Ricky
On Tue, Apr 2, 2013 at 12:06 AM, Gémes Géza <g...@kzsdabas.hu> wrote:
> 2013-04-02 05:35 keltezéssel, simon+sa...@matthews.eu írta:
>
>
> >
> > On Mon, 1 Apr 2013, simon+sa...@matthews.eu wrote:
> >
> >
> > > On Tue, 2 Apr 2013, Andrew Bartlett wrote:
> > >
> > > On Mon, 2013-04-01 at 09:26 +0200, Gémes Géza wrote:
> > > > > 2013-04-01 02:36 keltezéssel, simon+sa...@matthews.eu írta:
> > > > > > Since I don't seem to be having any luck with the
> > > > > > classicupgrade,
> > > > I > > decided to try starting from scratch and then adding
> > > > I > > users.
> > > > > > > > I ran the command:
> > > > > > /usr/local/samba/bin/samba-**tool domain provision
> > > > > > --realm=<my
> > > > realm> \ > > --domain=<mydomain> --adminpass 'mypass'
> > > > realm> --server-role=dc \
> > > > > > --dns-backend=BIND9_DLZ
> > > > > > > > Then I tried both adding and changing users. In neither
> > > > > > > > case
> > > > can I > > change the SID with pdbedit. It seems to be added with
> > > > a > >
> > > > system-defined SID, irrespective of what I specify. pdbedit -v is
> > > > > >
> > > > able to list the user's parameters, including the SID.
> > > > > > > > Any suggestions? I am pretty much stuck here trying to
> > > > > > > > figure
> > > > out how > > to migrate from an existing SAMBA3 domain to SAMBA4.
> > > > > > > > > Hi,
> > > > > > Trying to add users one by one (preserving SID) is IMHO a
> > > > > > lot
> > > > harder > (you would probably need to ldbmodify the user record
> > > > of each
> > > > one) to > do, than fixing your samba3 install to have it
> > > > classicupgraded.
> > > >
> > > > Indeed. The only way to safely import a list of users who
> > > > already
> > > > have
> > > > SIDs is to migrate them to Samba 4.0's AD DC using one of the
> > > > supported
> > > > migration tools.
> > > >
> > > > These are 'samba-tool domain join dc' and 'samba-tool domain
> > > > classicupgrade'.
> > > >
> > >
> > > Perhaps I need to address why the "classicupgrade" did not work. I
> > > see
> > > now that I did not pass the --dbdir option when running it before.
> > > I'll try
> > > again.
> > >
> > >
> > I went back to trying to get the classicupgrade to work:
> > /usr/local/samba/bin/samba-**tool domain classicupgrade \
> > --dbdir=/var/lib/samba/ --dbdir=/var/lib/samba/ --realm=a.b \
> > /etc/samba/smb.conf --use-xattrs=yes
> >
> > For the realm, I used a subdomain of one of the two existing dns
> > domains
> > in the LAN. It appears to be processing the information from the old
> > domain
> > tdb files, although I see some errors:
> > Cannot open idmap database, Ignoring: [Errno 2] No such file or
> > directory
> > Importing groups
> > Could not add group name=Remote Desktop Users ((68, "samldb: Account
> > name
> > (sAMAccountName) 'Remote Desktop Users' already in use!"))
> > Could not modify AD idmap entry for
> > sid=S-1-5-21-4254857281-**3346836279-4152649156-555,
> > id=5077, type=ID_TYPE_GID ((32, "Base-DN
> > '<SID=S-1-5-21-4254857281-**3346836279-4152649156-555>'
> > not found"))
> > Could not add posix attrs for AD entry for
> > sid=S-1-5-21-4254857281-**3346836279-4152649156-555,
> > ((32, "Base-DN '<SID=S-1-5-21-4254857281-**3346836279-4152649156-555>'
> > not found"))
> > Group already exists
> > sid=S-1-5-21-4254857281-**3346836279-4152649156-512,
> > groupname=Domain Admins existing_groupname=Domain Admins, Ignoring.
> >
> > However, after this, all I get from pdbedit -L is:
> > # pdbedit -L
> > RAIDSERVER$:4294967295:
> > Administrator:4294967295:
> > [root@samba ~]# pdbedit -L
> > RAIDSERVER$:4294967295:
> > Administrator:4294967295:
> > krbtgt:4294967295:--dbdir=/**var/lib/samba/ --realm=a.b
> > /etc/samba/smb.confnobody:99:**Nobody
> >
> > Any ideas? What information might help debug this?
> >
> > Simon
> >
> >
> > Could this happen because pdbedit is from the samba3 install?
>
> I recommend doing upgrade on a new box/virtual machine where no samba3
> is
> installed, and copying the tdb files to the new box.
>
> Regards
>
> Geza Gemes
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:
> https://lists.samba.org/**mailman/options/samba<https://lists.samba.org/mailman/options/samba>
>
--
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba