Re: [Samba] Please help: classicupgrade not importing users -- SOLVED
I finally found the solution. I was moving from a Gentoo system to Centos and the layout of the files is different under Gentoo. In the Gentoo layout, the default location for passdb.tdb, schannel_store.tdb and secrets.tdb is in /var/lib/samba/private . When I first tried to import, I had got an error message about secrets.tdb not being found, so I had made a link /var/lib/samba/secrets.tdb that pointed to /var/lib/samba/private/secrets.tdb, but, crucially, I did not do this for the other files in the secrets subdirectory. Once I made the links for the other files, all I had to do was clean up my old tdb files (duplicate and otherwise bad entries) and then the import worked! Simon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Please help: classicupgrade not importing users
Does anyone have any ideas what I might have done wrong or why this is not working? Simon On Tue, 2 Apr 2013, simon+sa...@matthews.eu wrote: I have tried everything that I can think of, but the users are still not being imported. I deleted and re-created the /usr/local/samba directory (using make install), I added users to the local passwd file (ypcat passwd /etc/passwd) and then stopped ypbind. Still the same. The users are not imported while the groups are. I would really appreciate some help in getting past this step. The transcript of my last attempt at classicupgrade can be found here: http://pastebin.com/tP8bG5Yb I changed the realm that I used to a.b and made edits to the file to make it consistent. Simon On Mon, 1 Apr 2013, simon+sa...@matthews.eu wrote: On Tue, 2 Apr 2013, Ricky Nance wrote: http://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTOhttps://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO should help. I have been following those instructions. I have a tdb backend, I am working on a VM that does not have SAMBA3 installed. The command: # samba-tool user list does not show my users. Interestingly, the groups seem to be there. If I use # samba-tool group list I see the expected groups. Simon Ricky On Tue, Apr 2, 2013 at 12:06 AM, Gémes Géza g...@kzsdabas.hu wrote: 2013-04-02 05:35 keltezéssel, simon+sa...@matthews.eu írta: On Mon, 1 Apr 2013, simon+sa...@matthews.eu wrote: On Tue, 2 Apr 2013, Andrew Bartlett wrote: On Mon, 2013-04-01 at 09:26 +0200, Gémes Géza wrote: 2013-04-01 02:36 keltezéssel, simon+sa...@matthews.eu írta: Since I don't seem to be having any luck with the classicupgrade, I decided to try starting from scratch and then adding I users. I ran the command: /usr/local/samba/bin/samba-**tool domain provision --realm=my realm \ --domain=mydomain --adminpass 'mypass' realm --server-role=dc \ --dns-backend=BIND9_DLZ Then I tried both adding and changing users. In neither case can I change the SID with pdbedit. It seems to be added with a system-defined SID, irrespective of what I specify. pdbedit -v is able to list the user's parameters, including the SID. Any suggestions? I am pretty much stuck here trying to figure out how to migrate from an existing SAMBA3 domain to SAMBA4. Hi, Trying to add users one by one (preserving SID) is IMHO a lot harder(you would probably need to ldbmodify the user record of each one) todo, than fixing your samba3 install to have it classicupgraded. Indeed. The only way to safely import a list of users who already have SIDs is to migrate them to Samba 4.0's AD DC using one of the supported migration tools. These are 'samba-tool domain join dc' and 'samba-tool domain classicupgrade'. Perhaps I need to address why the classicupgrade did not work. I see now that I did not pass the --dbdir option when running it before. I'll try again. I went back to trying to get the classicupgrade to work: /usr/local/samba/bin/samba-**tool domain classicupgrade \ --dbdir=/var/lib/samba/ --dbdir=/var/lib/samba/ --realm=a.b \ /etc/samba/smb.conf --use-xattrs=yes For the realm, I used a subdomain of one of the two existing dns domains in the LAN. It appears to be processing the information from the old domain tdb files, although I see some errors: Cannot open idmap database, Ignoring: [Errno 2] No such file or directory Importing groups Could not add group name=Remote Desktop Users ((68, samldb: Account name (sAMAccountName) 'Remote Desktop Users' already in use!)) Could not modify AD idmap entry for sid=S-1-5-21-4254857281-**3346836279-4152649156-555, id=5077, type=ID_TYPE_GID ((32, Base-DN 'SID=S-1-5-21-4254857281-**3346836279-4152649156-555' not found)) Could not add posix attrs for AD entry for sid=S-1-5-21-4254857281-**3346836279-4152649156-555, ((32, Base-DN 'SID=S-1-5-21-4254857281-**3346836279-4152649156-555' not found)) Group already exists sid=S-1-5-21-4254857281-**3346836279-4152649156-512, groupname=Domain Admins existing_groupname=Domain Admins, Ignoring. However, after this, all I get from pdbedit -L is: # pdbedit -L RAIDSERVER$:4294967295: Administrator:4294967295: [root@samba ~]# pdbedit -L RAIDSERVER$:4294967295: Administrator:4294967295:
[Samba] Please help: classicupgrade not importing users
I have tried everything that I can think of, but the users are still not being imported. I deleted and re-created the /usr/local/samba directory (using make install), I added users to the local passwd file (ypcat passwd /etc/passwd) and then stopped ypbind. Still the same. The users are not imported while the groups are. I would really appreciate some help in getting past this step. The transcript of my last attempt at classicupgrade can be found here: http://pastebin.com/tP8bG5Yb I changed the realm that I used to a.b and made edits to the file to make it consistent. Simon On Mon, 1 Apr 2013, simon+sa...@matthews.eu wrote: On Tue, 2 Apr 2013, Ricky Nance wrote: http://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTOhttps://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO should help. I have been following those instructions. I have a tdb backend, I am working on a VM that does not have SAMBA3 installed. The command: # samba-tool user list does not show my users. Interestingly, the groups seem to be there. If I use # samba-tool group list I see the expected groups. Simon Ricky On Tue, Apr 2, 2013 at 12:06 AM, Gémes Géza g...@kzsdabas.hu wrote: 2013-04-02 05:35 keltezéssel, simon+sa...@matthews.eu írta: On Mon, 1 Apr 2013, simon+sa...@matthews.eu wrote: On Tue, 2 Apr 2013, Andrew Bartlett wrote: On Mon, 2013-04-01 at 09:26 +0200, Gémes Géza wrote: 2013-04-01 02:36 keltezéssel, simon+sa...@matthews.eu írta: Since I don't seem to be having any luck with the classicupgrade, I decided to try starting from scratch and then adding I users. I ran the command: /usr/local/samba/bin/samba-**tool domain provision --realm=my realm \ --domain=mydomain --adminpass 'mypass' realm --server-role=dc \ --dns-backend=BIND9_DLZ Then I tried both adding and changing users. In neither case can I change the SID with pdbedit. It seems to be added with a system-defined SID, irrespective of what I specify. pdbedit -v is able to list the user's parameters, including the SID. Any suggestions? I am pretty much stuck here trying to figure out how to migrate from an existing SAMBA3 domain to SAMBA4. Hi, Trying to add users one by one (preserving SID) is IMHO a lot harder(you would probably need to ldbmodify the user record of each one) todo, than fixing your samba3 install to have it classicupgraded. Indeed. The only way to safely import a list of users who already have SIDs is to migrate them to Samba 4.0's AD DC using one of the supported migration tools. These are 'samba-tool domain join dc' and 'samba-tool domain classicupgrade'. Perhaps I need to address why the classicupgrade did not work. I see now that I did not pass the --dbdir option when running it before. I'll try again. I went back to trying to get the classicupgrade to work: /usr/local/samba/bin/samba-**tool domain classicupgrade \ --dbdir=/var/lib/samba/ --dbdir=/var/lib/samba/ --realm=a.b \ /etc/samba/smb.conf --use-xattrs=yes For the realm, I used a subdomain of one of the two existing dns domains in the LAN. It appears to be processing the information from the old domain tdb files, although I see some errors: Cannot open idmap database, Ignoring: [Errno 2] No such file or directory Importing groups Could not add group name=Remote Desktop Users ((68, samldb: Account name (sAMAccountName) 'Remote Desktop Users' already in use!)) Could not modify AD idmap entry for sid=S-1-5-21-4254857281-**3346836279-4152649156-555, id=5077, type=ID_TYPE_GID ((32, Base-DN 'SID=S-1-5-21-4254857281-**3346836279-4152649156-555' not found)) Could not add posix attrs for AD entry for sid=S-1-5-21-4254857281-**3346836279-4152649156-555, ((32, Base-DN 'SID=S-1-5-21-4254857281-**3346836279-4152649156-555' not found)) Group already exists sid=S-1-5-21-4254857281-**3346836279-4152649156-512, groupname=Domain Admins existing_groupname=Domain Admins, Ignoring. However, after this, all I get from pdbedit -L is: # pdbedit -L RAIDSERVER$:4294967295: Administrator:4294967295: [root@samba ~]# pdbedit -L RAIDSERVER$:4294967295: Administrator:4294967295: krbtgt:4294967295:--dbdir=/**var/lib/samba/ --realm=a.b /etc/samba/smb.confnobody:99:**Nobody Any ideas? What information might help debug this? Simon Could this happen because pdbedit is from the samba3 install? I recommend doing upgrade on a new box/virtual machine where no samba3 is installed, and copying the tdb files to