Hi Gorgio Dne 2.4.2010 17:01, GG napsal(a): > Hi all, > > So I have > openldap2-2.1.12-74 > samba-2.2.7a-72 > > I would like to migrate this existing PDC service to a new server and > to current production / stable releases (especially for windows 7 > joining to the domain). > > New server is Debian Lenny stable. > > I have exported the domain SID, and ldap.ldif > > Now lets get down to it :-) > Before importing should I do something about organizational units and so? How? > >> Import only data to LDAP no configs (slapcat->slapadd) > slapadd -c -l slapcat.ldif > I did this but attached errors showed up. > > Error, entries missing! > entry 3: dc=people,dc=ExampleDomain,dc=it > entry 4: dc=groups,dc=people,dc=ExampleDomain,dc=it
Can you post first 100 lines of your ldif you try to import? You probably missing some base ldif. > > > I know nothing about ldap, but my ldap is probably missing some pre > required settings ? :-/ > Can you post slapd.conf also? > Cheers! > Giorgio > >> Configs yes, live data no, but if you have ldap it *should* be enough to >> import ldif from old server, configure samba to use ldap and run smbpasswd >> -W to store ldap admin dn pass to secrets.tdb. After that you can test if >> samba see imported users in ldap (pdbedit -L). > > > > > > > On 3/27/10, Vladimir Psenicka <vladimir.pseni...@prodeco.cz> wrote: >> On Fri, 26 Mar 2010 15:32:50 +0100, GG <joj...@gmail.com> wrote: >>> wow I made it! >>> >>> I copied net and all the libs it complained about from another suse >>> server which was not missing it :-) >>> >>> [2010/03/26 15:07:37, 0] param/loadparm.c:map_parameter(2435) >>> Unknown parameter encountered: "domain admin group" >>> [2010/03/26 15:07:37, 0] param/loadparm.c:lp_do_parameter(3125) >>> Ignoring unknown parameter "domain admin group" >>> SID for domain ThisIsLikeTheHostNameOrMaybeAtestDomain??? >>> is: S-1-5-21-1bla bla >>> SID for domain THISISMYDOMAIN is: S-1-5-other-bla bla >>> >>> Which shall I import? >>> >> >> Import both for sure:-). First is localsid, second is domainsid >> >>> So now back to mail number 2 :-) >>> >>> LDAP: I exported ldif :-) now >>> I copied /etc/groups passwd shadow aliases >>> >>> now on the new server: >>> >>> how do I import LDAP and all its configs, >>> samba and all its configs are only in smb.conf? >>> >> Import only data to LDAP no configs (slapcat->slapadd) >> Configs yes, live data no, but if you have ldap it *should* be enough to >> import ldif from old server, configure samba to use ldap and run smbpasswd >> -W to store ldap admin dn pass to secrets.tdb. After that you can test if >> samba see imported users in ldap (pdbedit -L). >> >>> :-) >>> Giorgio >>> >>> >>> >>> On 3/26/10, Vladimir Psenicka <vladimir.pseni...@prodeco.cz> wrote: >>>> Paste ldap admin dn or ldap suffix in your smb.conf >>>> >>>> Dne 26.3.2010 15:24, Vladimir Psenicka napsal(a): >>>>> try this: >>>>> >>>>> ldapsearch -x -h localhost -D "cn=Manager,dc=WORKGROUP,dc=it" -W -b >>>>> "sambaDomainName=WORKGROUP,dc=WORKGROUP,dc=it" >>>>> >>>>> Dne 26.3.2010 15:00, GG napsal(a): >>>>>> Hello! >>>>>> >>>>>> I'm stuck on getdomainsid: Net command is missing even though libs >> and >>>>>> smbclient are installed. >>>>>> >>>>>> I tried this: >>>>>> # ldapsearch -x -h localhost -D "cn=Manager,dc=domain,dc=it" -W -b >>>>>> "sambaDomainName=WORKGROUP,dc=domain,dc=it" >>>>>> Enter LDAP Password: >>>>>> # extended LDIF >>>>>> # >>>>>> # LDAPv3 >>>>>> # base <sambaDomainName=WORKGROUP,dc=domain,dc=it> with scope sub >>>>>> # filter: (objectclass=*) >>>>>> # requesting: ALL >>>>>> # >>>>>> >>>>>> # search result >>>>>> search: 2 >>>>>> result: 34 Invalid DN syntax >>>>>> text: invalid DN >>>>>> >>>>>> # numResponses: 1 >>>>>> >>>>>> So: I'm not sure what is sambaDomainName=domain,dc=domain,dc=it... >>>>>> I used WORKGROUP as it is the domain we use on pcs and the only one >>>>>> defined in smb.conf >>>>>> >>>>>> I also tried using my pdc HOSTNAME >>>>>> >>>>>> and this was returned >>>>>> # LDAPv3 >>>>>> # base <sambaDomainName=hostname,dc=domain,dc=it> with scope sub >>>>>> # filter: (objectclass=*) >>>>>> # requesting: ALL >>>>>> # >>>>>> >>>>>> # search result >>>>>> search: 2 >>>>>> result: 34 Invalid DN syntax >>>>>> text: invalid DN >>>>>> >>>>>> # numResponses: 1 >>>>>> >>>>>> Any way to get through this or how to use net command? Maybe >> updating >>>>>> samba-client? >>>>>> >>>>>> I tried rpm -i samba-client but it says >>>>>> file /usr/share/man/man1/smbclient.1.gz from install of >>>>>> samba-client-2.2.12-1.suse82 conflicts with file from package >>>>>> samba-client-2.2.7a-72 when trying to rpm -i >> samba-client-2.2.12-1.rpm >>>>>> >>>>>> I found also the original package but it says it is already >> installed. >>>>>> >>>>>> What happens if I remove samba-client and reinstall it soon after on >>>>>> the production pdc? >>>>>> >>>>>> >>>>>> Giorgio >>>>>> >>>>>> On 3/26/10, Vladimir Psenicka <vladimir.pseni...@prodeco.cz> wrote: >>>>>>> Dne 26.3.2010 13:50, GG napsal(a): >>>>>>>> Hello! >>>>>>>> >>>>>>>>>> Have you samba-client package installed? >>>>>>>>>> >>>>>>>> >>>>>>>> yes I do at least smbclient is there! but no net command :-/ >>>>>>>> >>>>>>>>>> pavouk\pseni...@psenicka:~> rpm -qf `which net` >>>>>>>>>> samba-client-3.5.1-4.1.x86_64 >>>>>>>> >>>>>>>> So here are the issues encountered... >>>>>>>> file /usr/share/man/man1/smbclient.1.gz from install of >>>>>>>> samba-client-2.2.12-1.suse82 conflicts with file from package >>>>>>>> samba-client-2.2.7a-72 when trying to rpm -i >>>>>>>> samba-client-2.2.12-1.rpm >>>>>>>> I found on net... >>>>>>>> >>>>>>>>>> >>>>>>>>>> or you can dig domainsid from ldap >>>>>>>> >>>>>>>> This sounds interesting! How do I do that? >>>>>>>> >>>>>>> >>>>>>> modify to your needs (domain): >>>>>>> >>>>>>> ldapsearch -x -h ldap -D "cn=admin,dc=domain,dc=cz" -W -b >>>>>>> "sambaDomainName=domain,dc=domain,dc=cz" >>>>>>> >>>>>>> sambaSID: is your domainsid >>>>>>> >>>>>>> or you can use phpldapadmin to manage you ldap from browser >>>>>>> >>>>>>>> Thanks very much! >>>>>>>> Giorgio >>>>>>>> >>>>>>>> On 3/26/10, GG <joj...@gmail.com> wrote<script >> type="text/javascript" >> src="https://mail.prodeco.cz/roundcube/program/js/tiny_mce/themes/advanced/langs/cs.js?s=1240817786"></script>: >>>>>>>>> Hi! >>>>>>>>> >>>>>>>>> I'll be at it in a few minutes installing samba client / net >>>>>>>>> command :-) >>>>>>>>> >>>>>>>>> I have a question about the samba sernet repos: >>>>>>>>> Shall I apt-get remove samba and use >>>>>>>>> http://enterprisesamba.com/index.php?id=148 + >>>>>>>>> http://enterprisesamba.com/index.php?id=56 >>>>>>>>> instead from start? >>>>>>>>> >>>>>>>>> What is the real advantage of sernet? What about installing >>>>>>>>> official >>>>>>>>> samba.org packages, are there differences with sernet >> (stability?) >>>>>>>>> or >>>>>>>>> is it just a more liberal repository? >>>>>>>>> >>>>>>>>> Also I read >>>>>>>>>>>> Ensure that all local user and group accounts that are used by >>>>>>>>>>>> samba >>>>>>>>>>>> have the same uid/gid. >>>>>>>>> >>>>>>>>> Shall I copy /etc/shadow and /etc/passwd over? other files for >>>>>>>>> groups >>>>>>>>> and users? >>>>>>>>> >>>>>>>>> I use rsync --verbose --progress --stats --compress --rsh=ssh \ >>>>>>>>> --recursive --times --perms --links \ >>>>>>>>> --owner --group --devices --specials \ >>>>>>>>> --exclude-from '/root/exclude.txt (if any, not in this case >> as >>>>>>>>> I'm only syncing data dir)' \ >>>>>>>>> r...@old_pdc:/DATA /DATA >>>>>>>>> >>>>>>>>> This should bring over every attribute set on files... correct? >>>>>>>>> >>>>>>>>> [[[did only partially in one case: I set up a twin install (fresh >>>>>>>>> install then live cd and full rsync and after that I kept mbr, >> but >>>>>>>>> changed /boot and the /ect/fstab settings) and the server started >>>>>>>>> etc.. LDAP did not work though: authentication was not >> available... >>>>>>>>> So I must be missing something or this rsync parameter set must >> be >>>>>>>>> missing something.. I had disconnected old PDC, set same IP and >>>>>>>>> hostname to the VM well this worked well for other >> virtualizations >>>>>>>>> and >>>>>>>>> in this PDC I need to upgrade to win7 compatible samba version >>>>>>>>> anyway >>>>>>>>> :-) >>>>>>>>> This was another story but just to share it as it is an excellent >>>>>>>>> way >>>>>>>>> of migrating sometimes specially for machines you do not master >> and >>>>>>>>> this is my case very often.]]] >>>>>>>>> >>>>>>>>> Cheers, >>>>>>>>> Giorgio >>>>>>>>> >>>>>>>>> On Fri, Mar 26, 2010 at 9:14 AM, Vladimir Psenicka >>>>>>>>> <vladimir.pseni...@prodeco.cz> wrote: >>>>>>>>>> Hi >>>>>>>>>> >>>>>>>>>> Dne 25.3.2010 17:41, GG napsal(a): >>>>>>>>>>> Hello Vladimir, John and all the NG :-) >>>>>>>>>>> Thanks so much for answering. I really hoped someone would :-) >>>>>>>>>>> >>>>>>>>>>> So I installed Debian latest stable netinst on the future >>>>>>>>>>> production >>>>>>>>>>> server and here are my issues in the quotes :-( no net command >>>>>>>>>>> on my >>>>>>>>>>> suse 8.2 >>>>>>>>>>> >>>>>>>>>>> Cheers :-) >>>>>>>>>>> Giorgio >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>> On Thu, Mar 25, 2010 at 14:00, John H Terpstra <*...@samba.org> >>>>>>>>>>>> wrote: >>>>>>>>>>>>> On 03/25/2010 03:33 AM, Vladimir Psenicka wrote: >>>>>>>>>>>>> What about Debian Stable with Sernet samba repo, where you >> can >>>>>>>>>>>>> choose >>>>>>>>>>>>> Samba 3.4.x or 3.5.x >>>>>>>>>>>>> >>>>>>>>>>>>> My hints on migrating to new server: >>>>>>>>>>>>> >>>>>>>>>>>>> 1. install new server (Samba,ldap etc.) >>>>>>>>>>> >>>>>>>>>>> done :-) Debian Stable netinst >>>>>>>>>>> >>>>>>>>>>>>> 2. set same hostname on new server >>>>>>>>>>> My ignorance comes out :-) >>>>>>>>>>> Must I set it different from the production server as FW points >>>>>>>>>>> production.domain.com - I have clients using DNS=oldPDC and PDC >>>>>>>>>>> forwards queries to FW. FW has pdc.domain.com defined to point >>>>>>>>>>> to lan >>>>>>>>>>> ip. >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Ok, can be changed later >>>>>>>>>> >>>>>>>>>>>>> 3. export ldap data from old server and import them to new >>>>>>>>>>>>> server >>>>>>>>>>> >>>>>>>>>>> slapcat -f /etc/openldap/ldap.conf -l /ldap.ldif >>>>>>>>>>> OK >>>>>>>>>>> >>>>>>>>>>>> Ensure that all local user and group accounts that are used by >>>>>>>>>>>> samba >>>>>>>>>>>> have the same uid/gid. >>>>>>>>>>> my ignorance again... another hint? >>>>>>>>>>>> >>>>>>>>>>>>> 4. export SID (net getlocalsid) and set it on new server (net >>>>>>>>>>>>> setlocalsid oldsid) >>>>>>>>>>>> >>>>>>>>>>>> Note: >>>>>>>>>>>> net getdomainsid (on old server) >>>>>>>>>>>> net setdomainsid (on new server) >>>>>>>>>>> thanks :-) >>>>>>>>>>> >>>>>>>>>>> # net getdomainsid >>>>>>>>>>> -bash: net: command not found :-( and not found in yast >>>>>>>>>>> >>>>>>>>>>> I understand it has to do with extracting the sid from >>>>>>>>>>> /etc/samba/secrets.tdb but how do I install the command? suse >>>>>>>>>>> 8.2 yast >>>>>>>>>>> has now net package and googling net is.. well wow! >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Have you samba-client package installed? >>>>>>>>>> >>>>>>>>>> pavouk\pseni...@psenicka:~> rpm -qf `which net` >>>>>>>>>> samba-client-3.5.1-4.1.x86_64 >>>>>>>>>> >>>>>>>>>> or you can dig domainsid from ldap >>>>>>>>>> >>>>>>>>>>>>> 5. configure samba on new server as PDC with ldap and shares >>>>>>>>>>>>> in smb.conf >>>>>>>>>>>>> from old samba smb.conf (check with testparm) >>>>>>>>>>> >>>>>>>>>>> I see it only contains shares so I bet smb.conf would just keep >>>>>>>>>>> all >>>>>>>>>>> the old settings rigth? /DATA will be rsynced >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Maybe smb.conf from Samba2 is too different from Samba 3. I will >>>>>>>>>> keep >>>>>>>>>> current smb.conf on new server and add only shares from old >>>>>>>>>> smb.conf to >>>>>>>>>> new smb.conf. >>>>>>>>>> >>>>>>>>>>>>> 6. stop samba on old server >>>>>>>>>>>>> 7. copy all data (with perms) and netlogon share to new >> server >>>>>>>>>>>>> 8. stop old server >>>>>>>>>>>>> 9. start samba on new server a check everything is working >>>>>>>>>>>>> fine (domain >>>>>>>>>>>>> logon from windows box, shares and perms) >>>>>>>>>>>>> >>>>>>>>>>>>> This can be done best when no users are logged in samba >> (maybe >>>>>>>>>>>>> at weekend?) >>>>>>>>>>>>> >>>>>>>>>>>>> P.S. We have ubuntu 8.04 as PDC and Windows 7 can't join to >>>>>>>>>>>>> domain >>>>>>>>>>> >>>>>>>>>>> thanks I move to Debian with ease :-) ubuntu is a great deb >>>>>>>>>>> derived right? >>>>>>>>>>> >>>>>>>>>> Ubuntu 8.04 LTS is now older than Debian Stable. When Ubuntu >>>>>>>>>> 10.04 LTS >>>>>>>>>> comes out this will be no longer truth. >>>>>>>>>> >>>>>>>>>>>> Check http://wiki.samba.org for info regarding Windows 7. >>>>>>>>>>>> >>>>>>>>>>>> Cheers, >>>>>>>>>>>> John T. >>>>>>>>>>>> >>>>>>>>>>>>> Dne 25.3.2010 01:05, GG napsal(a): >>>>>>>>>>>>>> Hello Vladimir and hi all, >>>>>>>>>>>>>> >>>>>>>>>>>>>> Thanks very much for replying! >>>>>>>>>>>>>> >>>>>>>>>>>>>> Any suggested os? I'd go for debian or what advised, I just >>>>>>>>>>>>>> happen to >>>>>>>>>>>>>> know ubuntu more... >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> Any strategy or hint on migrating from ancient ldap + samba >>>>>>>>>>>>>> to a new server? >>>>>>>>>>>>>> Already tried rsyncing (using all options to keep perms and >>>>>>>>>>>>>> attributes >>>>>>>>>>>>>> grp own mod etc) on a twin v-machine but server starts and >>>>>>>>>>>>>> the ldap >>>>>>>>>>>>>> auth fails to work :-( >>>>>>>>>>>>>> >>>>>>>>>>>>>> I'm a bit stuck at the moment :-( and I have posponed the >>>>>>>>>>>>>> problem for >>>>>>>>>>>>>> too long grrr >>>>>>>>>>>>>> >>>>>>>>>>>>>> Giorgio >>>>>>>>>>>>>> >>>>>>>>>>>>>> On Wed, Mar 24, 2010 at 9:20 AM, Vladimir Psenicka >>>>>>>>>>>>>> <vladimir.pseni...@prodeco.cz> wrote: >>>>>>>>>>>>>>> Dne 23.3.2010 15:48, Giorgio napsal(a): >>>>>>>>>>>>>>>> Hello, >>>>>>>>>>>>>>>> Hopefully I'm in the right place asking for help :-) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> I need to move from an old physical Suse 8.2 - samba 2.2.7 >>>>>>>>>>>>>>>> + ldap - to >>>>>>>>>>>>>>>> latest samba versions, I would like to use an ubuntu 8.04 >>>>>>>>>>>>>>>> virtual machine. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> The domain is in production on the physical server, to be >>>>>>>>>>>>>>>> dismissed after >>>>>>>>>>>>>>>> migration. It is also the file server!!! so /DATA/ has all >>>>>>>>>>>>>>>> shared and >>>>>>>>>>>>>>>> permission driven file access.. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> I was following >>>>>>>>>>>>>>>> https://help.ubuntu.com/8.10/serverguide/C/samba-dc.html >> but >>>>>>>>>>>>>>>> I realize I am in a different scenario... >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Production so no errors are admitted :-(, migration to new >>>>>>>>>>>>>>>> os and versions.. >>>>>>>>>>>>>>>> all at once? >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> I have a dump of the physical server (dd sda mbr and >> single >>>>>>>>>>>>>>>> partitions :) >>>>>>>>>>>>>>>> plus an rsync with all permissions daily backup, just to >> be >>>>>>>>>>>>>>>> safe ;) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> What would you guru's suggest as a strategy? >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Can I create a new server and add it as secondary domain >>>>>>>>>>>>>>>> controller and then >>>>>>>>>>>>>>>> once the replica is up? I'd feel quite comfortable with >>>>>>>>>>>>>>>> this method. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> BTW I need a new version of samba as they have already >>>>>>>>>>>>>>>> bought Windows 7 >>>>>>>>>>>>>>>> boxes (without asking if they were supported arrgh). >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Thanks to all of you who read or answered :-) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Gio >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Hi. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Ubuntu 8.10 is bad idea if you will be connecting Windows 7 >>>>>>>>>>>>>>> into domain, >>>>>>>>>>>>>>> because of old Samba version. Samba 3.4.x or 3.5.x is >>>>>>>>>>>>>>> recommended for >>>>>>>>>>>>>>> Win7. Wait for Ubuntu 10.04 LTS (next month) if you want >>>>>>>>>>>>>>> Ubuntu. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>> Vladimir Psenicka >>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>> To unsubscribe from this list go to the following URL and >>>>>>>>>>>>>>> read the >>>>>>>>>>>>>>> instructions: >> https://lists.samba.org/mailman/options/samba >>>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> To unsubscribe from this list go to the following URL and read >>>>>>>>>>>> the >>>>>>>>>>>> instructions: https://lists.samba.org/mailman/options/samba >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Vladimir Psenicka >>>>>>>>>> IT system engineer >>>>>>>>>> PRODECO, a.s. >>>>>>>>>> Tel.: 417 633 762 >>>>>>>>>> -- >>>>>>>>>> To unsubscribe from this list go to the following URL and read >> the >>>>>>>>>> instructions: https://lists.samba.org/mailman/options/samba >>>>>>>>>> >>>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Vladimir Psenicka >>>>>>> IT system engineer >>>>>>> PRODECO, a.s. >>>>>>> Tel.: 417 633 762 >>>>>>> -- >>>>>>> To unsubscribe from this list go to the following URL and read the >>>>>>> instructions: https://lists.samba.org/mailman/options/samba >>>>>>> >>>>> >>>>> >>>> >>>> >>>> -- >>>> Vladimir Psenicka >>>> IT system engineer >>>> PRODECO, a.s. >>>> Tel.: 417 633 762 >>>> -- >>>> To unsubscribe from this list go to the following URL and read the >>>> instructions: https://lists.samba.org/mailman/options/samba >>>> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> -- Vladimir Psenicka IT system engineer PRODECO, a.s. Tel.: 417 633 762 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba