On Mon, 2013-04-01 at 09:26 +0200, Gémes Géza wrote: > 2013-04-01 02:36 keltezéssel, simon+sa...@matthews.eu írta: > > Since I don't seem to be having any luck with the classicupgrade, I > > decided to try starting from scratch and then adding users. > > > > I ran the command: > > /usr/local/samba/bin/samba-tool domain provision --realm=<my realm> \ > > --domain=<mydomain> --adminpass 'mypass' --server-role=dc \ > > --dns-backend=BIND9_DLZ > > > > Then I tried both adding and changing users. In neither case can I > > change the SID with pdbedit. It seems to be added with a > > system-defined SID, irrespective of what I specify. pdbedit -v is able > > to list the user's parameters, including the SID. > > > > Any suggestions? I am pretty much stuck here trying to figure out how > > to migrate from an existing SAMBA3 domain to SAMBA4. > > > > > Hi, > > Trying to add users one by one (preserving SID) is IMHO a lot harder > (you would probably need to ldbmodify the user record of each one) to > do, than fixing your samba3 install to have it classicupgraded.
Indeed. The only way to safely import a list of users who already have SIDs is to migrate them to Samba 4.0's AD DC using one of the supported migration tools. These are 'samba-tool domain join dc' and 'samba-tool domain classicupgrade'. The reason is that we have to ensure that we never re-allocate the same SID to a new user later. For that reason, we have protection in the domain controller code to prevent the administrator specifying the SID. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba