Hi all, So I have openldap2-2.1.12-74 samba-2.2.7a-72
I would like to migrate this existing PDC service to a new server and to current production / stable releases (especially for windows 7 joining to the domain). New server is Debian Lenny stable. I have exported the domain SID, and ldap.ldif Now lets get down to it :-) Before importing should I do something about organizational units and so? How? > Import only data to LDAP no configs (slapcat->slapadd) slapadd -c -l slapcat.ldif I did this but attached errors showed up. Error, entries missing! entry 3: dc=people,dc=ExampleDomain,dc=it entry 4: dc=groups,dc=people,dc=ExampleDomain,dc=it I know nothing about ldap, but my ldap is probably missing some pre required settings ? :-/ Cheers! Giorgio > Configs yes, live data no, but if you have ldap it *should* be enough to > import ldif from old server, configure samba to use ldap and run smbpasswd > -W to store ldap admin dn pass to secrets.tdb. After that you can test if > samba see imported users in ldap (pdbedit -L). On 3/27/10, Vladimir Psenicka <vladimir.pseni...@prodeco.cz> wrote: > On Fri, 26 Mar 2010 15:32:50 +0100, GG <joj...@gmail.com> wrote: > > wow I made it! > > > > I copied net and all the libs it complained about from another suse > > server which was not missing it :-) > > > > [2010/03/26 15:07:37, 0] param/loadparm.c:map_parameter(2435) > > Unknown parameter encountered: "domain admin group" > > [2010/03/26 15:07:37, 0] param/loadparm.c:lp_do_parameter(3125) > > Ignoring unknown parameter "domain admin group" > > SID for domain ThisIsLikeTheHostNameOrMaybeAtestDomain??? > > is: S-1-5-21-1bla bla > > SID for domain THISISMYDOMAIN is: S-1-5-other-bla bla > > > > Which shall I import? > > > > Import both for sure:-). First is localsid, second is domainsid > > > So now back to mail number 2 :-) > > > > LDAP: I exported ldif :-) now > > I copied /etc/groups passwd shadow aliases > > > > now on the new server: > > > > how do I import LDAP and all its configs, > > samba and all its configs are only in smb.conf? > > > Import only data to LDAP no configs (slapcat->slapadd) > Configs yes, live data no, but if you have ldap it *should* be enough to > import ldif from old server, configure samba to use ldap and run smbpasswd > -W to store ldap admin dn pass to secrets.tdb. After that you can test if > samba see imported users in ldap (pdbedit -L). > > > :-) > > Giorgio > > > > > > > > On 3/26/10, Vladimir Psenicka <vladimir.pseni...@prodeco.cz> wrote: > >> Paste ldap admin dn or ldap suffix in your smb.conf > >> > >> Dne 26.3.2010 15:24, Vladimir Psenicka napsal(a): > >> > try this: > >> > > >> > ldapsearch -x -h localhost -D "cn=Manager,dc=WORKGROUP,dc=it" -W -b > >> > "sambaDomainName=WORKGROUP,dc=WORKGROUP,dc=it" > >> > > >> > Dne 26.3.2010 15:00, GG napsal(a): > >> >> Hello! > >> >> > >> >> I'm stuck on getdomainsid: Net command is missing even though libs > and > >> >> smbclient are installed. > >> >> > >> >> I tried this: > >> >> # ldapsearch -x -h localhost -D "cn=Manager,dc=domain,dc=it" -W -b > >> >> "sambaDomainName=WORKGROUP,dc=domain,dc=it" > >> >> Enter LDAP Password: > >> >> # extended LDIF > >> >> # > >> >> # LDAPv3 > >> >> # base <sambaDomainName=WORKGROUP,dc=domain,dc=it> with scope sub > >> >> # filter: (objectclass=*) > >> >> # requesting: ALL > >> >> # > >> >> > >> >> # search result > >> >> search: 2 > >> >> result: 34 Invalid DN syntax > >> >> text: invalid DN > >> >> > >> >> # numResponses: 1 > >> >> > >> >> So: I'm not sure what is sambaDomainName=domain,dc=domain,dc=it... > >> >> I used WORKGROUP as it is the domain we use on pcs and the only one > >> >> defined in smb.conf > >> >> > >> >> I also tried using my pdc HOSTNAME > >> >> > >> >> and this was returned > >> >> # LDAPv3 > >> >> # base <sambaDomainName=hostname,dc=domain,dc=it> with scope sub > >> >> # filter: (objectclass=*) > >> >> # requesting: ALL > >> >> # > >> >> > >> >> # search result > >> >> search: 2 > >> >> result: 34 Invalid DN syntax > >> >> text: invalid DN > >> >> > >> >> # numResponses: 1 > >> >> > >> >> Any way to get through this or how to use net command? Maybe > updating > >> >> samba-client? > >> >> > >> >> I tried rpm -i samba-client but it says > >> >> file /usr/share/man/man1/smbclient.1.gz from install of > >> >> samba-client-2.2.12-1.suse82 conflicts with file from package > >> >> samba-client-2.2.7a-72 when trying to rpm -i > samba-client-2.2.12-1.rpm > >> >> > >> >> I found also the original package but it says it is already > installed. > >> >> > >> >> What happens if I remove samba-client and reinstall it soon after on > >> >> the production pdc? > >> >> > >> >> > >> >> Giorgio > >> >> > >> >> On 3/26/10, Vladimir Psenicka <vladimir.pseni...@prodeco.cz> wrote: > >> >>> Dne 26.3.2010 13:50, GG napsal(a): > >> >>>> Hello! > >> >>>> > >> >>>>>> Have you samba-client package installed? > >> >>>>>> > >> >>>> > >> >>>> yes I do at least smbclient is there! but no net command :-/ > >> >>>> > >> >>>>>> pavouk\pseni...@psenicka:~> rpm -qf `which net` > >> >>>>>> samba-client-3.5.1-4.1.x86_64 > >> >>>> > >> >>>> So here are the issues encountered... > >> >>>> file /usr/share/man/man1/smbclient.1.gz from install of > >> >>>> samba-client-2.2.12-1.suse82 conflicts with file from package > >> >>>> samba-client-2.2.7a-72 when trying to rpm -i > >> >>>> samba-client-2.2.12-1.rpm > >> >>>> I found on net... > >> >>>> > >> >>>>>> > >> >>>>>> or you can dig domainsid from ldap > >> >>>> > >> >>>> This sounds interesting! How do I do that? > >> >>>> > >> >>> > >> >>> modify to your needs (domain): > >> >>> > >> >>> ldapsearch -x -h ldap -D "cn=admin,dc=domain,dc=cz" -W -b > >> >>> "sambaDomainName=domain,dc=domain,dc=cz" > >> >>> > >> >>> sambaSID: is your domainsid > >> >>> > >> >>> or you can use phpldapadmin to manage you ldap from browser > >> >>> > >> >>>> Thanks very much! > >> >>>> Giorgio > >> >>>> > >> >>>> On 3/26/10, GG <joj...@gmail.com> wrote<script > type="text/javascript" > src="https://mail.prodeco.cz/roundcube/program/js/tiny_mce/themes/advanced/langs/cs.js?s=1240817786"></script>: > >> >>>>> Hi! > >> >>>>> > >> >>>>> I'll be at it in a few minutes installing samba client / net > >> >>>>> command :-) > >> >>>>> > >> >>>>> I have a question about the samba sernet repos: > >> >>>>> Shall I apt-get remove samba and use > >> >>>>> http://enterprisesamba.com/index.php?id=148 + > >> >>>>> http://enterprisesamba.com/index.php?id=56 > >> >>>>> instead from start? > >> >>>>> > >> >>>>> What is the real advantage of sernet? What about installing > >> >>>>> official > >> >>>>> samba.org packages, are there differences with sernet > (stability?) > >> >>>>> or > >> >>>>> is it just a more liberal repository? > >> >>>>> > >> >>>>> Also I read > >> >>>>>>>> Ensure that all local user and group accounts that are used by > >> >>>>>>>> samba > >> >>>>>>>> have the same uid/gid. > >> >>>>> > >> >>>>> Shall I copy /etc/shadow and /etc/passwd over? other files for > >> >>>>> groups > >> >>>>> and users? > >> >>>>> > >> >>>>> I use rsync --verbose --progress --stats --compress --rsh=ssh \ > >> >>>>> --recursive --times --perms --links \ > >> >>>>> --owner --group --devices --specials \ > >> >>>>> --exclude-from '/root/exclude.txt (if any, not in this case > as > >> >>>>> I'm only syncing data dir)' \ > >> >>>>> r...@old_pdc:/DATA /DATA > >> >>>>> > >> >>>>> This should bring over every attribute set on files... correct? > >> >>>>> > >> >>>>> [[[did only partially in one case: I set up a twin install (fresh > >> >>>>> install then live cd and full rsync and after that I kept mbr, > but > >> >>>>> changed /boot and the /ect/fstab settings) and the server started > >> >>>>> etc.. LDAP did not work though: authentication was not > available... > >> >>>>> So I must be missing something or this rsync parameter set must > be > >> >>>>> missing something.. I had disconnected old PDC, set same IP and > >> >>>>> hostname to the VM well this worked well for other > virtualizations > >> >>>>> and > >> >>>>> in this PDC I need to upgrade to win7 compatible samba version > >> >>>>> anyway > >> >>>>> :-) > >> >>>>> This was another story but just to share it as it is an excellent > >> >>>>> way > >> >>>>> of migrating sometimes specially for machines you do not master > and > >> >>>>> this is my case very often.]]] > >> >>>>> > >> >>>>> Cheers, > >> >>>>> Giorgio > >> >>>>> > >> >>>>> On Fri, Mar 26, 2010 at 9:14 AM, Vladimir Psenicka > >> >>>>> <vladimir.pseni...@prodeco.cz> wrote: > >> >>>>>> Hi > >> >>>>>> > >> >>>>>> Dne 25.3.2010 17:41, GG napsal(a): > >> >>>>>>> Hello Vladimir, John and all the NG :-) > >> >>>>>>> Thanks so much for answering. I really hoped someone would :-) > >> >>>>>>> > >> >>>>>>> So I installed Debian latest stable netinst on the future > >> >>>>>>> production > >> >>>>>>> server and here are my issues in the quotes :-( no net command > >> >>>>>>> on my > >> >>>>>>> suse 8.2 > >> >>>>>>> > >> >>>>>>> Cheers :-) > >> >>>>>>> Giorgio > >> >>>>>>> > >> >>>>>>> > >> >>>>>>>> On Thu, Mar 25, 2010 at 14:00, John H Terpstra <*...@samba.org> > >> >>>>>>>> wrote: > >> >>>>>>>>> On 03/25/2010 03:33 AM, Vladimir Psenicka wrote: > >> >>>>>>>>> What about Debian Stable with Sernet samba repo, where you > can > >> >>>>>>>>> choose > >> >>>>>>>>> Samba 3.4.x or 3.5.x > >> >>>>>>>>> > >> >>>>>>>>> My hints on migrating to new server: > >> >>>>>>>>> > >> >>>>>>>>> 1. install new server (Samba,ldap etc.) > >> >>>>>>> > >> >>>>>>> done :-) Debian Stable netinst > >> >>>>>>> > >> >>>>>>>>> 2. set same hostname on new server > >> >>>>>>> My ignorance comes out :-) > >> >>>>>>> Must I set it different from the production server as FW points > >> >>>>>>> production.domain.com - I have clients using DNS=oldPDC and PDC > >> >>>>>>> forwards queries to FW. FW has pdc.domain.com defined to point > >> >>>>>>> to lan > >> >>>>>>> ip. > >> >>>>>>> > >> >>>>>> > >> >>>>>> Ok, can be changed later > >> >>>>>> > >> >>>>>>>>> 3. export ldap data from old server and import them to new > >> >>>>>>>>> server > >> >>>>>>> > >> >>>>>>> slapcat -f /etc/openldap/ldap.conf -l /ldap.ldif > >> >>>>>>> OK > >> >>>>>>> > >> >>>>>>>> Ensure that all local user and group accounts that are used by > >> >>>>>>>> samba > >> >>>>>>>> have the same uid/gid. > >> >>>>>>> my ignorance again... another hint? > >> >>>>>>>> > >> >>>>>>>>> 4. export SID (net getlocalsid) and set it on new server (net > >> >>>>>>>>> setlocalsid oldsid) > >> >>>>>>>> > >> >>>>>>>> Note: > >> >>>>>>>> net getdomainsid (on old server) > >> >>>>>>>> net setdomainsid (on new server) > >> >>>>>>> thanks :-) > >> >>>>>>> > >> >>>>>>> # net getdomainsid > >> >>>>>>> -bash: net: command not found :-( and not found in yast > >> >>>>>>> > >> >>>>>>> I understand it has to do with extracting the sid from > >> >>>>>>> /etc/samba/secrets.tdb but how do I install the command? suse > >> >>>>>>> 8.2 yast > >> >>>>>>> has now net package and googling net is.. well wow! > >> >>>>>>> > >> >>>>>> > >> >>>>>> Have you samba-client package installed? > >> >>>>>> > >> >>>>>> pavouk\pseni...@psenicka:~> rpm -qf `which net` > >> >>>>>> samba-client-3.5.1-4.1.x86_64 > >> >>>>>> > >> >>>>>> or you can dig domainsid from ldap > >> >>>>>> > >> >>>>>>>>> 5. configure samba on new server as PDC with ldap and shares > >> >>>>>>>>> in smb.conf > >> >>>>>>>>> from old samba smb.conf (check with testparm) > >> >>>>>>> > >> >>>>>>> I see it only contains shares so I bet smb.conf would just keep > >> >>>>>>> all > >> >>>>>>> the old settings rigth? /DATA will be rsynced > >> >>>>>>> > >> >>>>>> > >> >>>>>> Maybe smb.conf from Samba2 is too different from Samba 3. I will > >> >>>>>> keep > >> >>>>>> current smb.conf on new server and add only shares from old > >> >>>>>> smb.conf to > >> >>>>>> new smb.conf. > >> >>>>>> > >> >>>>>>>>> 6. stop samba on old server > >> >>>>>>>>> 7. copy all data (with perms) and netlogon share to new > server > >> >>>>>>>>> 8. stop old server > >> >>>>>>>>> 9. start samba on new server a check everything is working > >> >>>>>>>>> fine (domain > >> >>>>>>>>> logon from windows box, shares and perms) > >> >>>>>>>>> > >> >>>>>>>>> This can be done best when no users are logged in samba > (maybe > >> >>>>>>>>> at weekend?) > >> >>>>>>>>> > >> >>>>>>>>> P.S. We have ubuntu 8.04 as PDC and Windows 7 can't join to > >> >>>>>>>>> domain > >> >>>>>>> > >> >>>>>>> thanks I move to Debian with ease :-) ubuntu is a great deb > >> >>>>>>> derived right? > >> >>>>>>> > >> >>>>>> Ubuntu 8.04 LTS is now older than Debian Stable. When Ubuntu > >> >>>>>> 10.04 LTS > >> >>>>>> comes out this will be no longer truth. > >> >>>>>> > >> >>>>>>>> Check http://wiki.samba.org for info regarding Windows 7. > >> >>>>>>>> > >> >>>>>>>> Cheers, > >> >>>>>>>> John T. > >> >>>>>>>> > >> >>>>>>>>> Dne 25.3.2010 01:05, GG napsal(a): > >> >>>>>>>>>> Hello Vladimir and hi all, > >> >>>>>>>>>> > >> >>>>>>>>>> Thanks very much for replying! > >> >>>>>>>>>> > >> >>>>>>>>>> Any suggested os? I'd go for debian or what advised, I just > >> >>>>>>>>>> happen to > >> >>>>>>>>>> know ubuntu more... > >> >>>>>>>>>> > >> >>>>>>>>>> > >> >>>>>>>>>> Any strategy or hint on migrating from ancient ldap + samba > >> >>>>>>>>>> to a new server? > >> >>>>>>>>>> Already tried rsyncing (using all options to keep perms and > >> >>>>>>>>>> attributes > >> >>>>>>>>>> grp own mod etc) on a twin v-machine but server starts and > >> >>>>>>>>>> the ldap > >> >>>>>>>>>> auth fails to work :-( > >> >>>>>>>>>> > >> >>>>>>>>>> I'm a bit stuck at the moment :-( and I have posponed the > >> >>>>>>>>>> problem for > >> >>>>>>>>>> too long grrr > >> >>>>>>>>>> > >> >>>>>>>>>> Giorgio > >> >>>>>>>>>> > >> >>>>>>>>>> On Wed, Mar 24, 2010 at 9:20 AM, Vladimir Psenicka > >> >>>>>>>>>> <vladimir.pseni...@prodeco.cz> wrote: > >> >>>>>>>>>>> Dne 23.3.2010 15:48, Giorgio napsal(a): > >> >>>>>>>>>>>> Hello, > >> >>>>>>>>>>>> Hopefully I'm in the right place asking for help :-) > >> >>>>>>>>>>>> > >> >>>>>>>>>>>> I need to move from an old physical Suse 8.2 - samba 2.2.7 > >> >>>>>>>>>>>> + ldap - to > >> >>>>>>>>>>>> latest samba versions, I would like to use an ubuntu 8.04 > >> >>>>>>>>>>>> virtual machine. > >> >>>>>>>>>>>> > >> >>>>>>>>>>>> The domain is in production on the physical server, to be > >> >>>>>>>>>>>> dismissed after > >> >>>>>>>>>>>> migration. It is also the file server!!! so /DATA/ has all > >> >>>>>>>>>>>> shared and > >> >>>>>>>>>>>> permission driven file access.. > >> >>>>>>>>>>>> > >> >>>>>>>>>>>> I was following > >> >>>>>>>>>>>> https://help.ubuntu.com/8.10/serverguide/C/samba-dc.html > but > >> >>>>>>>>>>>> I realize I am in a different scenario... > >> >>>>>>>>>>>> > >> >>>>>>>>>>>> Production so no errors are admitted :-(, migration to new > >> >>>>>>>>>>>> os and versions.. > >> >>>>>>>>>>>> all at once? > >> >>>>>>>>>>>> > >> >>>>>>>>>>>> I have a dump of the physical server (dd sda mbr and > single > >> >>>>>>>>>>>> partitions :) > >> >>>>>>>>>>>> plus an rsync with all permissions daily backup, just to > be > >> >>>>>>>>>>>> safe ;) > >> >>>>>>>>>>>> > >> >>>>>>>>>>>> > >> >>>>>>>>>>>> What would you guru's suggest as a strategy? > >> >>>>>>>>>>>> > >> >>>>>>>>>>>> Can I create a new server and add it as secondary domain > >> >>>>>>>>>>>> controller and then > >> >>>>>>>>>>>> once the replica is up? I'd feel quite comfortable with > >> >>>>>>>>>>>> this method. > >> >>>>>>>>>>>> > >> >>>>>>>>>>>> BTW I need a new version of samba as they have already > >> >>>>>>>>>>>> bought Windows 7 > >> >>>>>>>>>>>> boxes (without asking if they were supported arrgh). > >> >>>>>>>>>>>> > >> >>>>>>>>>>>> Thanks to all of you who read or answered :-) > >> >>>>>>>>>>>> > >> >>>>>>>>>>>> Gio > >> >>>>>>>>>>> > >> >>>>>>>>>>> Hi. > >> >>>>>>>>>>> > >> >>>>>>>>>>> Ubuntu 8.10 is bad idea if you will be connecting Windows 7 > >> >>>>>>>>>>> into domain, > >> >>>>>>>>>>> because of old Samba version. Samba 3.4.x or 3.5.x is > >> >>>>>>>>>>> recommended for > >> >>>>>>>>>>> Win7. Wait for Ubuntu 10.04 LTS (next month) if you want > >> >>>>>>>>>>> Ubuntu. > >> >>>>>>>>>>> > >> >>>>>>>>>>> -- > >> >>>>>>>>>>> Vladimir Psenicka > >> >>>>>>>>>>> -- > >> >>>>>>>>>>> To unsubscribe from this list go to the following URL and > >> >>>>>>>>>>> read the > >> >>>>>>>>>>> instructions: > https://lists.samba.org/mailman/options/samba > >> >>>>>>>>>>> > >> >>>>>>>>> > >> >>>>>>>>> > >> >>>>>>>> > >> >>>>>>>> -- > >> >>>>>>>> To unsubscribe from this list go to the following URL and read > >> >>>>>>>> the > >> >>>>>>>> instructions: https://lists.samba.org/mailman/options/samba > >> >>>>>> > >> >>>>>> > >> >>>>>> -- > >> >>>>>> Vladimir Psenicka > >> >>>>>> IT system engineer > >> >>>>>> PRODECO, a.s. > >> >>>>>> Tel.: 417 633 762 > >> >>>>>> -- > >> >>>>>> To unsubscribe from this list go to the following URL and read > the > >> >>>>>> instructions: https://lists.samba.org/mailman/options/samba > >> >>>>>> > >> >>>>> > >> >>> > >> >>> > >> >>> -- > >> >>> Vladimir Psenicka > >> >>> IT system engineer > >> >>> PRODECO, a.s. > >> >>> Tel.: 417 633 762 > >> >>> -- > >> >>> To unsubscribe from this list go to the following URL and read the > >> >>> instructions: https://lists.samba.org/mailman/options/samba > >> >>> > >> > > >> > > >> > >> > >> -- > >> Vladimir Psenicka > >> IT system engineer > >> PRODECO, a.s. > >> Tel.: 417 633 762 > >> -- > >> To unsubscribe from this list go to the following URL and read the > >> instructions: https://lists.samba.org/mailman/options/samba > >> > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba