[Samba] migrating samba shares to a netapp filer?
Hello, I'll soon have to migrate our samba shares to a netapp filer (not my decision). Currently the shares are on an xfs filesystem and served by samba 3.5.2, which is also the domain controller (a role that it will maintain, only the shares are being transferred) and sama/unix users are in ldap. The filer is in the domain and uses ldap to map user ids and that seems to work. Samba maps the unix permissions and xfs ACLs to windows ACLs, but the filer isn't as smart: the share can be in ntfs mode or in unix mode (there's also a mixed mode but I'd avoid that). To copy the data I nfs mount the netapp and use rsync. For that to work I have to use unix mode on the filed (with ntfs mode the netapp doesn't allow nfs clients to modify file ownership and permissions) but while that works and I like the fact that I can use rsync not only for the initial migration, but also for making backups in the future, that means I lose the ACLs and it's ugly as seen on a windows client (since the netapp shows unix permissions in an ugly way). I tried a cifs mount against a ntfs style netapp share, but that didn't correctly map the users and permissions when I rsync'ed the files. Is there a better way to copy the data, possibly using ntfs style permissions on the filer and not precluding the use of rsync in the future? I've read about robocopy but I'm not really sure it's a good option. TIA -- Luca Olivetti Wetron Automation Technology http://www.wetron.es Tel. +34 935883004 Fax +34 935883007 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] migrating samba shares to a netapp filer?
If I were you I'd connect to both shares using a Windows machine and run robocopy to copy all the permissions. On Jan 31, 2013, at 4:58 AM, Luca Olivetti l...@wetron.es wrote: Hello, I'll soon have to migrate our samba shares to a netapp filer (not my decision). Currently the shares are on an xfs filesystem and served by samba 3.5.2, which is also the domain controller (a role that it will maintain, only the shares are being transferred) and sama/unix users are in ldap. The filer is in the domain and uses ldap to map user ids and that seems to work. Samba maps the unix permissions and xfs ACLs to windows ACLs, but the filer isn't as smart: the share can be in ntfs mode or in unix mode (there's also a mixed mode but I'd avoid that). To copy the data I nfs mount the netapp and use rsync. For that to work I have to use unix mode on the filed (with ntfs mode the netapp doesn't allow nfs clients to modify file ownership and permissions) but while that works and I like the fact that I can use rsync not only for the initial migration, but also for making backups in the future, that means I lose the ACLs and it's ugly as seen on a windows client (since the netapp shows unix permissions in an ugly way). I tried a cifs mount against a ntfs style netapp share, but that didn't correctly map the users and permissions when I rsync'ed the files. Is there a better way to copy the data, possibly using ntfs style permissions on the filer and not precluding the use of rsync in the future? I've read about robocopy but I'm not really sure it's a good option. TIA -- Luca Olivetti Wetron Automation Technology http://www.wetron.es Tel. +34 935883004 Fax +34 935883007 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] migrating samba shares to a netapp filer?
Al 31/01/13 16:09, En/na John P Arends ha escrit: If I were you I'd connect to both shares using a Windows machine and run robocopy to copy all the permissions. I thought about that but I'd prefer a Linux solution (if possible). Bye -- Luca Olivetti Wetron Automation Technology http://www.wetron.es Tel. +34 935883004 Fax +34 935883007 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] migrating samba shares to a netapp filer?
Am 31.01.2013 16:43, schrieb Luca Olivetti: Al 31/01/13 16:09, En/na John P Arends ha escrit: If I were you I'd connect to both shares using a Windows machine and run robocopy to copy all the permissions. I thought about that but I'd prefer a Linux solution (if possible). There is a lack of standardization in ACLs on the Linux/Unix side (fine grained ACLs beyound User/Group/World). AFAIK XFS does have Posix ACLs (which never left draft status) and NetApp might be able to do NFSv4 ACLs on volumes with NTFS security exported via NFSv4 (not sure about that). If your ACLs follow a simple pattern (user and group directories with fairly uniform access rights) you might just recreate the ACLs from scratch, otherwise robocopy does a fairly good job in translating the ACLs. Kind Regards Wolfgang Ratzka -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] migrating samba shares to a netapp filer?
LO Al 31/01/13 16:09, En/na John P Arends ha escrit: If I were you I'd connect to both shares using a Windows machine and run robocopy to copy all the permissions. LO I thought about that but I'd prefer a Linux solution (if possible). If you want the least hassle and all the permissions etc, than Robocopy is your friend. But if you'd like a bunch of drama getting the permissions back right, then I'm sure RSync will do ya. :) Seriously though. Perhaps someone else has a better answer - but I've done this before, and always the best and easiest way always comes back to robocopy. [Perhaps I've led too sheltered a life, but hey, it works and there's no real reason not to use it, IMO.] -Greg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] migrating samba shares to a netapp filer?
I agree completely. robocopy is the best solution here. Why try to make your life more complicated? On Jan 31, 2013, at 10:29 AM, Wolfgang Ratzka rat...@hrz.uni-marburg.de wrote: Am 31.01.2013 16:43, schrieb Luca Olivetti: Al 31/01/13 16:09, En/na John P Arends ha escrit: If I were you I'd connect to both shares using a Windows machine and run robocopy to copy all the permissions. I thought about that but I'd prefer a Linux solution (if possible). There is a lack of standardization in ACLs on the Linux/Unix side (fine grained ACLs beyound User/Group/World). AFAIK XFS does have Posix ACLs (which never left draft status) and NetApp might be able to do NFSv4 ACLs on volumes with NTFS security exported via NFSv4 (not sure about that). If your ACLs follow a simple pattern (user and group directories with fairly uniform access rights) you might just recreate the ACLs from scratch, otherwise robocopy does a fairly good job in translating the ACLs. Kind Regards Wolfgang Ratzka -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] migrating samba shares to a netapp filer?
Al 31/01/13 18:22, En/na John P Arends ha escrit: I agree completely. robocopy is the best solution here. Why try to make your life more complicated? Because I'm not familiar with windows as a server and robocopy, and I see it difficult to use it afterwards for backups. Also, I have some scripts currently running on the samba server to create directories with a specified set of permissions. Once the share is on the filer, I could use cifsmount, but then I'll have the same problem with permissions that I have now. OTOH if I use unix security on the filer, I can nfs mount the filer with no need to modify the scripts. Anyway, if I use robocopy, with which credentials should I connect the existing shares in order to have access to every file? On Jan 31, 2013, at 10:29 AM, Wolfgang Ratzka rat...@hrz.uni-marburg.de wrote: AFAIK XFS does have Posix ACLs (which never left draft status) but samba can use it to show ACLs on the windows side. Even with only the basic permissions samba does a good job in showing the permissions under windows. Netapp OTOH and NetApp might be able to do NFSv4 ACLs on volumes with NTFS security exported via NFSv4 (not sure about that). Nope, I tried it and it doesn't work (and it is documented that it isn't supposed to work). You can only manipulate permissions via nfs (be it v3 or v4) if the security is unix. After many years of using samba I find this limitation shocking to say the least. If your ACLs follow a simple pattern (user and group directories with fairly uniform access rights) you might just recreate the ACLs from scratch, otherwise robocopy does a fairly good job in translating the ACLs. Actually most of the access control is based on unix permissions, only a handful of directories have ACLs, so I think I could live with unix style security on the filer, but I fear that it will cause me another set of problems in the future. Bye -- Luca Olivetti Wetron Automation Technology http://www.wetron.es Tel. +34 935883004 Fax +34 935883007 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Migrating Samba 3.5.6 PDC + OpenLDAP to Samba4
Hi, recently I start to test Samba4, it works great. I want to migrate the user data stored in my current LDAP directory. My setup is Samba 3.5.6 PDC + OpenLDAP. There is any way that i can migrate the current accounts and passwords to samba4? any script or utility? Thanks for your help German Molano -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Migrating Samba-3 to a New Server
Reading from Replacing a Domain Controller - http://www.samba.org/samba/docs/man/Samba-Guide/upgrades.html#id2600749 I am seeking confirmation that this is possible without needing to manually create all user accounts and samba user accounts. Server 1 uses Slackware64 ver. 13.0 with Samba ver. 3.2.xx. New server (Server 2) will use Slackware64 current with Samba ver. 3.5.6. I will not be making and configuration changes the smb.conf. I plan on giving Server 2 the same host name, netbios name, and static ip address as Server 1. Is the migration truly as straightforward as copying the following from Server 1 to Server 2: /etc/passwd /etc/shadow /etc/group smb.conf secrets.tdb passdb.tdb Server 1 does use tdbsam. Thank you for your guidance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Migrating samba domain to new computer.
Got it fixed the problem was with ldap. Have 7 production ldap servers with a lot of data for many services. slapd.conf is about 400 lines. Actually it's a bunch of include files. My mistake was to use my customized slapd from our kolab server. Much to my suprise it wasn't that acls that got me but some of the extra server stuff to make kolab work. John On Monday 30 August 2010 02:57:26 pm John McMonagle wrote: Thanks Gaiseric Making progress but still messed up :-( Turned up error messages in samba and getting some error message such as: _samr_SetUserInfo2: root does possess sufficient rights Odd as the I'm not using root. My administrator account is administrator not root. Set up over 4 years ago and the populate script created account like this: dn: uid=administrator,ou=People,dc=advocap,dc=org objectClass: posixAccount objectClass: shadowAccount objectClass: inetOrgPerson objectClass: sambaSamAccount cn: administrator uid: administrator gidNumber: 512 homeDirectory: /root givenName: Windows sn: Administrator gecos: Windows Administrator description: Windows Administrator shadowMin: 1 shadowWarning: 10 shadowInactive: 10 shadowLastChange: 12726 displayName: Windows Administrator sambaHomeDrive: U: sambaDomainName: ADVOCAP creatorsName: cn=Manager,dc=advocap,dc=org createTimestamp: 20041104200736Z loginShell: /bin/bash sambaLMPassword: xx sambaPwdLastSet: 1102083012 sambaNTPassword: xx userPassword:: xx shadowMax: 9 shadowExpire: 22278 sambaPwdCanChange: 1072850418 sambaPwdMustChange: 1922119808 sambaAcctFlags: [UX ] uidNumber: 0 structuralObjectClass: inetOrgPerson entryUUID: 5673eb48-e80e-1029-9225-dc2725e62f91 sambaPrimaryGroupSID: S-1-5-21-3708734655-3086812103-629500990-512 sambaSID: S-1-5-21-3708734655-3086812103-629500990-20998 entryCSN: 20100827183656.00Z#00#000#00 I just ran smbldap-populate and it created: dn: uid=root,ou=People,dc=advocap,dc=org cn: root sn: root objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: sambaSAMAccount objectClass: posixAccount objectClass: shadowAccount gidNumber: 0 uid: root uidNumber: 0 homeDirectory: /home/root sambaPwdLastSet: 0 sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 sambaHomeDrive: U: sambaPrimaryGroupSID: S-1-5-21-3708734655-3086812103-629500990-512 sambaLMPassword: XXX sambaNTPassword: XXX sambaAcctFlags: [U ] sambaSID: S-1-5-21-3708734655-3086812103-629500990-500 loginShell: /bin/false gecos: Netbios Domain Administrator I have read some comments from people saying to have the administrator account to be named root. Has smldap-tools or samba been changed to require the administrator to have uid of root? On Monday 30 August 2010 07:54:55 am Gaiseric Vandal wrote: The localsid on a DC should be the domain sid.You should be able to fix this with net setlocalsid command. Generally in Windows you want to assign permissions and rights to a group rather than directly to a user.As long as your Administrator account is in the Domain Admins group and that group has a sid of *-512 you should be OK.I don't think Samba automatically adds any rights or permissions to the Administrator user. I had explicitly added some rights to my Administrator account after upgrading to Samba 3.4.8 when trying to fix some other issue- it may not have been necessary though. # net rpc rights list Administrator -S myserver -U Administrator Enter Administrator's password: SeMachineAccountPrivilege SeAddUsersPrivilege I am pretty sure if you run gpedit on a windows machine and look at rights you will see that the rights are assigned to the Administrator group not the domain administrator. On 08/27/2010 02:56 PM, John McMonagle wrote: How about some more specific problems. noticed that there is no localsid. net getlocalsid [2010/08/27 13:48:15, 0] utils/net.c:net_getlocalsid(708) Can't fetch domain SID for name: OSHKOSH I have seen mention that the localsid should be the same as the domainsid when using ldap. Is that true? Seen comments that the user sid for the administrator must end with -500. Is that true? Mine is not. it will be painfull to change but I can deal with it. Thanks John On Thursday 26 August 2010 02:44:51 pm John McMonagle wrote: Should have read this first: http://samba.org/samba/docs/man/Samba-Guide/upgrades.html#id2600749 Problem is I did it the wrong way on a few production systems. Odds are this is the second time I did it wrong. Running Debian Lenny using smbldap. It mostly works. Existing members of the domain are working OK. The first thing that got my attention is was not able to join a new xp workstation to the domain. Also
Re: [Samba] Migrating samba domain to new computer.
The localsid on a DC should be the domain sid.You should be able to fix this with net setlocalsid command. Generally in Windows you want to assign permissions and rights to a group rather than directly to a user.As long as your Administrator account is in the Domain Admins group and that group has a sid of *-512 you should be OK.I don't think Samba automatically adds any rights or permissions to the Administrator user. I had explicitly added some rights to my Administrator account after upgrading to Samba 3.4.8 when trying to fix some other issue- it may not have been necessary though. # net rpc rights list Administrator -S myserver -U Administrator Enter Administrator's password: SeMachineAccountPrivilege SeAddUsersPrivilege I am pretty sure if you run gpedit on a windows machine and look at rights you will see that the rights are assigned to the Administrator group not the domain administrator. On 08/27/2010 02:56 PM, John McMonagle wrote: How about some more specific problems. noticed that there is no localsid. net getlocalsid [2010/08/27 13:48:15, 0] utils/net.c:net_getlocalsid(708) Can't fetch domain SID for name: OSHKOSH I have seen mention that the localsid should be the same as the domainsid when using ldap. Is that true? Seen comments that the user sid for the administrator must end with -500. Is that true? Mine is not. it will be painfull to change but I can deal with it. Thanks John On Thursday 26 August 2010 02:44:51 pm John McMonagle wrote: Should have read this first: http://samba.org/samba/docs/man/Samba-Guide/upgrades.html#id2600749 Problem is I did it the wrong way on a few production systems. Odds are this is the second time I did it wrong. Running Debian Lenny using smbldap. It mostly works. Existing members of the domain are working OK. The first thing that got my attention is was not able to join a new xp workstation to the domain. Also noticed that the server is not a member of the domain. net rpc testjoin [2010/08/26 14:20:26, 0] rpc_client/cli_pipe.c:get_schannel_session_key_common(2449) get_schannel_session_key: could not fetch trust account password for domain 'ADVOCAP' [2010/08/26 14:20:26, 0] utils/net_rpc_join.c:net_rpc_join_ok(87) net_rpc_join_ok: failed to get schannel session key from server FONDY for domain ADVOCAP. Error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO Join to domain 'ADVOCAP' is not valid: NT_STATUS_CANT_ACCESS_DOMAIN_INFO Can not join domain: net join -U administrator Enter administrator's password: [2010/08/26 14:25:48, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(349) error setting trust account password: NT_STATUS_ACCESS_DENIED tdbdump secrets.tdb does not show any entry for the server Looked at one of the old servers secrets.tdb and it did not have and entry for that server either. Any suggestions on the best way to fix this? John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Migrating samba domain to new computer.
Thanks Gaiseric Making progress but still messed up :-( Turned up error messages in samba and getting some error message such as: _samr_SetUserInfo2: root does possess sufficient rights Odd as the I'm not using root. My administrator account is administrator not root. Set up over 4 years ago and the populate script created account like this: dn: uid=administrator,ou=People,dc=advocap,dc=org objectClass: posixAccount objectClass: shadowAccount objectClass: inetOrgPerson objectClass: sambaSamAccount cn: administrator uid: administrator gidNumber: 512 homeDirectory: /root givenName: Windows sn: Administrator gecos: Windows Administrator description: Windows Administrator shadowMin: 1 shadowWarning: 10 shadowInactive: 10 shadowLastChange: 12726 displayName: Windows Administrator sambaHomeDrive: U: sambaDomainName: ADVOCAP creatorsName: cn=Manager,dc=advocap,dc=org createTimestamp: 20041104200736Z loginShell: /bin/bash sambaLMPassword: xx sambaPwdLastSet: 1102083012 sambaNTPassword: xx userPassword:: xx shadowMax: 9 shadowExpire: 22278 sambaPwdCanChange: 1072850418 sambaPwdMustChange: 1922119808 sambaAcctFlags: [UX ] uidNumber: 0 structuralObjectClass: inetOrgPerson entryUUID: 5673eb48-e80e-1029-9225-dc2725e62f91 sambaPrimaryGroupSID: S-1-5-21-3708734655-3086812103-629500990-512 sambaSID: S-1-5-21-3708734655-3086812103-629500990-20998 entryCSN: 20100827183656.00Z#00#000#00 I just ran smbldap-populate and it created: dn: uid=root,ou=People,dc=advocap,dc=org cn: root sn: root objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: sambaSAMAccount objectClass: posixAccount objectClass: shadowAccount gidNumber: 0 uid: root uidNumber: 0 homeDirectory: /home/root sambaPwdLastSet: 0 sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 sambaHomeDrive: U: sambaPrimaryGroupSID: S-1-5-21-3708734655-3086812103-629500990-512 sambaLMPassword: XXX sambaNTPassword: XXX sambaAcctFlags: [U ] sambaSID: S-1-5-21-3708734655-3086812103-629500990-500 loginShell: /bin/false gecos: Netbios Domain Administrator I have read some comments from people saying to have the administrator account to be named root. Has smldap-tools or samba been changed to require the administrator to have uid of root? On Monday 30 August 2010 07:54:55 am Gaiseric Vandal wrote: The localsid on a DC should be the domain sid.You should be able to fix this with net setlocalsid command. Generally in Windows you want to assign permissions and rights to a group rather than directly to a user.As long as your Administrator account is in the Domain Admins group and that group has a sid of *-512 you should be OK.I don't think Samba automatically adds any rights or permissions to the Administrator user. I had explicitly added some rights to my Administrator account after upgrading to Samba 3.4.8 when trying to fix some other issue- it may not have been necessary though. # net rpc rights list Administrator -S myserver -U Administrator Enter Administrator's password: SeMachineAccountPrivilege SeAddUsersPrivilege I am pretty sure if you run gpedit on a windows machine and look at rights you will see that the rights are assigned to the Administrator group not the domain administrator. On 08/27/2010 02:56 PM, John McMonagle wrote: How about some more specific problems. noticed that there is no localsid. net getlocalsid [2010/08/27 13:48:15, 0] utils/net.c:net_getlocalsid(708) Can't fetch domain SID for name: OSHKOSH I have seen mention that the localsid should be the same as the domainsid when using ldap. Is that true? Seen comments that the user sid for the administrator must end with -500. Is that true? Mine is not. it will be painfull to change but I can deal with it. Thanks John On Thursday 26 August 2010 02:44:51 pm John McMonagle wrote: Should have read this first: http://samba.org/samba/docs/man/Samba-Guide/upgrades.html#id2600749 Problem is I did it the wrong way on a few production systems. Odds are this is the second time I did it wrong. Running Debian Lenny using smbldap. It mostly works. Existing members of the domain are working OK. The first thing that got my attention is was not able to join a new xp workstation to the domain. Also noticed that the server is not a member of the domain. net rpc testjoin [2010/08/26 14:20:26, 0] rpc_client/cli_pipe.c:get_schannel_session_key_common(2449) get_schannel_session_key: could not fetch trust account password for domain 'ADVOCAP' [2010/08/26 14:20:26, 0] utils/net_rpc_join.c:net_rpc_join_ok(87) net_rpc_join_ok: failed to get schannel session key from server FONDY for domain ADVOCAP. Error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO Join to domain 'ADVOCAP' is not valid: NT_STATUS_CANT_ACCESS_DOMAIN_INFO Can not
Re: [Samba] Migrating samba domain to new computer.
I didn't use smldap-tools. But I think you have to configure them with the appropriate ldap user credentials- which is typically NOT root. Although it looks like ldap perms are not the issue since stuff is being created. So you have both a root and administrator account in /etc/passwd? Do you have all the unix users in /etc/passwd on the new machine (or are you using NIS or LDAP for a common unix account backend?) I suspect that you may need to use pdbedit or smbpasswd to manually create the Administrator samba account on the new machine. On 08/30/2010 03:57 PM, John McMonagle wrote: Thanks Gaiseric Making progress but still messed up :-( Turned up error messages in samba and getting some error message such as: _samr_SetUserInfo2: root does possess sufficient rights Odd as the I'm not using root. My administrator account is administrator not root. Set up over 4 years ago and the populate script created account like this: dn: uid=administrator,ou=People,dc=advocap,dc=org objectClass: posixAccount objectClass: shadowAccount objectClass: inetOrgPerson objectClass: sambaSamAccount cn: administrator uid: administrator gidNumber: 512 homeDirectory: /root givenName: Windows sn: Administrator gecos: Windows Administrator description: Windows Administrator shadowMin: 1 shadowWarning: 10 shadowInactive: 10 shadowLastChange: 12726 displayName: Windows Administrator sambaHomeDrive: U: sambaDomainName: ADVOCAP creatorsName: cn=Manager,dc=advocap,dc=org createTimestamp: 20041104200736Z loginShell: /bin/bash sambaLMPassword: xx sambaPwdLastSet: 1102083012 sambaNTPassword: xx userPassword:: xx shadowMax: 9 shadowExpire: 22278 sambaPwdCanChange: 1072850418 sambaPwdMustChange: 1922119808 sambaAcctFlags: [UX ] uidNumber: 0 structuralObjectClass: inetOrgPerson entryUUID: 5673eb48-e80e-1029-9225-dc2725e62f91 sambaPrimaryGroupSID: S-1-5-21-3708734655-3086812103-629500990-512 sambaSID: S-1-5-21-3708734655-3086812103-629500990-20998 entryCSN: 20100827183656.00Z#00#000#00 I just ran smbldap-populate and it created: dn: uid=root,ou=People,dc=advocap,dc=org cn: root sn: root objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: sambaSAMAccount objectClass: posixAccount objectClass: shadowAccount gidNumber: 0 uid: root uidNumber: 0 homeDirectory: /home/root sambaPwdLastSet: 0 sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 sambaHomeDrive: U: sambaPrimaryGroupSID: S-1-5-21-3708734655-3086812103-629500990-512 sambaLMPassword: XXX sambaNTPassword: XXX sambaAcctFlags: [U ] sambaSID: S-1-5-21-3708734655-3086812103-629500990-500 loginShell: /bin/false gecos: Netbios Domain Administrator I have read some comments from people saying to have the administrator account to be named root. Has smldap-tools or samba been changed to require the administrator to have uid of root? On Monday 30 August 2010 07:54:55 am Gaiseric Vandal wrote: The localsid on a DC should be the domain sid.You should be able to fix this with net setlocalsid command. Generally in Windows you want to assign permissions and rights to a group rather than directly to a user.As long as your Administrator account is in the Domain Admins group and that group has a sid of *-512 you should be OK.I don't think Samba automatically adds any rights or permissions to the Administrator user. I had explicitly added some rights to my Administrator account after upgrading to Samba 3.4.8 when trying to fix some other issue- it may not have been necessary though. # net rpc rights list Administrator -S myserver -U Administrator Enter Administrator's password: SeMachineAccountPrivilege SeAddUsersPrivilege I am pretty sure if you run gpedit on a windows machine and look at rights you will see that the rights are assigned to the Administrator group not the domain administrator. On 08/27/2010 02:56 PM, John McMonagle wrote: How about some more specific problems. noticed that there is no localsid. net getlocalsid [2010/08/27 13:48:15, 0] utils/net.c:net_getlocalsid(708) Can't fetch domain SID for name: OSHKOSH I have seen mention that the localsid should be the same as the domainsid when using ldap. Is that true? Seen comments that the user sid for the administrator must end with -500. Is that true? Mine is not. it will be painfull to change but I can deal with it. Thanks John On Thursday 26 August 2010 02:44:51 pm John McMonagle wrote: Should have read this first: http://samba.org/samba/docs/man/Samba-Guide/upgrades.html#id2600749 Problem is I did it the wrong way on a few production systems. Odds are this is the second time I did it wrong. Running Debian Lenny using smbldap. It mostly works. Existing members of the domain are working OK. The first thing that got my attention is was not able to join a new xp workstation to the domain.
Re: [Samba] Migrating samba domain to new computer.
How about some more specific problems. noticed that there is no localsid. net getlocalsid [2010/08/27 13:48:15, 0] utils/net.c:net_getlocalsid(708) Can't fetch domain SID for name: OSHKOSH I have seen mention that the localsid should be the same as the domainsid when using ldap. Is that true? Seen comments that the user sid for the administrator must end with -500. Is that true? Mine is not. it will be painfull to change but I can deal with it. Thanks John On Thursday 26 August 2010 02:44:51 pm John McMonagle wrote: Should have read this first: http://samba.org/samba/docs/man/Samba-Guide/upgrades.html#id2600749 Problem is I did it the wrong way on a few production systems. Odds are this is the second time I did it wrong. Running Debian Lenny using smbldap. It mostly works. Existing members of the domain are working OK. The first thing that got my attention is was not able to join a new xp workstation to the domain. Also noticed that the server is not a member of the domain. net rpc testjoin [2010/08/26 14:20:26, 0] rpc_client/cli_pipe.c:get_schannel_session_key_common(2449) get_schannel_session_key: could not fetch trust account password for domain 'ADVOCAP' [2010/08/26 14:20:26, 0] utils/net_rpc_join.c:net_rpc_join_ok(87) net_rpc_join_ok: failed to get schannel session key from server FONDY for domain ADVOCAP. Error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO Join to domain 'ADVOCAP' is not valid: NT_STATUS_CANT_ACCESS_DOMAIN_INFO Can not join domain: net join -U administrator Enter administrator's password: [2010/08/26 14:25:48, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(349) error setting trust account password: NT_STATUS_ACCESS_DENIED tdbdump secrets.tdb does not show any entry for the server Looked at one of the old servers secrets.tdb and it did not have and entry for that server either. Any suggestions on the best way to fix this? John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Migrating samba domain to new computer.
Should have read this first: http://samba.org/samba/docs/man/Samba-Guide/upgrades.html#id2600749 Problem is I did it the wrong way on a few production systems. Odds are this is the second time I did it wrong. Running Debian Lenny using smbldap. It mostly works. Existing members of the domain are working OK. The first thing that got my attention is was not able to join a new xp workstation to the domain. Also noticed that the server is not a member of the domain. net rpc testjoin [2010/08/26 14:20:26, 0] rpc_client/cli_pipe.c:get_schannel_session_key_common(2449) get_schannel_session_key: could not fetch trust account password for domain 'ADVOCAP' [2010/08/26 14:20:26, 0] utils/net_rpc_join.c:net_rpc_join_ok(87) net_rpc_join_ok: failed to get schannel session key from server FONDY for domain ADVOCAP. Error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO Join to domain 'ADVOCAP' is not valid: NT_STATUS_CANT_ACCESS_DOMAIN_INFO Can not join domain: net join -U administrator Enter administrator's password: [2010/08/26 14:25:48, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(349) error setting trust account password: NT_STATUS_ACCESS_DENIED tdbdump secrets.tdb does not show any entry for the server Looked at one of the old servers secrets.tdb and it did not have and entry for that server either. Any suggestions on the best way to fix this? John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] migrating Samba PDC to a new server
Squeezer99 wrote: it should work ok. make sure to run net getlocalsid and net getdomainsid and write them down and on the new server do net setlocalsid and net setdomainsid if they are different. Thanks! - -- Kent Tong Wicket tutorials freely available at http://www.agileskills2.org/EWDW Axis2 tutorials freely available at http://www.agileskills2.org/DWSAA -- View this message in context: http://www.nabble.com/migrating-Samba-PDC-to-a-new-server-tp22861046p22900728.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] migrating Samba PDC to a new server
it should work ok. make sure to run net getlocalsid and net getdomainsid and write them down and on the new server do net setlocalsid and net setdomainsid if they are different. Kent Tong wrote: Hi, I'd like to migrate Samba 3.0.24-6etch10 PDC running on a Debian server to a new Ubuntu server. I plan to install Samba 3.0.28a-1ubuntu4.4 on the new server and then copy the files in /etc/samba and /var/lib/samba and copy the related Linux users in /etc/passwd and /etc/shadow. Will it work? Thanks in advance! - -- Kent Tong Wicket tutorials freely available at http://www.agileskills2.org/EWDW Axis2 tutorials freely available at http://www.agileskills2.org/DWSAA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] migrating Samba PDC to a new server
Hi, I'd like to migrate Samba 3.0.24-6etch10 PDC running on a Debian server to a new Ubuntu server. I plan to install Samba 3.0.28a-1ubuntu4.4 on the new server and then copy the files in /etc/samba and /var/lib/samba and copy the related Linux users in /etc/passwd and /etc/shadow. Will it work? Thanks in advance! - -- Kent Tong Wicket tutorials freely available at http://www.agileskills2.org/EWDW Axis2 tutorials freely available at http://www.agileskills2.org/DWSAA -- View this message in context: http://www.nabble.com/migrating-Samba-PDC-to-a-new-server-tp22861046p22861046.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Migrating Samba PDC from one server to another
Hi All, I'm in the need to migrate a PDC based on samba 3 with TDB backend (on a Fedora 8 Box) onto a new server (based on Ubuntu server 8.10). Il call them OLD and NEW from now on. I've tried to install the new server with LDAP module for authentication (following the documents found on ubuntu site) and I manage migrate the users and machine accounts with PDBEDIT command but I still got a lot of problems. (OLD is now used only as file server) A lot of users can login only on their own XP client while are rejected by others workstations. Newly created users are rejected by workstations. I'm planning to revert to use OLD as PDC and try to reconfigure samba on NEW. I think that I missed some vital steps regarding this migration. I'm not sure about how do I have to configure the SID for the new server. I'm going to perform the following steps: -configure again OLD as PDC ans NEW as file server -verify that users can login on workstation and authenticate on network -join NEW as member server on OLD domain via net rpc command -verify that users can access shares on NEW -migrate the users on NEW with net rpc vampire command -configure NEW as BDC -stop samba on OLD and check everything Is this a clean way to proceed ? is there a simpler way to migrate the configurations/users/machine accounts? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Migrating Samba PDC from one server to another
Is this a clean way to proceed ? is there a simpler way to migrate the configurations/users/machine accounts? You probably just missed setting the SID; make sure net getlocalsid returns the same thing on the new PDC as it did on the old PDC (use net setlocalsid). I believe the local and domain SID on a PDC are always the same. [r...@littleboy openldap]# net getdomainsid SID for local machine BARBEL is: S-1-5-21-2037442776-3290224752-88127236 SID for domain BACKBONE is: S-1-5-21-2037442776-3290224752-88127236 [r...@littleboy openldap]# -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] migrating samba files, preserving permissions
Hi, Is there a way to migrate the files and shares and preserve the AD group permissions? scp retains the modification time and such, but not the AD group information. --sharif -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] migrating samba files, preserving permissions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 sharif islam wrote: Hi, Is there a way to migrate the files and shares and preserve the AD group permissions? scp retains the modification time and such, but not the AD group information. xcopy /o or robocopy.exe cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGgUh0IR7qMdg1EfYRArJCAJ9nN1asVmtR9WzYozwGG8EXGioe3wCg6Zc7 +81fZAau+GFV90lT7e3F0og= =eEkO -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] migrating samba files, preserving permissions
Is there a way to migrate the files and shares and preserve the AD group permissions? scp retains the modification time and such, but not the AD group information. Your question is too vague to give a solid answer, but, just backup and restore with a tool (NOT ssh, tar, etc...) that supports EA. If your source filesystem is a Samba system then using star in exustar mode should work. If you are coming from a real Windows box then you probably need to backup and restore with a Windows utility. -- Adam Tauno Williams, Network Systems Administrator Consultant - http://www.whitemiceconsulting.com Developer - http://www.opengroupware.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] migrating samba files, preserving permissions
On 6/26/07, Adam Tauno Williams [EMAIL PROTECTED] wrote: Is there a way to migrate the files and shares and preserve the AD group permissions? scp retains the modification time and such, but not the AD group information. Your question is too vague to give a solid answer, but, just backup and restore with a tool (NOT ssh, tar, etc...) that supports EA. If your source filesystem is a Samba system then using star in exustar mode should work. If you are coming from a real Windows box then you probably need to backup and restore with a Windows utility. Sorry for not being clear. Here's more information. We are moving the samba server to a different linux machine, but authenticating against the same Active Directory. In the conf file, we have idmap uid = 1-60. For instance, my uid is 10001 in the old machine. However, in the new machine, it is, lets say 10004. How would I make sure that the new uid/gid is mapping to the same windows sid? I saw a tool called tdbdump. If I copy the winbind cache from the old machine and use it in the new machine, will that keep the same mapping? --sharif -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Migrating Samba # domain Controller from FreeBSD to MetBSD
HI, I am Running a Samba Domain Controller for Windows Clients on FreeBSD 6.2 I wan to migrate it to netBSD 3.1 What are the steps that I should take that the users can login to the domain and all things to remain transparent after the migration have take place? Thankyou so much Kind Regards Siju -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Migrating samba 3.0 from 32-bit to 64-bit (with ldap). What's with the tdb-files?
Hi all, we want to migrate our samba-data from 32-bit to 64-bit environment. We use LDAP as passdb. In our LDAP-Directory (OpenLDAP) we store users, groups, computers. The LDAP-Directory is already running on the new 64-bit server. smbd and nmbd were started. The login works. What we have to do with the tdb-files??? Which *tdb-files must we migrate to the new environment??? Thanks. _ Der WEB.DE SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! http://smartsurfer.web.de/?mc=100071distributionid=0066 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Migrating samba 3.0 from 32-bit to 64-bit (with ldap). What's with the tdb-files?
we want to migrate our samba-data from 32-bit to 64-bit environment. We use LDAP as passdb. In our LDAP-Directory (OpenLDAP) we store users, groups, computers. The LDAP-Directory is already running on the new 64-bit server. smbd and nmbd were started. The login works. What we have to do with the tdb-files??? Nothing since you are using ldap security. Which *tdb-files must we migrate to the new environment??? None. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] migrating samba PDC from one computer to another
Thanks after some reading I found a solution and am testing in a closed environment atm, my next question would be, Once this is done - and the Samba PDC is another host, what kind of impact will this have on clients? Thanks Wm William Reid wrote: Hi everyone, I'm planning on moving out old Samba PDC from its old hardware to a completely new system. the old system will still be running with no changes except samba... What files should I worry about moving besides the passwd and smbpasswd files? Do I need to worry about the secrets.tdb file or any of the contents in /var/cache/samba ? Thanks Wm -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] migrating samba PDC from one computer to another
Hi everyone, I'm planning on moving out old Samba PDC from its old hardware to a completely new system. the old system will still be running with no changes except samba... What files should I worry about moving besides the passwd and smbpasswd files? Do I need to worry about the secrets.tdb file or any of the contents in /var/cache/samba ? Thanks Wm -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Migrating samba 2.x PDC to new machine and samba 3.x PDC
I'm trying to migrate from an older samba 2.x PDC machine into a new machine that has samba 3.x and also uses an LDAP backend. I've heavily used the IDEALX.org website and documentation to get the vast majority of the work accomplished and working. I had to modify some scripts that were referenced there for migrating posix accounts over to LDAP so that they could also handle migrating the smbpasswd file as well. My users work beautifully. However, the machine accounts are giving me fits. My guess is that the sambaNTPassword entry is getting in the way of success. What I really need to be able to do is turn off the old PDC machine, turn on the new one, and have everyone reboot their machines and log back into the new domain (same domain name as before). Well, whenever I have run a trial run of this, I get the error that either my password is incorrect or my machine doesn't have an account on the domain. If I re-join the domain through windows, it works just fine. However, I noticed that my sambaNTPassword hash is different than what it was for the same machine account on the old PDC. I'm not certain how this hash is generated for machine accounts. Assuming that the server hostname had some role in this, I changed the new PDC to have the same hostname as the old PDC. Now, I do get a different sambaNTPassword hash if I add my machine to the new domain through windows, but it still does not match the original hash from the old PDC. Since the old PDC is samba 2.x, I can't use net rpc vampire to migrate the accounts over. Does anyone have any idea what other thing(s) I can change to get the hash to produce the same way on both servers? I believe this to be my last hurdle in what should be a very nice improvement to our LAN. TIA -- Greg Goodrich Development Manager MediNotes Corporation 1025 Ashworth Road, Suite 222 West Des Moines, IA 50265 Phone: 877.633.6683 ext. 251 http://www.medinotes.com Charting Plus - The Best EHR Value on the Market! www.medinotes.com http://www.medinotes.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] migrating samba 2.2.8a PDC to 3.0.12 SID problem
Have you followed the guidance in the Samba Update section (chapter 8) of the book Samba-3 by Example? Your copy is waiting for you at: http://www.samba.org/samba/docs/Samba3-ByExample.pdf I'd like to know of any shortcomings or deficiencies in this chapter. ok, thanks, the problem was the field sambasid in LDAP. Now, when i try to run de new samba 3 i get this errors: [...] [2005/07/07 18:12:43, 0] rpc_server/srv_netlog_nt.c:get_md4pw(261) get_md4pw: Workstation CAS001$: no account in domain [2005/07/07 18:12:44, 0] rpc_server/srv_netlog_nt.c:get_md4pw(261) get_md4pw: Workstation CAS001$: no account in domain [2005/07/07 18:12:47, 1] lib/util_sock.c:get_peer_name(1109) Gethostbyaddr failed for 192.168.130.27 [2005/07/07 18:12:59, 1] lib/util_sock.c:get_peer_name(1109) Gethostbyaddr failed for 192.168.123.27 [2005/07/07 18:13:00, 1] lib/util_sock.c:get_peer_name(1109) Gethostbyaddr failed for 192.168.123.27 [2005/07/07 18:13:30, 0] smbd/server.c:main(798) smbd version 3.0.12-5-SUSE started. passdb/pdb_ldap.c:ldapsam_search_one_group(1971) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2005/07/07 18:13:30, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1971) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2005/07/07 18:13:31, 1] lib/util_sock.c:get_peer_name(1109) [...] samba not found the computers. samba ldapsearch -x uid=cas001 # extended LDIF # # LDAPv3 # base with scope sub # filter: uid=cas001$ # requesting: ALL # # cas001$, maquinaspdc, raiz dn: uid=cas001$,ou=maquinaspdc,o=raiz sn: cas001$ uidNumber: 1404 gidNumber: 553 homeDirectory: /dev/null loginShell: /bin/false objectClass: inetOrgPerson objectClass: posixAccount objectClass: sambaSamAccount uid: CAS001$ displayName: NUEVOPC$ [...] what is the problem? thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] migrating samba 2.2.8a PDC to 3.0.12 SID problem
hi, i'm trying to migrate my samba 2.2.8a pdc to 3.0.12 pdc. I'm using ldap and i have already migrated all the data. Also i have executed convertSambaAccount for the new schema. My problem is that I cannot set the old SID (samba 2.2.8) to the new samba 3.0.12 for that the clients can authentificate to pdc server. samba2.2.8 smbpasswd -S LDAP Successfully set domain SID to S-1-5-21-3984604316-2900431957-2958281145 samba3.0.12 net getlocalsid SID for domain LDAP is: S-1-5-21-1591861398-1194458383-959792778 samba3.0.12 net setlocalsid S-1-5-21-3984604316-2900431957-2958281145 samba3.0.12 net getlocalsid SID for domain LDAP is: S-1-5-21-1591861398-1194458383-959792778 why? the new SID does not keep The smb.conf is the same, and i also run the command smbpasswd -w My smb.conf (3.0.12): workgroup = LDAP server string = LDAP SERVER os level = 128 time server = Yes unix extensions = Yes encrypt passwords = Yes add user script = /etc/samba/idealx/smbldap-useradd -m %u add machine script = /etc/samba/idealx/smbldap-useradd -w %u add group script = /etc/samba/idealx/smbldap-groupadd -p %g add user to group script = /etc/samba/idealx/smbldap-groupmod -m %u %g delete user from group script = /etc/samba/idealx/smbldap-groupmod -x %u %g set primary group script = /etc/samba/idealx/smbldap-usermod -g %g %u username map = /etc/samba/smbusers map to guest = Bad User include = /etc/samba/dhcp.conf logon path = \\%L\profiles\.msprofile logon home = \\%L\%U\.9xprofile logon drive = P: ;LDAP passdb backend = ldapsam:ldap://127.0.0.1; ldap suffix = o=myroot ldap admin dn = cn=Manager, o=myroot ldap ssl = No hosts allow = 192.168. 127. localhost local master = yes preferred master = yes domain master = yes domain logons = yes [...] thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] migrating samba 2.2.8a PDC to 3.0.12 SID problem
On Thursday 07 July 2005 08:43, aux wrote: hi, i'm trying to migrate my samba 2.2.8a pdc to 3.0.12 pdc. I'm using ldap and i have already migrated all the data. Also i have executed convertSambaAccount for the new schema. Have you followed the guidance in the Samba Update section (chapter 8) of the book Samba-3 by Example? Your copy is waiting for you at: http://www.samba.org/samba/docs/Samba3-ByExample.pdf I'd like to know of any shortcomings or deficiencies in this chapter. Thanks. - John T. My problem is that I cannot set the old SID (samba 2.2.8) to the new samba 3.0.12 for that the clients can authentificate to pdc server. samba2.2.8 smbpasswd -S LDAP Successfully set domain SID to S-1-5-21-3984604316-2900431957-2958281145 samba3.0.12 net getlocalsid SID for domain LDAP is: S-1-5-21-1591861398-1194458383-959792778 samba3.0.12 net setlocalsid S-1-5-21-3984604316-2900431957-2958281145 samba3.0.12 net getlocalsid SID for domain LDAP is: S-1-5-21-1591861398-1194458383-959792778 why? the new SID does not keep The smb.conf is the same, and i also run the command smbpasswd -w My smb.conf (3.0.12): workgroup = LDAP server string = LDAP SERVER os level = 128 time server = Yes unix extensions = Yes encrypt passwords = Yes add user script = /etc/samba/idealx/smbldap-useradd -m %u add machine script = /etc/samba/idealx/smbldap-useradd -w %u add group script = /etc/samba/idealx/smbldap-groupadd -p %g add user to group script = /etc/samba/idealx/smbldap-groupmod -m %u %g delete user from group script = /etc/samba/idealx/smbldap-groupmod -x %u %g set primary group script = /etc/samba/idealx/smbldap-usermod -g %g %u username map = /etc/samba/smbusers map to guest = Bad User include = /etc/samba/dhcp.conf logon path = \\%L\profiles\.msprofile logon home = \\%L\%U\.9xprofile logon drive = P: ;LDAP passdb backend = ldapsam:ldap://127.0.0.1; ldap suffix = o=myroot ldap admin dn = cn=Manager, o=myroot ldap ssl = No hosts allow = 192.168. 127. localhost local master = yes preferred master = yes domain master = yes domain logons = yes [...] thanks -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Migrating Samba
Dear all, for migrating Samba, I would like to install the latest Samba Server on a new server machine in parallel to the operational one. My questions: - Is there the risk of corrupting data if two machines work on the same (NFS-shared) data? - If so, what is the recommended way of upgrading/migrating samba? - If no, is there anything in particular I need to take care of? Thanks in advance for any help! Gruss, Lukas -- Lukas Ruf http://www.lpr.ch | Raw IP http://www.rawip.org | Style http://email.rawip.org | -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Migrating Samba and Users to another Fedora 3 box
Hi... I am planning on going from a 36-gig Raid-1 box to an 250-gig Raid-1 (ide) box. The current server is Fedora Core 3 and the new one will also be Fedora Core 3. This box is only used for Samba (file sharing and printer sharing). The system works great, I just need more space. So, could someone please help me out with moving user info and /home directory to the new box? Here are some of the things I am assuming I will need to keep me from recreating users and what not: /etc/passwd - for system users /etc/samba/smb.conf - my config /etc/samba/smbusers - samba user info /home - all user dirs and public shares are in here Is that it? Also, this might be the wrong place for this, but...I can't do a tar.gz of the home directory due to the fact that the drive is almost full. I need to make a tar.gz put | it to the new box via scp. I have seen it done before, can anyone point me in the right direction for a how-to? Thank you, aaron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Migrating Samba and Users to another Fedora 3 box
You will also need /etc/shadow for the shadow passwords. I would copy over /etc/passwd and /etc/shadow first so the user accounts are there. Then you can either use rsync (a variation of rsync -avz -e ssh --progress old_server_ip:/home /home may work on the new server) or you can go to /home and du -shc *|grep G and see who has the largest home dirs (you may need grep M instead of G) and then scp -arR /home/user new_Server_ip:/home and then chown -R username /home/username on the new server for a few of the largest home dirs, and then delete them from the old server to give you some space, and then tar -jcvf users.tar.bz2 /home/* and then scp it over to /home on the new server and extract it. Aaron Reimann wrote: Hi... I am planning on going from a 36-gig Raid-1 box to an 250-gig Raid-1 (ide) box. The current server is Fedora Core 3 and the new one will also be Fedora Core 3. This box is only used for Samba (file sharing and printer sharing). The system works great, I just need more space. So, could someone please help me out with moving user info and /home directory to the new box? Here are some of the things I am assuming I will need to keep me from recreating users and what not: /etc/passwd - for system users /etc/samba/smb.conf - my config /etc/samba/smbusers - samba user info /home - all user dirs and public shares are in here Is that it? Also, this might be the wrong place for this, but...I can't do a tar.gz of the home directory due to the fact that the drive is almost full. I need to make a tar.gz put | it to the new box via scp. I have seen it done before, can anyone point me in the right direction for a how-to? Thank you, aaron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Migrating Samba and Users to another Fedora 3 box
So, could someone please help me out with moving user info and /home directory to the new box? Here are some of the things I am assuming I will need to keep me from recreating users and what not: /etc/passwd - for system users /etc/samba/smb.conf - my config /etc/samba/smbusers - samba user info /home - all user dirs and public shares are in here Is that it? Are you running a domain? If so you'll want to grab most/all the .tdb files from the /var/lib/samba (I think) directory at a minimum. Also, this might be the wrong place for this, Just barely ;) but...I can't do a tar.gz of the home directory due to the fact that the drive is almost full. I need to make a tar.gz put | it to the new box via scp. I have seen it done before, can anyone point me in the right direction for a how-to? Well, tar will keep your permissions, so just doing a straight up scp is out. The easiest way *I* would do it would be using nfs and tar like so... I believe you would need to have your home directory(s) provisioned in such a way that you could export the parent over nfs. In my setup, I have /export/home and then user's home directories are automounted out of that, so if I were doing it, I would do the following: 1. Mount /export on the new box to like /mnt/tmp or something. 2. Move to the container on the new box that will hold the home dirs (would probably /export again in my world , but we'll call it /newExport for clarity) 3. Run this command from /newExport: tar -cf - -C /mnt/tmp home | tar -xvf - Now the explanation of that command: tar - we all know what that does -cf - create an archive on a named file, in this case the file is - - - special argument that is stdout (i believe) -C move to the named directory (/mnt/tmp) before doing anything. This gets rid of the /mnt/tmp that would be prepended to all the file paths in the archive if we were doing something like tar -cf somefilie.tar /mnt/tmp/home /mnt/tmp - dir to move to home - directory inside of /mnt/tmp to tar up | - pipe stdout (remember that - argument?) to the next command, tar tar - no explanation -xvf - extract, with verbose output the named file (-) - - file to extract, in this case it's stdin -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Migrating Samba and Users to another Fedora 3 box
Hmm your forgetting a few things.. sure you've got the usernames and all, what about the *.tdb files.!! best thing is to copy the entire samba dir as well (/usr/local/samba/*) and all posix user files, only passwd isn't enough, coz you'l lose your groups.. you didn't tell us if it's an pdc or not.. or how you're going to do the migration.. ect ect.. L8r COllen Aaron Reimann wrote: Hi... I am planning on going from a 36-gig Raid-1 box to an 250-gig Raid-1 (ide) box. The current server is Fedora Core 3 and the new one will also be Fedora Core 3. This box is only used for Samba (file sharing and printer sharing). The system works great, I just need more space. So, could someone please help me out with moving user info and /home directory to the new box? Here are some of the things I am assuming I will need to keep me from recreating users and what not: /etc/passwd - for system users /etc/samba/smb.conf - my config /etc/samba/smbusers - samba user info /home - all user dirs and public shares are in here Is that it? Also, this might be the wrong place for this, but...I can't do a tar.gz of the home directory due to the fact that the drive is almost full. I need to make a tar.gz put | it to the new box via scp. I have seen it done before, can anyone point me in the right direction for a how-to? Thank you, aaron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] migrating samba installation to another machine
Hi, when migrating a samba installation (PDC) to another machine, what files do I have to backup so that I don't have to rejoin the Domain with every single workstation on the network? Is that possible at all? Thanks for your help, Robert -- Robert Szentmihalyi, Entracom GmbH Enter and start communication. - http://www.entracom.de solidBITS - The Server On CD Solution - http://www.solidbits.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Migrating Samba PDC to new machine (with different name)
The machine we are currently using as our existing PDC is getting old and tired, so we have built a new machine and are attempting to migrate users across to the new machine. However, since there can only be one PDC on a network, this involves an all nighter moving users profiles across to the new machine and then cranking it up as the PDC. Everything appeared to go well until we started up the first bunch of machines using the new machine as the PDC and got the following Error Message. The system cannot log you on to the domain because the systems computer account in its primary domain is missing or the password on that account is incorrect After some research we found an article on the net about setting up a Samba BDC and so we did the smbpasswd -S domain_name to try and copy the domain's ID across to the new machines. However, this still yielded the same result when new machines started up on the new domain server. Has anyone successfully moved the PDC from one machine to another in the same domain? Can you give us some tips? Extra Info: - The new machine has different Unix IDs for the Machine and User accounts than the old one did. - The new machine now uses LDAP to store the Unix Usernames but we are still using PAM for samba to lookup the UserUIDs and are still using smbpasswd for storing Samba Usernames and Passwords. - The Unix UIDs are now a bit higher. User Accounts in LDAP start at about 1,000. - The machine accounts (blah$) are local (/etc/passwd) accounts and start at 10,000. - Once a win2k machine was was remove from the domain, machine account removed then readded to samba new_pdc and then win2k added back into domain, logins worked perfectly. Thanks in advance -- Michael Ingoldby Senior Systems Administrator Shazam Entertainment Ltd Adress :4th Floor Chesam House 136 Regent Street London W1B 5SX DDI :+44 (0)20 7851 9333 Email :[EMAIL PROTECTED] WebSite :www.shazam.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba