what you are running.
> 
> Rowland
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 