Hi. Can you change *objectClass: sambaAccount* to *objectClass: sambaSamAccount* in whole ldif, but object class 'sambaSamAccount' requires attribute 'sambaSID' and maybee other samba* attributes. Or delete objectClass: sambaAccount from this dn when no samba* attribute is specified in this dn. I can't see objectClass: sambaAccount in our Samba 3.0 samba.schema.
You can tune your old atributes (rid) in samba.schema: see HISTORICAL Next your uid in dn must exactly be same as atribute uid dn: *uid=Christian Sanvi*,dc=Sistemi Informativi,dc=People,dc=GG-s-Domain,dc=it structuralObjectClass: inetOrgPerson entryUUID: e969a5fc-584e-1027-9dc7-fa88d05ed16f creatorsName: cn=Manager,dc=GG-s-Domain,dc=it createTimestamp: 20030801093311Z objectClass: inetOrgPerson objectClass: person objectClass: posixAccount objectClass: shadowAccount mail: christian.sa...@gg-s-domain.it mailHost: mail.GG-s-Domain.it mailMessageStore: /var/qmail/maildirs/GG-s-Domain.it/christian.sanvi *uid: Christian Sanvi* cn: csanvi sn: sanvi shadowMax: 99999 shadowWarning: 7 loginShell: /bin/bash uidNumber: 1000 gidNumber: 100 homeDirectory: /home/christian gecos: Christian Sanvi,,, entryCSN: 2008042908:48:24Z#0x0002#0#0000 modifiersName: cn=Manager,dc=GG-s-Domain,dc=it modifyTimestamp: 20080429084824Z userPassword:: e2NyeXB0fVc4Tmx0ck9pZDZhd3M= shadowLastChange: 14695 This dn imported me fine (delete qmail and samba objectclass and rid attribute). Dne 9.4.2010 12:40, GG napsal(a): > Hello! > > So I added openldap.schema and qmail.schema, deleted /var/lib/ldap/* > and slapadd the ldif; I still get the same errors though! > > Being on the first line it seems as if dn: uid=,dc=,dc=,dc= is not ok > for the new version, because it imports groups correctly dn: > dc=,dc=,dc= > > Ideas? > > Cheers, > Giorgio > > On 4/8/10, Vladimir Psenicka <vladimir.pseni...@prodeco.cz> wrote: >> You have in gg-edited.ldif (first error on line 52): >> >> dn: uid=name surname,dc=Sistemi >> Informativi,dc=People,dc=GG-s-Domain,dc=it >> structuralObjectClass: inetOrgPerson >> entryUUID: e969a5fc-584e-1027-9dc7-fa88d05ed16f >> creatorsName: cn=Manager,dc=GG-s-Domain,dc=it >> createTimestamp: 20030801093311Z >> objectClass: inetOrgPerson >> objectClass: person >> objectClass: sambaAccount >> objectClass: qmailUser >> objectClass: posixAccount >> objectClass: shadowAccount >> >> Dou you have all apropriate schemas in your slapd.conf and in >> /etc/ldap/schema/ on your new server? You should have all schemas in new >> slapd.conf as you had in slapd.conf on old server...qmail schema etc... >> >> Dne 8.4.2010 11:44, GG napsal(a): >>> Hello Vladimir and NG, >>> >>> I added samba.schema and removed the "" and it imported ldif without >>> saying anything about groups now :-) >>> >>> There are some warnings I am attaching. >>> >>> It moans about >>> str2entry: invalid value for attributeType objectClass #3 (syntax >>> 1.3.6.1.4.1.1466.115.121.1.38) >>> slapadd: could not parse entry (line=11937) >>> and if I look at the ldif I find this >>> dn: uid=someuid,dc=Filiali,dc=People,dc=domain,dc=it >>> >>> and other error >>> slapadd: could not parse entry (line=11116) >>> <= str2entry: str2ad(mailHost): attribute type undefined >>> this is the line in ldfi... >>> >>> dn: uid=otheruid,dc=Esterni,dc=People,dc=domain,dc=it >>> cn: otheruid >>> >>> But the line is always the dn: >>> uid=someuid,dc=SomeSubDc,dc=People,dc=domain,dc=it >>> >>> but reading mailHost: I have a line in many accounts with maildir and >>> mail host etc that I don't need any more; shall I remove lines >>> containing mail attributes? (mytextools.com <http://mytextools.com> is >>> great but I suppose there must be some regular expression too) >>> >>> I did a slapcat from destination server and it imported groups but no >>> actual users. >>> >>> I removed mail alternate attibutes (not mail: as it used for creating >>> alias from ldap into mail server) anyway the error seems to be in the >>> DN. it needs a dn but it gives this error >>> str2entry: invalid value for attributeType objectClass #3 (syntax >>> 1.3.6.1.4.1.1466.115.121.1.38) >>> slapadd: could not parse entry (line=1) >>> >>> importing a single user from a partial ldif.. >>> >>> >>> Giorgio >>> >>> On 4/8/10, Vladimir Psenicka <vladimir.pseni...@prodeco.cz >>> <mailto:vladimir.pseni...@prodeco.cz>> wrote: >>>> 1. comments to slapd.conf: >>>> >>>> if slapd.conf.destination is on your new server, then you are missing >>>> samba schema in your slapd.conf.destination. >>>> >>>> slapd.conf on new server: >>>> .... >>>> include /etc/ldap/schema/samba.schema >>>> .... >>>> >>>> Get samba.schema from your current samba instalation on new server. It >>>> should be in somewhere in: /usr/share/doc/samba-doc/examples/LDAP/ >>>> >>>> 2. comments on error importing ldif: >>>> >>>> slapadd-ing.LOG: >>>> >>>> slapadd: dn="dc=People,dc=GG-s-Domain,dc=it" (line=26): (64) value of >>>> naming attribute 'dc' is not present in entry >>>> >>>> which is in gg-edited.ldif: >>>> >>>> dn: dc=People,dc=GG-s-Domain,dc=it >>>> objectClass: dcObject >>>> objectClass: organizationalUnit >>>> ou: "People" >>>> dc: "People" >>>> structuralObjectClass: organizationalUnit >>>> entryUUID: 067e823e-5845-1027-9dc5-fa88d05ed16f >>>> creatorsName: cn=Manager,dc=GG-s-Domain,dc=it >>>> createTimestamp: 20030801082225Z >>>> entryCSN: 2003080108:22:25Z#0x0001#0#0000 >>>> modifiersName: cn=Manager,dc=GG-s-Domain,dc=it >>>> modifyTimestamp: 20030801082225Z >>>> >>>> Can you try delete quotes in ou: "People" and dc: "People" and try to >>>> import ldif again? Or you can try delete objectClass: dcObject and dc: >>>> "People". In our ldap we haven't objectClass: dcObject in dn: >>>> ou=Users,dc=pavouk,dc=cz >>>> >>>> my ldif: >>>> >>>> dn: ou=Users,dc=pavouk,dc=cz >>>> objectClass: organizationalUnit >>>> ou: Users >>>> structuralObjectClass: organizationalUnit >>>> entryUUID: 00014016-c3a2-1029-9d4e-9147cb3e97d5 >>>> creatorsName: cn=Manager,dc=pavouk,dc=cz >>>> createTimestamp: 20050927125727Z >>>> entryCSN: 20050927125727.000000Z#000001#000#000000 >>>> modifiersName: cn=Manager,dc=pavouk,dc=cz >>>> modifyTimestamp: 20050927125727Z >>>> >>>> >>>> >>>> >>>> Dne 7.4.2010 16:14, GG napsal(a): >>>>> Hello Vladimir and anyone else reading :-) ! >>>>> >>>>> Attaching these files: >>>>> >>>>> - gg-edited.ldif >>>>> - slapd.conf.destination.txt >>>>> - slapd.conf.source.txt >>>>> - ldap.conf.destination.txt >>>>> - ldap.conf.source.txt >>>>> - slapadd-ing.LOG this was the log while importing ldif >>>>> >>>>> >>>>> NET SID ETC >>>>> net setlocalsid >>> S-1-5-21-1168...........-..................-...............2 >>>>> net setdomainsid >>> S-1-5-21-1168...........-..................-...............1 >>>>> >>>>> does net setlocal and domain sid have sense or should it be >>>>> net setdomainsid >>>>> twice with different sids? >>>>> >>>>> Thanks very much! >>>>> >>>>> Giorgio >>>>> >>>>> On 4/6/10, Vladimir Psenicka <vladimir.pseni...@prodeco.cz >>> <mailto:vladimir.pseni...@prodeco.cz>> wrote: >>>>>> Hi Gorgio >>>>>> >>>>>> Dne 2.4.2010 17:01, GG napsal(a): >>>>>>> Hi all, >>>>>>> >>>>>>> So I have >>>>>>> openldap2-2.1.12-74 >>>>>>> samba-2.2.7a-72 >>>>>>> >>>>>>> I would like to migrate this existing PDC service to a new server and >>>>>>> to current production / stable releases (especially for windows 7 >>>>>>> joining to the domain). >>>>>>> >>>>>>> New server is Debian Lenny stable. >>>>>>> >>>>>>> I have exported the domain SID, and ldap.ldif >>>>>>> >>>>>>> Now lets get down to it :-) >>>>>>> Before importing should I do something about organizational units >>> and so? How? >>>>>>> >>>>>>>> Import only data to LDAP no configs (slapcat->slapadd) >>>>>>> slapadd -c -l slapcat.ldif >>>>>>> I did this but attached errors showed up. >>>>>>> >>>>>>> Error, entries missing! >>>>>>> entry 3: dc=people,dc=ExampleDomain,dc=it >>>>>>> entry 4: dc=groups,dc=people,dc=ExampleDomain,dc=it >>>>>> >>>>>> Can you post first 100 lines of your ldif you try to import? You >>>>>> probably missing some base ldif. >>>>>> >>>>>>> >>>>>>> >>>>>>> I know nothing about ldap, but my ldap is probably missing some pre >>>>>>> required settings ? :-/ >>>>>>> >>>>>> >>>>>> Can you post slapd.conf also? >>>>>> >>>>>> >>>>>>> Cheers! >>>>>>> Giorgio >>>>>>> >>>>>>>> Configs yes, live data no, but if you have ldap it *should* be >>> enough to >>>>>>>> import ldif from old server, configure samba to use ldap and run >>> smbpasswd >>>>>>>> -W to store ldap admin dn pass to secrets.tdb. After that you can >>> test if >>>>>>>> samba see imported users in ldap (pdbedit -L). >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> On 3/27/10, Vladimir Psenicka <vladimir.pseni...@prodeco.cz >>> <mailto:vladimir.pseni...@prodeco.cz>> wrote: >>>>>>>> On Fri, 26 Mar 2010 15:32:50 +0100, GG <joj...@gmail.com >>> <mailto:joj...@gmail.com>> wrote: >>>>>>>>> wow I made it! >>>>>>>>> >>>>>>>>> I copied net and all the libs it complained about from another suse >>>>>>>>> server which was not missing it :-) >>>>>>>>> >>>>>>>>> [2010/03/26 15:07:37, 0] param/loadparm.c:map_parameter(2435) >>>>>>>>> Unknown parameter encountered: "domain admin group" >>>>>>>>> [2010/03/26 15:07:37, 0] param/loadparm.c:lp_do_parameter(3125) >>>>>>>>> Ignoring unknown parameter "domain admin group" >>>>>>>>> SID for domain ThisIsLikeTheHostNameOrMaybeAtestDomain??? >>>>>>>>> is: S-1-5-21-1bla bla >>>>>>>>> SID for domain THISISMYDOMAIN is: S-1-5-other-bla bla >>>>>>>>> >>>>>>>>> Which shall I import? >>>>>>>>> >>>>>>>> >>>>>>>> Import both for sure:-). First is localsid, second is domainsid >>>>>>>> >>>>>>>>> So now back to mail number 2 :-) >>>>>>>>> >>>>>>>>> LDAP: I exported ldif :-) now >>>>>>>>> I copied /etc/groups passwd shadow aliases >>>>>>>>> >>>>>>>>> now on the new server: >>>>>>>>> >>>>>>>>> how do I import LDAP and all its configs, >>>>>>>>> samba and all its configs are only in smb.conf? >>>>>>>>> >>>>>>>> Import only data to LDAP no configs (slapcat->slapadd) >>>>>>>> Configs yes, live data no, but if you have ldap it *should* be >>> enough to >>>>>>>> import ldif from old server, configure samba to use ldap and run >>> smbpasswd >>>>>>>> -W to store ldap admin dn pass to secrets.tdb. After that you can >>> test if >>>>>>>> samba see imported users in ldap (pdbedit -L). >>>>>>>> >>>>>>>>> :-) >>>>>>>>> Giorgio >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On 3/26/10, Vladimir Psenicka <vladimir.pseni...@prodeco.cz >>> <mailto:vladimir.pseni...@prodeco.cz>> wrote: >>>>>>>>>> Paste ldap admin dn or ldap suffix in your smb.conf >>>>>>>>>> >>>>>>>>>> Dne 26.3.2010 15:24, Vladimir Psenicka napsal(a): >>>>>>>>>>> try this: >>>>>>>>>>> >>>>>>>>>>> ldapsearch -x -h localhost -D "cn=Manager,dc=WORKGROUP,dc=it" >>> -W -b >>>>>>>>>>> "sambaDomainName=WORKGROUP,dc=WORKGROUP,dc=it" >>>>>>>>>>> >>>>>>>>>>> Dne 26.3.2010 15:00, GG napsal(a): >>>>>>>>>>>> Hello! >>>>>>>>>>>> >>>>>>>>>>>> I'm stuck on getdomainsid: Net command is missing even though >>> libs >>>>>>>> and >>>>>>>>>>>> smbclient are installed. >>>>>>>>>>>> >>>>>>>>>>>> I tried this: >>>>>>>>>>>> # ldapsearch -x -h localhost -D "cn=Manager,dc=domain,dc=it" >>> -W -b >>>>>>>>>>>> "sambaDomainName=WORKGROUP,dc=domain,dc=it" >>>>>>>>>>>> Enter LDAP Password: >>>>>>>>>>>> # extended LDIF >>>>>>>>>>>> # >>>>>>>>>>>> # LDAPv3 >>>>>>>>>>>> # base <sambaDomainName=WORKGROUP,dc=domain,dc=it> with scope sub >>>>>>>>>>>> # filter: (objectclass=*) >>>>>>>>>>>> # requesting: ALL >>>>>>>>>>>> # >>>>>>>>>>>> >>>>>>>>>>>> # search result >>>>>>>>>>>> search: 2 >>>>>>>>>>>> result: 34 Invalid DN syntax >>>>>>>>>>>> text: invalid DN >>>>>>>>>>>> >>>>>>>>>>>> # numResponses: 1 >>>>>>>>>>>> >>>>>>>>>>>> So: I'm not sure what is >>> sambaDomainName=domain,dc=domain,dc=it... >>>>>>>>>>>> I used WORKGROUP as it is the domain we use on pcs and the >>> only one >>>>>>>>>>>> defined in smb.conf >>>>>>>>>>>> >>>>>>>>>>>> I also tried using my pdc HOSTNAME >>>>>>>>>>>> >>>>>>>>>>>> and this was returned >>>>>>>>>>>> # LDAPv3 >>>>>>>>>>>> # base <sambaDomainName=hostname,dc=domain,dc=it> with scope sub >>>>>>>>>>>> # filter: (objectclass=*) >>>>>>>>>>>> # requesting: ALL >>>>>>>>>>>> # >>>>>>>>>>>> >>>>>>>>>>>> # search result >>>>>>>>>>>> search: 2 >>>>>>>>>>>> result: 34 Invalid DN syntax >>>>>>>>>>>> text: invalid DN >>>>>>>>>>>> >>>>>>>>>>>> # numResponses: 1 >>>>>>>>>>>> >>>>>>>>>>>> Any way to get through this or how to use net command? Maybe >>>>>>>> updating >>>>>>>>>>>> samba-client? >>>>>>>>>>>> >>>>>>>>>>>> I tried rpm -i samba-client but it says >>>>>>>>>>>> file /usr/share/man/man1/smbclient.1.gz from install of >>>>>>>>>>>> samba-client-2.2.12-1.suse82 conflicts with file from package >>>>>>>>>>>> samba-client-2.2.7a-72 when trying to rpm -i >>>>>>>> samba-client-2.2.12-1.rpm >>>>>>>>>>>> >>>>>>>>>>>> I found also the original package but it says it is already >>>>>>>> installed. >>>>>>>>>>>> >>>>>>>>>>>> What happens if I remove samba-client and reinstall it soon >>> after on >>>>>>>>>>>> the production pdc? >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Giorgio >>>>>>>>>>>> >>>>>>>>>>>> On 3/26/10, Vladimir Psenicka <vladimir.pseni...@prodeco.cz >>> <mailto:vladimir.pseni...@prodeco.cz>> wrote: >>>>>>>>>>>>> Dne 26.3.2010 13:50, GG napsal(a): >>>>>>>>>>>>>> Hello! >>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Have you samba-client package installed? >>>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> yes I do at least smbclient is there! but no net command :-/ >>>>>>>>>>>>>> >>>>>>>>>>>>>>>> pavouk\pseni...@psenicka:~> rpm -qf `which net` >>>>>>>>>>>>>>>> samba-client-3.5.1-4.1.x86_64 >>>>>>>>>>>>>> >>>>>>>>>>>>>> So here are the issues encountered... >>>>>>>>>>>>>> file /usr/share/man/man1/smbclient.1.gz from install of >>>>>>>>>>>>>> samba-client-2.2.12-1.suse82 conflicts with file from package >>>>>>>>>>>>>> samba-client-2.2.7a-72 when trying to rpm -i >>>>>>>>>>>>>> samba-client-2.2.12-1.rpm >>>>>>>>>>>>>> I found on net... >>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> or you can dig domainsid from ldap >>>>>>>>>>>>>> >>>>>>>>>>>>>> This sounds interesting! How do I do that? >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> modify to your needs (domain): >>>>>>>>>>>>> >>>>>>>>>>>>> ldapsearch -x -h ldap -D "cn=admin,dc=domain,dc=cz" -W -b >>>>>>>>>>>>> "sambaDomainName=domain,dc=domain,dc=cz" >>>>>>>>>>>>> >>>>>>>>>>>>> sambaSID: is your domainsid >>>>>>>>>>>>> >>>>>>>>>>>>> or you can use phpldapadmin to manage you ldap from browser >>>>>>>>>>>>> >>>>>>>>>>>>>> Thanks very much! >>>>>>>>>>>>>> Giorgio >>>>>>>>>>>>>> >>>>>>>>>>>>>> On 3/26/10, GG <joj...@gmail.com <mailto:joj...@gmail.com>> >>> wrote<script >>>>>>>> type="text/javascript" >>>>>>>> >>> src="https://mail.prodeco.cz/roundcube/program/js/tiny_mce/themes/advanced/langs/cs.js?s=1240817786"></script>: >>>>>>>>>>>>>>> Hi! >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> I'll be at it in a few minutes installing samba client / net >>>>>>>>>>>>>>> command :-) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> I have a question about the samba sernet repos: >>>>>>>>>>>>>>> Shall I apt-get remove samba and use >>>>>>>>>>>>>>> http://enterprisesamba.com/index.php?id=148 + >>>>>>>>>>>>>>> http://enterprisesamba.com/index.php?id=56 >>>>>>>>>>>>>>> instead from start? >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> What is the real advantage of sernet? What about installing >>>>>>>>>>>>>>> official >>>>>>>>>>>>>>> samba.org <http://samba.org> packages, are there >>> differences with sernet >>>>>>>> (stability?) >>>>>>>>>>>>>>> or >>>>>>>>>>>>>>> is it just a more liberal repository? >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Also I read >>>>>>>>>>>>>>>>>> Ensure that all local user and group accounts that are >>> used by >>>>>>>>>>>>>>>>>> samba >>>>>>>>>>>>>>>>>> have the same uid/gid. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Shall I copy /etc/shadow and /etc/passwd over? other files for >>>>>>>>>>>>>>> groups >>>>>>>>>>>>>>> and users? >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> I use rsync --verbose --progress --stats --compress >>> --rsh=ssh \ >>>>>>>>>>>>>>> --recursive --times --perms --links \ >>>>>>>>>>>>>>> --owner --group --devices --specials \ >>>>>>>>>>>>>>> --exclude-from '/root/exclude.txt (if any, not in >>> this case >>>>>>>> as >>>>>>>>>>>>>>> I'm only syncing data dir)' \ >>>>>>>>>>>>>>> r...@old_pdc:/DATA /DATA >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> This should bring over every attribute set on files... >>> correct? >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> [[[did only partially in one case: I set up a twin install >>> (fresh >>>>>>>>>>>>>>> install then live cd and full rsync and after that I kept mbr, >>>>>>>> but >>>>>>>>>>>>>>> changed /boot and the /ect/fstab settings) and the server >>> started >>>>>>>>>>>>>>> etc.. LDAP did not work though: authentication was not >>>>>>>> available... >>>>>>>>>>>>>>> So I must be missing something or this rsync parameter set >>> must >>>>>>>> be >>>>>>>>>>>>>>> missing something.. I had disconnected old PDC, set same >>> IP and >>>>>>>>>>>>>>> hostname to the VM well this worked well for other >>>>>>>> virtualizations >>>>>>>>>>>>>>> and >>>>>>>>>>>>>>> in this PDC I need to upgrade to win7 compatible samba version >>>>>>>>>>>>>>> anyway >>>>>>>>>>>>>>> :-) >>>>>>>>>>>>>>> This was another story but just to share it as it is an >>> excellent >>>>>>>>>>>>>>> way >>>>>>>>>>>>>>> of migrating sometimes specially for machines you do not >>> master >>>>>>>> and >>>>>>>>>>>>>>> this is my case very often.]]] >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Cheers, >>>>>>>>>>>>>>> Giorgio >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Fri, Mar 26, 2010 at 9:14 AM, Vladimir Psenicka >>>>>>>>>>>>>>> <vladimir.pseni...@prodeco.cz >>> <mailto:vladimir.pseni...@prodeco.cz>> wrote: >>>>>>>>>>>>>>>> Hi >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Dne 25.3.2010 17:41, GG napsal(a): >>>>>>>>>>>>>>>>> Hello Vladimir, John and all the NG :-) >>>>>>>>>>>>>>>>> Thanks so much for answering. I really hoped someone >>> would :-) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> So I installed Debian latest stable netinst on the future >>>>>>>>>>>>>>>>> production >>>>>>>>>>>>>>>>> server and here are my issues in the quotes :-( no net >>> command >>>>>>>>>>>>>>>>> on my >>>>>>>>>>>>>>>>> suse 8.2 >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Cheers :-) >>>>>>>>>>>>>>>>> Giorgio >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> On Thu, Mar 25, 2010 at 14:00, John H Terpstra >>> <*...@samba.org <http://samba.org>> >>>>>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>>>>>> On 03/25/2010 03:33 AM, Vladimir Psenicka wrote: >>>>>>>>>>>>>>>>>>> What about Debian Stable with Sernet samba repo, where you >>>>>>>> can >>>>>>>>>>>>>>>>>>> choose >>>>>>>>>>>>>>>>>>> Samba 3.4.x or 3.5.x >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> My hints on migrating to new server: >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> 1. install new server (Samba,ldap etc.) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> done :-) Debian Stable netinst >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> 2. set same hostname on new server >>>>>>>>>>>>>>>>> My ignorance comes out :-) >>>>>>>>>>>>>>>>> Must I set it different from the production server as FW >>> points >>>>>>>>>>>>>>>>> production.domain.com <http://production.domain.com> - I >>> have clients using DNS=oldPDC and PDC >>>>>>>>>>>>>>>>> forwards queries to FW. FW has pdc.domain.com >>> <http://pdc.domain.com> defined to point >>>>>>>>>>>>>>>>> to lan >>>>>>>>>>>>>>>>> ip. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Ok, can be changed later >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> 3. export ldap data from old server and import them to new >>>>>>>>>>>>>>>>>>> server >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> slapcat -f /etc/openldap/ldap.conf -l /ldap.ldif >>>>>>>>>>>>>>>>> OK >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Ensure that all local user and group accounts that are >>> used by >>>>>>>>>>>>>>>>>> samba >>>>>>>>>>>>>>>>>> have the same uid/gid. >>>>>>>>>>>>>>>>> my ignorance again... another hint? >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> 4. export SID (net getlocalsid) and set it on new >>> server (net >>>>>>>>>>>>>>>>>>> setlocalsid oldsid) >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Note: >>>>>>>>>>>>>>>>>> net getdomainsid (on old server) >>>>>>>>>>>>>>>>>> net setdomainsid (on new server) >>>>>>>>>>>>>>>>> thanks :-) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> # net getdomainsid >>>>>>>>>>>>>>>>> -bash: net: command not found :-( and not found in yast >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> I understand it has to do with extracting the sid from >>>>>>>>>>>>>>>>> /etc/samba/secrets.tdb but how do I install the command? >>> suse >>>>>>>>>>>>>>>>> 8.2 yast >>>>>>>>>>>>>>>>> has now net package and googling net is.. well wow! >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Have you samba-client package installed? >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> pavouk\pseni...@psenicka:~> rpm -qf `which net` >>>>>>>>>>>>>>>> samba-client-3.5.1-4.1.x86_64 >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> or you can dig domainsid from ldap >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> 5. configure samba on new server as PDC with ldap and >>> shares >>>>>>>>>>>>>>>>>>> in smb.conf >>>>>>>>>>>>>>>>>>> from old samba smb.conf (check with testparm) >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> I see it only contains shares so I bet smb.conf would >>> just keep >>>>>>>>>>>>>>>>> all >>>>>>>>>>>>>>>>> the old settings rigth? /DATA will be rsynced >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Maybe smb.conf from Samba2 is too different from Samba 3. >>> I will >>>>>>>>>>>>>>>> keep >>>>>>>>>>>>>>>> current smb.conf on new server and add only shares from old >>>>>>>>>>>>>>>> smb.conf to >>>>>>>>>>>>>>>> new smb.conf. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> 6. stop samba on old server >>>>>>>>>>>>>>>>>>> 7. copy all data (with perms) and netlogon share to new >>>>>>>> server >>>>>>>>>>>>>>>>>>> 8. stop old server >>>>>>>>>>>>>>>>>>> 9. start samba on new server a check everything is working >>>>>>>>>>>>>>>>>>> fine (domain >>>>>>>>>>>>>>>>>>> logon from windows box, shares and perms) >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> This can be done best when no users are logged in samba >>>>>>>> (maybe >>>>>>>>>>>>>>>>>>> at weekend?) >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> P.S. We have ubuntu 8.04 as PDC and Windows 7 can't >>> join to >>>>>>>>>>>>>>>>>>> domain >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> thanks I move to Debian with ease :-) ubuntu is a great deb >>>>>>>>>>>>>>>>> derived right? >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Ubuntu 8.04 LTS is now older than Debian Stable. When Ubuntu >>>>>>>>>>>>>>>> 10.04 LTS >>>>>>>>>>>>>>>> comes out this will be no longer truth. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Check http://wiki.samba.org for info regarding Windows 7. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Cheers, >>>>>>>>>>>>>>>>>> John T. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Dne 25.3.2010 01:05, GG napsal(a): >>>>>>>>>>>>>>>>>>>> Hello Vladimir and hi all, >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Thanks very much for replying! >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Any suggested os? I'd go for debian or what advised, >>> I just >>>>>>>>>>>>>>>>>>>> happen to >>>>>>>>>>>>>>>>>>>> know ubuntu more... >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Any strategy or hint on migrating from ancient ldap + >>> samba >>>>>>>>>>>>>>>>>>>> to a new server? >>>>>>>>>>>>>>>>>>>> Already tried rsyncing (using all options to keep >>> perms and >>>>>>>>>>>>>>>>>>>> attributes >>>>>>>>>>>>>>>>>>>> grp own mod etc) on a twin v-machine but server >>> starts and >>>>>>>>>>>>>>>>>>>> the ldap >>>>>>>>>>>>>>>>>>>> auth fails to work :-( >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> I'm a bit stuck at the moment :-( and I have posponed the >>>>>>>>>>>>>>>>>>>> problem for >>>>>>>>>>>>>>>>>>>> too long grrr >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Giorgio >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> On Wed, Mar 24, 2010 at 9:20 AM, Vladimir Psenicka >>>>>>>>>>>>>>>>>>>> <vladimir.pseni...@prodeco.cz >>> <mailto:vladimir.pseni...@prodeco.cz>> wrote: >>>>>>>>>>>>>>>>>>>>> Dne 23.3.2010 15:48, Giorgio napsal(a): >>>>>>>>>>>>>>>>>>>>>> Hello, >>>>>>>>>>>>>>>>>>>>>> Hopefully I'm in the right place asking for help :-) >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> I need to move from an old physical Suse 8.2 - >>> samba 2.2.7 >>>>>>>>>>>>>>>>>>>>>> + ldap - to >>>>>>>>>>>>>>>>>>>>>> latest samba versions, I would like to use an >>> ubuntu 8.04 >>>>>>>>>>>>>>>>>>>>>> virtual machine. >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> The domain is in production on the physical server, >>> to be >>>>>>>>>>>>>>>>>>>>>> dismissed after >>>>>>>>>>>>>>>>>>>>>> migration. It is also the file server!!! so /DATA/ >>> has all >>>>>>>>>>>>>>>>>>>>>> shared and >>>>>>>>>>>>>>>>>>>>>> permission driven file access.. >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> I was following >>>>>>>>>>>>>>>>>>>>>> >>> https://help.ubuntu.com/8.10/serverguide/C/samba-dc.html >>>>>>>> but >>>>>>>>>>>>>>>>>>>>>> I realize I am in a different scenario... >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Production so no errors are admitted :-(, migration >>> to new >>>>>>>>>>>>>>>>>>>>>> os and versions.. >>>>>>>>>>>>>>>>>>>>>> all at once? >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> I have a dump of the physical server (dd sda mbr and >>>>>>>> single >>>>>>>>>>>>>>>>>>>>>> partitions :) >>>>>>>>>>>>>>>>>>>>>> plus an rsync with all permissions daily backup, >>> just to >>>>>>>> be >>>>>>>>>>>>>>>>>>>>>> safe ;) >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> What would you guru's suggest as a strategy? >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Can I create a new server and add it as secondary >>> domain >>>>>>>>>>>>>>>>>>>>>> controller and then >>>>>>>>>>>>>>>>>>>>>> once the replica is up? I'd feel quite comfortable with >>>>>>>>>>>>>>>>>>>>>> this method. >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> BTW I need a new version of samba as they have already >>>>>>>>>>>>>>>>>>>>>> bought Windows 7 >>>>>>>>>>>>>>>>>>>>>> boxes (without asking if they were supported arrgh). >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Thanks to all of you who read or answered :-) >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Gio >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Hi. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Ubuntu 8.10 is bad idea if you will be connecting >>> Windows 7 >>>>>>>>>>>>>>>>>>>>> into domain, >>>>>>>>>>>>>>>>>>>>> because of old Samba version. Samba 3.4.x or 3.5.x is >>>>>>>>>>>>>>>>>>>>> recommended for >>>>>>>>>>>>>>>>>>>>> Win7. Wait for Ubuntu 10.04 LTS (next month) if you want >>>>>>>>>>>>>>>>>>>>> Ubuntu. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>>> Vladimir Psenicka >>>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>>> To unsubscribe from this list go to the following >>> URL and >>>>>>>>>>>>>>>>>>>>> read the >>>>>>>>>>>>>>>>>>>>> instructions: >>>>>>>> https://lists.samba.org/mailman/options/samba >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>> To unsubscribe from this list go to the following URL >>> and read >>>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>>> >>> instructions: https://lists.samba.org/mailman/options/samba >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>> Vladimir Psenicka >>>>>>>>>>>>>>>> IT system engineer >>>>>>>>>>>>>>>> PRODECO, a.s. >>>>>>>>>>>>>>>> Tel.: 417 633 762 >>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>> To unsubscribe from this list go to the following URL and >>> read >>>>>>>> the >>>>>>>>>>>>>>>> instructions: https://lists.samba.org/mailman/options/samba >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> Vladimir Psenicka >>>>>>>>>>>>> IT system engineer >>>>>>>>>>>>> PRODECO, a.s. >>>>>>>>>>>>> Tel.: 417 633 762 >>>>>>>>>>>>> -- >>>>>>>>>>>>> To unsubscribe from this list go to the following URL and >>> read the >>>>>>>>>>>>> instructions: https://lists.samba.org/mailman/options/samba >>>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Vladimir Psenicka >>>>>>>>>> IT system engineer >>>>>>>>>> PRODECO, a.s. >>>>>>>>>> Tel.: 417 633 762 >>>>>>>>>> -- >>>>>>>>>> To unsubscribe from this list go to the following URL and read the >>>>>>>>>> instructions: https://lists.samba.org/mailman/options/samba >>>>>>>>>> >>>>>>>> -- >>>>>>>> To unsubscribe from this list go to the following URL and read the >>>>>>>> instructions: https://lists.samba.org/mailman/options/samba >>>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Vladimir Psenicka >>>>>> IT system engineer >>>>>> PRODECO, a.s. >>>>>> Tel.: 417 633 762 >>>>>> >>>> >>>> >>>> -- >>>> Vladimir Psenicka >>>> IT system engineer >>>> PRODECO, a.s. >>>> Tel.: 417 633 762 >>>> >>> >>> >> >> >> -- >> Vladimir Psenicka >> IT system engineer >> PRODECO, a.s. >> Tel.: 417 633 762 >> -- Vladimir Psenicka IT system engineer PRODECO, a.s. Tel.: 417 633 762 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba