[Samba] Classic Upgrade changes domain SID
Peter Koch
sambamailinglist at gmail.com
Sun Aug 27 10:56:28 UTC 2023
Dear Rowland:
Thanks for the quick response
> Can you please post the command that you used to carry out the classic
here's what I did:
1) Old WORKGROUP is NAV, old NETBIOS NAME is SERV00,
old fqdn is v480.naev.de, so I decided to use:
- new domain = NAV
- new realm = NAV.NAEV.DE
- new netbios name = NS1 (or SERV00)
- fqdn of new server = ns1.nav.naev.de (or serv00.nav.naev.de)
2) removed ISO-8859 special characters from users fullnames
3) delete group mappings for windows standard groups (in particular
Domain Admins)
4) Copied smb.conf, secrets.tdb, schannel_store.tdb, passdb.tdb,
group_mapping.tdb,
account_policy.tdb, /etc/passwd, /etc/group from old server to /var/samba/NT4-DC
directory of new server
5) created all samba-related user-accounts, groups and groupmappings with:
(awk -F: '$3>=200 && $3<60000{print "groupadd -g",$3,$1}'
/var/samba/NT4-DC/group | sort
awk -F: '$3>=500 && $3<20000{g=$4;if(g==65534)g="nogroup"; print
"useradd -u",$3,"-g",g,"\x27"$1"\x27"}' /var/samba/NT4-DC/passwd |
sort
awk -F: '$3>=200 && $3<60000{split($4,a,",");for(i in a) print
"usermod -aG",$1,a[i]}' /var/samba/NT4-DC/group
) | sh
6) replaced SERV00 by the netbios name of the new server (i.e. NS1) in
/var/samba/NT4-DC/smb.conf
7) Started classic upgrade:
cd /var/samba
kill `cat /var/samba/run/samba.pid`
rm -rf private/* smb.conf log.* sysvol
/usr/samba/bin/samba-tool domain classicupgrade \
--dbdir=/var/samba/NT4-DC/ \
--realm=NAV.NAEV.DE \
--dns-backend=SAMBA_INTERNAL \
/var/samba/NT4-DC/smb.conf
Here's the output:
INFO 2023-08-27 12:43:39,895 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/netcmd/domain.py #1666:
Reading smb.conf
lpcfg_do_global_parameter: WARNING: The "syslog" option is deprecated
lpcfg_do_global_parameter: WARNING: The "domain logons" option is deprecated
INFO 2023-08-27 12:43:39,898 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/netcmd/domain.py #1670:
Provisioning
INFO 2023-08-27 12:43:39,905 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #507:
Exporting account policy
INFO 2023-08-27 12:43:39,906 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #511:
Exporting groups
WARNING 2023-08-27 12:43:39,926 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #534:
Ignoring group 'notare'
S-1-5-21-1415314133-2460755331-2761616138-21015 listed but then not
found: Unable to enumerate group members, (-1073741722,The specified
group does not exist.)
WARNING 2023-08-27 12:43:39,935 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #534:
Ignoring group 'sap' S-1-5-21-1415314133-2460755331-2761616138-21061
listed but then not found: Unable to enumerate group members,
(-1073741722,The specified group does not exist.)
WARNING 2023-08-27 12:43:39,935 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #534:
Ignoring group 'control'
S-1-5-21-1415314133-2460755331-2761616138-21045 listed but then not
found: Unable to enumerate group members, (-1073741722,The specified
group does not exist.)
INFO 2023-08-27 12:43:39,940 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #557:
Exporting users
INFO 2023-08-27 12:43:40,231 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #567:
Skipping wellknown rid=501 (for username=nobody)
INFO 2023-08-27 12:43:41,842 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #638: Next
rid = 31031
INFO 2023-08-27 12:43:41,847 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #681:
Exporting posix attributes
INFO 2023-08-27 12:43:42,344 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #716:
Reading WINS database
WARNING 2023-08-27 12:43:42,344 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #721: Cannot
open wins database, Ignoring: [Errno 2] No such file or directory:
'/var/samba/NT4-DC/wins.dat'
INFO 2023-08-27 12:43:42,347 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#2108: Looking up IPv4 addresses
INFO 2023-08-27 12:43:42,348 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#2125: Looking up IPv6 addresses
WARNING 2023-08-27 12:43:42,348 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#2132: No IPv6 address will be assigned
INFO 2023-08-27 12:43:43,048 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#2274: Setting up share.ldb
INFO 2023-08-27 12:43:43,252 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#2278: Setting up secrets.ldb
INFO 2023-08-27 12:43:43,396 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#2283: Setting up the registry
INFO 2023-08-27 12:43:44,594 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#2286: Setting up the privileges database
INFO 2023-08-27 12:43:44,984 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#2289: Setting up idmap db
INFO 2023-08-27 12:43:45,255 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#2296: Setting up SAM db
INFO 2023-08-27 12:43:45,300 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#880: Setting up sam.ldb partitions and settings
INFO 2023-08-27 12:43:45,301 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#892: Setting up sam.ldb rootDSE
INFO 2023-08-27 12:43:45,345 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#1305: Pre-loading the Samba 4 and AD schema
Unable to determine the DomainSID, can not enforce uniqueness
constraint on local domainSIDs
INFO 2023-08-27 12:43:45,544 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#1383: Adding DomainDN: DC=nav,DC=naev,DC=de
INFO 2023-08-27 12:43:45,612 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#1415: Adding configuration container
INFO 2023-08-27 12:43:45,679 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#1430: Setting up sam.ldb schema
INFO 2023-08-27 12:43:56,781 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#1448: Setting up sam.ldb configuration data
INFO 2023-08-27 12:43:57,175 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#1489: Setting up display specifiers
INFO 2023-08-27 12:44:04,609 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#1497: Modifying display specifiers and extended rights
INFO 2023-08-27 12:44:04,713 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#1504: Adding users container
INFO 2023-08-27 12:44:04,717 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#1510: Modifying users container
INFO 2023-08-27 12:44:04,719 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#1513: Adding computers container
INFO 2023-08-27 12:44:04,723 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#1519: Modifying computers container
INFO 2023-08-27 12:44:04,725 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#1523: Setting up sam.ldb data
INFO 2023-08-27 12:44:05,088 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#1553: Setting up well known security principals
INFO 2023-08-27 12:44:05,258 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#1567: Setting up sam.ldb users and groups
INFO 2023-08-27 12:44:05,968 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#1575: Setting up self join
Repacking database from v1 to v2 format (first record
CN=ms-DS-ManagedPasswordPreviousId,CN=Schema,CN=Configuration,DC=nav,DC=naev,DC=de)
Repack: re-packed 10000 records so far
Repacking database from v1 to v2 format (first record
CN=sitesContainer-Display,CN=41F,CN=DisplaySpecifiers,CN=Configuration,DC=nav,DC=naev,DC=de)
Repacking database from v1 to v2 format (first record
CN=8ddf6913-1c7b-4c59-a5af-b9ca3b3d2c4c,CN=Operations,CN=DomainUpdates,CN=System,DC=nav,DC=naev,DC=de)
INFO 2023-08-27 12:44:08,346 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#1969: Setting acl on sysvol skipped
INFO 2023-08-27 12:44:08,413 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/provision/sambadns.py
#1198: Adding DNS accounts
INFO 2023-08-27 12:44:08,550 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/provision/sambadns.py
#1232: Creating CN=MicrosoftDNS,CN=System,DC=nav,DC=naev,DC=de
INFO 2023-08-27 12:44:08,590 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/provision/sambadns.py
#1245: Creating DomainDnsZones and ForestDnsZones partitions
INFO 2023-08-27 12:44:08,738 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/provision/sambadns.py
#1250: Populating DomainDnsZones and ForestDnsZones partitions
Repacking database from v1 to v2 format (first record
DC=m.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=nav,DC=naev,DC=de)
Repacking database from v1 to v2 format (first record
DC=_kerberos._tcp.dc,DC=_msdcs.nav.naev.de,CN=MicrosoftDNS,DC=ForestDnsZones,DC=nav,DC=naev,DC=de)
INFO 2023-08-27 12:44:10,269 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#2012: Setting up sam.ldb rootDSE marking as synchronized
INFO 2023-08-27 12:44:10,401 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#2017: Fixing provision GUIDs
INFO 2023-08-27 12:44:12,992 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#2348: A Kerberos configuration suitable for Samba AD has been
generated at /var/samba/private/krb5.conf
INFO 2023-08-27 12:44:12,993 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#2350: Merge the contents of this file with your system krb5.conf or
replace it with this one. Do not create a symlink!
INFO 2023-08-27 12:44:13,405 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#2082: Setting up fake yp server settings
INFO 2023-08-27 12:44:13,659 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#487: Once the above files are installed, your Samba AD server will be
ready to use
INFO 2023-08-27 12:44:13,660 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#492: Server Role: active directory domain controller
INFO 2023-08-27 12:44:13,660 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#493: Hostname: serv00
INFO 2023-08-27 12:44:13,660 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#494: NetBIOS Domain: NAV
INFO 2023-08-27 12:44:13,660 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#495: DNS Domain: nav.naev.de
INFO 2023-08-27 12:44:13,660 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#496: DOMAIN SID:
S-1-5-352321536-3589954388-2200284306-183212708
INFO 2023-08-27 12:44:13,660 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #747:
Importing WINS database
INFO 2023-08-27 12:44:13,660 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #753:
Importing Account policy
INFO 2023-08-27 12:44:13,732 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #757:
Importing idmap database
WARNING 2023-08-27 12:44:13,732 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #218: Cannot
open idmap database, Ignoring: [Errno 2] No such file or directory
INFO 2023-08-27 12:44:14,144 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #773: Adding
groups
INFO 2023-08-27 12:44:14,145 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #776:
Importing groups
WARNING 2023-08-27 12:44:14,284 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #267: Group
already exists sid=S-1-5-32-550, groupname=Print Operators
existing_groupname=Print Operators, Ignoring.
INFO 2023-08-27 12:44:14,421 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #789:
Committing 'add groups' transaction to disk
INFO 2023-08-27 12:44:14,838 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #792: Adding
users
INFO 2023-08-27 12:44:14,839 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #795:
Importing users
WARNING 2023-08-27 12:44:51,050 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #805: User
root has been kept in the directory, it should be removed in favour of
the Administrator user
INFO 2023-08-27 12:47:57,275 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #815: Adding
users to groups
INFO 2023-08-27 12:47:58,328 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #829:
Committing 'add users to groups' transaction to disk
INFO 2023-08-27 12:47:58,524 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #834:
Setting password for administrator
INFO 2023-08-27 12:47:58,591 pid:14448
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #843:
Administrator password has been set to password of user 'root'
One more thing: The new domain SID is different from the old one.
But it does not even start with S-1-5-21 !!!
Peter
More information about the samba
mailing list