Re: [Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04

[GG]

Hello!
So in the end LDAP has been converted with the provided conversion
script and is not a problem anymore.

For reference, we said we needed net getlocalsid but I found that also
smbpasswd -X DomainName or -S DomainName outputs the domainsid :-)
(for some reason I have no net command albeit having smbclient
installed)

Now migrating samba is a big issue to me.

So samba authenticates on /etc/samba/smbpasswd and not on LDAP as I thought...

The admin creates a LDAP user, then via webmin converts users from
unix to samba and then ssh changes smbpasswd UserName.

Silly, isn't it?

But smbpasswd database receives converted account from ldap, not unix
as /etc/passwd does not have a newly added user, it mainly keeps
computeraccounts$ with $ at the end.

So we migrated the whole thing to a 3.5.3 telling it to use a switch
for compatibility with old smbpasswd file.

It did work as \\server\shares but not quite for domain logon for non
cached passwords...
I believe nmb had not been stopped... anyway

We went for a new virtual machine with the ancient Suse 8.2 with same
rpm -qa| samba ldap  versions and copied /etc/samba and /etc/openldap
/etc/passwd+shadow and /var/lib/ldap. Should I also have taken
/var/lib/samba???

Computers do not logon but can be added to the domain and nblookup
resolves the DomainName to the DC...

Had to revert to the old physical server...

What else should I consider?

After migrating the old services to a new server (the old one is on
its final months...) I would like to change the authentication to LDAP
backend directly, is this possible or does it nees smbpasswd?

Cheers,
Giorgio

On Sun, Apr 11, 2010 at 11:54 AM, Vladimir Psenicka
 wrote:
> I found this document to upgrade from samba 2 schema to 3:
> http://samba.org/samba/docs/man/Samba-HOWTO-Collection/upgrading-to-3.0.html,
> search "New Schema". Script is in /usr/share/doc/samba-doc/examples/LDAP/
> on Ubuntu.
>
> On Sat, 10 Apr 2010 21:32:19 +0200, Giorgio Gallo 
> wrote:
>> Hi Vladimir!
>>
>> Ok for changing into sambaSamAccount but what about the sambaSID?
>> It appears to be required!
>>
>> Cheers,
>> Giorgio
>>
>> -Original Message-
>> From: Vladimir Psenicka 
>> Sent: sabato 10 aprile 2010 18.40
>> To: GG 
>> Cc: samba@lists.samba.org
>> Subject: Re: [Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to
>> latest versions on ubuntu 8.04
>>
>> Hi GG
>>
>> 1. no delete, change objectClass:sambaAccount to
>> objectClass:sambaSamAccount in ldif, sambaAccount is deprecated
>> 2. uncomment lines with rid in samba.schema in HISTORICAL if you want to
>> preserve rid attribute, else delete it (don't see rid in our ldif)
>> 3. make all dn:uid=uid attribute
>>
>> And after this try to import ldif ...
>>
>>
>> On Fri, 9 Apr 2010 17:43:45 +0200, GG  wrote:
>>> Hello,
>>>
>>> I would delete sambaAccount but all users also use samba to logon to
>>> windows machines, wouldn't this prevent them from entering the domain
>>> etc?
>>>
>>>> dn: *uid=Christian Sanvi*,dc=Sistemi
>>>> *uid: csanvi*
>>>
>>> - I see what you mean. correct uid is csanvi: shall I make all dn:
>>> uid=*uid later defined*,dc,dc,dc?
>>>
>>> - I imported user correctly with no sambaAccount but what are the
>>> consequences for usage with samba?
>>>
>>> - sambaSID = should I put here the domain SID?
>>> http://www.aput.net/~jheiss/samba/ldap.shtml (seems he )
>>> sambaLMPassword = this should be like on LDAP any info?
>>> sambaNTPassword = this should be like on LDAP any info?
>>> sambaAcctFlags =
>>> sambaDomain = this should be like domain-name??
>>>
>>> The thing is I have to import LDAP and also make samba work after.
>>>
>>> - Is it possible to just import all LDAP without sambaAccount or
>>> sambaSamAccount and then add samba and domain part?
>>>
>>> Ldap is just the back end, what then needs to work is samba and domain
>> PDC
>>> etc..
>>>
>>> Giorgio
>>>
>>>
>>>
>>> On 4/9/10, Vladimir Psenicka  wrote:
>>>> Hi.
>>>>
>>>> Can you change *objectClass: sambaAccount* to *objectClass:
>>>> sambaSamAccount* in whole ldif, but object class 'sambaSamAccount'
>>>> requires attribute 'sambaSID' and maybee other samba* attributes. Or
>>>> delete objectClass: sambaAccount from this dn when no samba* attribute
>>>> is specified in this dn. I can't see objectClass: sambaAccount in our
>>>> Samba 3.0 samba.schema

Re: [Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04

[Giorgio Gallo]

Hi Vladimir!

Ok for changing into sambaSamAccount but what about the sambaSID?
It appears to be required!

Cheers,
Giorgio

-Original Message-
From: Vladimir Psenicka 
Sent: sabato 10 aprile 2010 18.40
To: GG 
Cc: samba@lists.samba.org
Subject: Re: [Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest 
versions on ubuntu 8.04

Hi GG

1. no delete, change objectClass:sambaAccount to
objectClass:sambaSamAccount in ldif, sambaAccount is deprecated
2. uncomment lines with rid in samba.schema in HISTORICAL if you want to
preserve rid attribute, else delete it (don't see rid in our ldif)
3. make all dn:uid=uid attribute

And after this try to import ldif ...


On Fri, 9 Apr 2010 17:43:45 +0200, GG  wrote:
> Hello,
> 
> I would delete sambaAccount but all users also use samba to logon to
> windows machines, wouldn't this prevent them from entering the domain
> etc?
> 
>> dn: *uid=Christian Sanvi*,dc=Sistemi
>> *uid: csanvi*
> 
> - I see what you mean. correct uid is csanvi: shall I make all dn:
> uid=*uid later defined*,dc,dc,dc?
> 
> - I imported user correctly with no sambaAccount but what are the
> consequences for usage with samba?
> 
> - sambaSID = should I put here the domain SID?
> http://www.aput.net/~jheiss/samba/ldap.shtml (seems he )
> sambaLMPassword = this should be like on LDAP any info?
> sambaNTPassword = this should be like on LDAP any info?
> sambaAcctFlags =
> sambaDomain = this should be like domain-name??
> 
> The thing is I have to import LDAP and also make samba work after.
> 
> - Is it possible to just import all LDAP without sambaAccount or
> sambaSamAccount and then add samba and domain part?
> 
> Ldap is just the back end, what then needs to work is samba and domain
PDC
> etc..
> 
> Giorgio
> 
> 
> 
> On 4/9/10, Vladimir Psenicka  wrote:
>> Hi.
>>
>> Can you change *objectClass: sambaAccount* to *objectClass:
>> sambaSamAccount* in whole ldif, but object class 'sambaSamAccount'
>> requires attribute 'sambaSID' and maybee other samba* attributes. Or
>> delete objectClass: sambaAccount from this dn when no samba* attribute
>> is specified in this dn. I can't see objectClass: sambaAccount in our
>> Samba 3.0 samba.schema.
>>
>> You can tune your old atributes (rid) in samba.schema: see HISTORICAL
>>
>>
>> Next your uid in dn must exactly be same as atribute uid
>>
>>
>> dn: *uid=Christian Sanvi*,dc=Sistemi
>> Informativi,dc=People,dc=GG-s-Domain,dc=it
>> structuralObjectClass: inetOrgPerson
>> entryUUID: e969a5fc-584e-1027-9dc7-fa88d05ed16f
>> creatorsName: cn=Manager,dc=GG-s-Domain,dc=it
>> createTimestamp: 20030801093311Z
>> objectClass: inetOrgPerson
>> objectClass: person
>> objectClass: posixAccount
>> objectClass: shadowAccount
>> mail: christian.sa...@gg-s-domain.it
>> mailHost: mail.GG-s-Domain.it
>> mailMessageStore: /var/qmail/maildirs/GG-s-Domain.it/christian.sanvi
>> *uid: Christian Sanvi*
>> cn: csanvi
>> sn: sanvi
>> shadowMax: 9
>> shadowWarning: 7
>> loginShell: /bin/bash
>> uidNumber: 1000
>> gidNumber: 100
>> homeDirectory: /home/christian
>> gecos: Christian Sanvi,,,
>> entryCSN: 2008042908:48:24Z#0x0002#0#
>> modifiersName: cn=Manager,dc=GG-s-Domain,dc=it
>> modifyTimestamp: 20080429084824Z
>> userPassword:: e2NyeXB0fVc4Tmx0ck9pZDZhd3M=
>> shadowLastChange: 14695
>>
>>
>> This dn imported me fine (delete qmail and samba objectclass and rid
>> attribute).
>>
>>
>> Dne 9.4.2010 12:40, GG napsal(a):
>> > Hello!
>> >
>> > So I added openldap.schema and qmail.schema, deleted /var/lib/ldap/*
>> > and slapadd the ldif; I still get the same errors though!
>> >
>> > Being on the first line it seems as if dn: uid=,dc=,dc=,dc= is not ok
>> > for the new version, because it imports groups correctly  dn:
>> > dc=,dc=,dc=
>> >
>> > Ideas?
>> >
>> > Cheers,
>> > Giorgio
>> >
>> > On 4/8/10, Vladimir Psenicka  wrote:
>> >> You have in gg-edited.ldif (first error on line 52):
>> >>
>> >> dn: uid=name surname,dc=Sistemi
>> >> Informativi,dc=People,dc=GG-s-Domain,dc=it
>> >> structuralObjectClass: inetOrgPerson
>> >> entryUUID: e969a5fc-584e-1027-9dc7-fa88d05ed16f
>> >> creatorsName: cn=Manager,dc=GG-s-Domain,dc=it
>> >> createTimestamp: 20030801093311Z
>> >> objectClass: inetOrgPerson
>> >> objectClass: person
>> >> objectCl

Re: [Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04

[Vladimir Psenicka]

I found this document to upgrade from samba 2 schema to 3:
http://samba.org/samba/docs/man/Samba-HOWTO-Collection/upgrading-to-3.0.html,
search "New Schema". Script is in /usr/share/doc/samba-doc/examples/LDAP/
on Ubuntu.

On Sat, 10 Apr 2010 21:32:19 +0200, Giorgio Gallo 
wrote:
> Hi Vladimir!
> 
> Ok for changing into sambaSamAccount but what about the sambaSID?
> It appears to be required!
> 
> Cheers,
> Giorgio
> 
> -Original Message-
> From: Vladimir Psenicka 
> Sent: sabato 10 aprile 2010 18.40
> To: GG 
> Cc: samba@lists.samba.org
> Subject: Re: [Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to
> latest versions on ubuntu 8.04
> 
> Hi GG
> 
> 1. no delete, change objectClass:sambaAccount to
> objectClass:sambaSamAccount in ldif, sambaAccount is deprecated
> 2. uncomment lines with rid in samba.schema in HISTORICAL if you want to
> preserve rid attribute, else delete it (don't see rid in our ldif)
> 3. make all dn:uid=uid attribute
> 
> And after this try to import ldif ...
> 
> 
> On Fri, 9 Apr 2010 17:43:45 +0200, GG  wrote:
>> Hello,
>> 
>> I would delete sambaAccount but all users also use samba to logon to
>> windows machines, wouldn't this prevent them from entering the domain
>> etc?
>> 
>>> dn: *uid=Christian Sanvi*,dc=Sistemi
>>> *uid: csanvi*
>> 
>> - I see what you mean. correct uid is csanvi: shall I make all dn:
>> uid=*uid later defined*,dc,dc,dc?
>> 
>> - I imported user correctly with no sambaAccount but what are the
>> consequences for usage with samba?
>> 
>> - sambaSID = should I put here the domain SID?
>> http://www.aput.net/~jheiss/samba/ldap.shtml (seems he )
>> sambaLMPassword = this should be like on LDAP any info?
>> sambaNTPassword = this should be like on LDAP any info?
>> sambaAcctFlags =
>> sambaDomain = this should be like domain-name??
>> 
>> The thing is I have to import LDAP and also make samba work after.
>> 
>> - Is it possible to just import all LDAP without sambaAccount or
>> sambaSamAccount and then add samba and domain part?
>> 
>> Ldap is just the back end, what then needs to work is samba and domain
> PDC
>> etc..
>> 
>> Giorgio
>> 
>> 
>> 
>> On 4/9/10, Vladimir Psenicka  wrote:
>>> Hi.
>>>
>>> Can you change *objectClass: sambaAccount* to *objectClass:
>>> sambaSamAccount* in whole ldif, but object class 'sambaSamAccount'
>>> requires attribute 'sambaSID' and maybee other samba* attributes. Or
>>> delete objectClass: sambaAccount from this dn when no samba* attribute
>>> is specified in this dn. I can't see objectClass: sambaAccount in our
>>> Samba 3.0 samba.schema.
>>>
>>> You can tune your old atributes (rid) in samba.schema: see HISTORICAL
>>>
>>>
>>> Next your uid in dn must exactly be same as atribute uid
>>>
>>>
>>> dn: *uid=Christian Sanvi*,dc=Sistemi
>>> Informativi,dc=People,dc=GG-s-Domain,dc=it
>>> structuralObjectClass: inetOrgPerson
>>> entryUUID: e969a5fc-584e-1027-9dc7-fa88d05ed16f
>>> creatorsName: cn=Manager,dc=GG-s-Domain,dc=it
>>> createTimestamp: 20030801093311Z
>>> objectClass: inetOrgPerson
>>> objectClass: person
>>> objectClass: posixAccount
>>> objectClass: shadowAccount
>>> mail: christian.sa...@gg-s-domain.it
>>> mailHost: mail.GG-s-Domain.it
>>> mailMessageStore: /var/qmail/maildirs/GG-s-Domain.it/christian.sanvi
>>> *uid: Christian Sanvi*
>>> cn: csanvi
>>> sn: sanvi
>>> shadowMax: 9
>>> shadowWarning: 7
>>> loginShell: /bin/bash
>>> uidNumber: 1000
>>> gidNumber: 100
>>> homeDirectory: /home/christian
>>> gecos: Christian Sanvi,,,
>>> entryCSN: 2008042908:48:24Z#0x0002#0#
>>> modifiersName: cn=Manager,dc=GG-s-Domain,dc=it
>>> modifyTimestamp: 20080429084824Z
>>> userPassword:: e2NyeXB0fVc4Tmx0ck9pZDZhd3M=
>>> shadowLastChange: 14695
>>>
>>>
>>> This dn imported me fine (delete qmail and samba objectclass and rid
>>> attribute).
>>>
>>>
>>> Dne 9.4.2010 12:40, GG napsal(a):
>>> > Hello!
>>> >
>>> > So I added openldap.schema and qmail.schema, deleted /var/lib/ldap/*
>>> > and slapadd the ldif; I still get the same errors though!
>>> >
>>> > Being on the first line it seems as if dn: uid=,dc=,dc=,dc= is not
ok
>>> > for the new version, b

Re: [Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04

[GG]

Hello!

Actually I have no sambaSID.

a question: if i started off by having an ldap server and I then
wanted to add samba (so now I'd import ldif with no references to
samba), would there be the way of syncronizing from ldap to samba?

Cheers,
Gio

On 4/10/10, Vladimir Psenicka  wrote:
>
> sambaSID is unique ID for every user in domain and must be present when
> use objectclass: sambaSamAccount. Exist sambaSID in your ldif in users
> attributes?
>
> &On Sat, 10 Apr 2010 18:40:38 +0200, Vladimir Psenicka
>  wrote:
>> Hi GG
>>
>> 1. no delete, change objectClass:sambaAccount to
>> objectClass:sambaSamAccount in ldif, sambaAccount is deprecated
>> 2. uncomment lines with rid in samba.schema in HISTORICAL if you want to
>> preserve rid attribute, else delete it (don't see rid in our ldif)
>> 3. make all dn:uid=uid attribute
>>
>> And after this try to import ldif ...
>>
>>
>> On Fri, 9 Apr 2010 17:43:45 +0200, GG  wrote:
>>> Hello,
>>>
>>> I would delete sambaAccount but all users also use samba to logon to
>>> windows machines, wouldn't this prevent them from entering the domain
>>> etc?
>>>
 dn: *uid=Christian Sanvi*,dc=Sistemi
 *uid: csanvi*
>>>
>>> - I see what you mean. correct uid is csanvi: shall I make all dn:
>>> uid=*uid later defined*,dc,dc,dc?
>>>
>>> - I imported user correctly with no sambaAccount but what are the
>>> consequences for usage with samba?
>>>
>>> - sambaSID = should I put here the domain SID?
>>> http://www.aput.net/~jheiss/samba/ldap.shtml (seems he )
>>> sambaLMPassword = this should be like on LDAP any info?
>>> sambaNTPassword = this should be like on LDAP any info?
>>> sambaAcctFlags =
>>> sambaDomain = this should be like domain-name??
>>>
>>> The thing is I have to import LDAP and also make samba work after.
>>>
>>> - Is it possible to just import all LDAP without sambaAccount or
>>> sambaSamAccount and then add samba and domain part?
>>>
>>> Ldap is just the back end, what then needs to work is samba and domain
>> PDC
>>> etc..
>>>
>>> Giorgio
>>>
>>>
>>>
>>> On 4/9/10, Vladimir Psenicka  wrote:
 Hi.

 Can you change *objectClass: sambaAccount* to *objectClass:
 sambaSamAccount* in whole ldif, but object class 'sambaSamAccount'
 requires attribute 'sambaSID' and maybee other samba* attributes. Or
 delete objectClass: sambaAccount from this dn when no samba* attribute
 is specified in this dn. I can't see objectClass: sambaAccount in our
 Samba 3.0 samba.schema.

 You can tune your old atributes (rid) in samba.schema: see HISTORICAL


 Next your uid in dn must exactly be same as atribute uid


 dn: *uid=Christian Sanvi*,dc=Sistemi
 Informativi,dc=People,dc=GG-s-Domain,dc=it
 structuralObjectClass: inetOrgPerson
 entryUUID: e969a5fc-584e-1027-9dc7-fa88d05ed16f
 creatorsName: cn=Manager,dc=GG-s-Domain,dc=it
 createTimestamp: 20030801093311Z
 objectClass: inetOrgPerson
 objectClass: person
 objectClass: posixAccount
 objectClass: shadowAccount
 mail: christian.sa...@gg-s-domain.it
 mailHost: mail.GG-s-Domain.it
 mailMessageStore: /var/qmail/maildirs/GG-s-Domain.it/christian.sanvi
 *uid: Christian Sanvi*
 cn: csanvi
 sn: sanvi
 shadowMax: 9
 shadowWarning: 7
 loginShell: /bin/bash
 uidNumber: 1000
 gidNumber: 100
 homeDirectory: /home/christian
 gecos: Christian Sanvi,,,
 entryCSN: 2008042908:48:24Z#0x0002#0#
 modifiersName: cn=Manager,dc=GG-s-Domain,dc=it
 modifyTimestamp: 20080429084824Z
 userPassword:: e2NyeXB0fVc4Tmx0ck9pZDZhd3M=
 shadowLastChange: 14695


 This dn imported me fine (delete qmail and samba objectclass and rid
 attribute).


 Dne 9.4.2010 12:40, GG napsal(a):
 > Hello!
 >
 > So I added openldap.schema and qmail.schema, deleted /var/lib/ldap/*
 > and slapadd the ldif; I still get the same errors though!
 >
 > Being on the first line it seems as if dn: uid=,dc=,dc=,dc= is not
> ok
 > for the new version, because it imports groups correctly  dn:
 > dc=,dc=,dc=
 >
 > Ideas?
 >
 > Cheers,
 > Giorgio
 >
 > On 4/8/10, Vladimir Psenicka  wrote:
 >> You have in gg-edited.ldif (first error on line 52):
 >>
 >> dn: uid=name surname,dc=Sistemi
 >> Informativi,dc=People,dc=GG-s-Domain,dc=it
 >> structuralObjectClass: inetOrgPerson
 >> entryUUID: e969a5fc-584e-1027-9dc7-fa88d05ed16f
 >> creatorsName: cn=Manager,dc=GG-s-Domain,dc=it
 >> createTimestamp: 20030801093311Z
 >> objectClass: inetOrgPerson
 >> objectClass: person
 >> objectClass: sambaAccount
 >> objectClass: qmailUser
 >> objectClass: posixAccount
 >> objectClass: shadowAccount
 >>
 >> Dou you have all apropriate schemas in your slapd.conf and in
 >> /etc/ldap/schema/ on your new server? You should have all schemas
> in
 >> new
 >> slapd.conf as you had in slapd.conf o

Re: [Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04

[Vladimir Psenicka]

sambaSID is unique ID for every user in domain and must be present when
use objectclass: sambaSamAccount. Exist sambaSID in your ldif in users
attributes?

&On Sat, 10 Apr 2010 18:40:38 +0200, Vladimir Psenicka
 wrote:
> Hi GG
> 
> 1. no delete, change objectClass:sambaAccount to
> objectClass:sambaSamAccount in ldif, sambaAccount is deprecated
> 2. uncomment lines with rid in samba.schema in HISTORICAL if you want to
> preserve rid attribute, else delete it (don't see rid in our ldif)
> 3. make all dn:uid=uid attribute
> 
> And after this try to import ldif ...
> 
> 
> On Fri, 9 Apr 2010 17:43:45 +0200, GG  wrote:
>> Hello,
>> 
>> I would delete sambaAccount but all users also use samba to logon to
>> windows machines, wouldn't this prevent them from entering the domain
>> etc?
>> 
>>> dn: *uid=Christian Sanvi*,dc=Sistemi
>>> *uid: csanvi*
>> 
>> - I see what you mean. correct uid is csanvi: shall I make all dn:
>> uid=*uid later defined*,dc,dc,dc?
>> 
>> - I imported user correctly with no sambaAccount but what are the
>> consequences for usage with samba?
>> 
>> - sambaSID = should I put here the domain SID?
>> http://www.aput.net/~jheiss/samba/ldap.shtml (seems he )
>> sambaLMPassword = this should be like on LDAP any info?
>> sambaNTPassword = this should be like on LDAP any info?
>> sambaAcctFlags =
>> sambaDomain = this should be like domain-name??
>> 
>> The thing is I have to import LDAP and also make samba work after.
>> 
>> - Is it possible to just import all LDAP without sambaAccount or
>> sambaSamAccount and then add samba and domain part?
>> 
>> Ldap is just the back end, what then needs to work is samba and domain
> PDC
>> etc..
>> 
>> Giorgio
>> 
>> 
>> 
>> On 4/9/10, Vladimir Psenicka  wrote:
>>> Hi.
>>>
>>> Can you change *objectClass: sambaAccount* to *objectClass:
>>> sambaSamAccount* in whole ldif, but object class 'sambaSamAccount'
>>> requires attribute 'sambaSID' and maybee other samba* attributes. Or
>>> delete objectClass: sambaAccount from this dn when no samba* attribute
>>> is specified in this dn. I can't see objectClass: sambaAccount in our
>>> Samba 3.0 samba.schema.
>>>
>>> You can tune your old atributes (rid) in samba.schema: see HISTORICAL
>>>
>>>
>>> Next your uid in dn must exactly be same as atribute uid
>>>
>>>
>>> dn: *uid=Christian Sanvi*,dc=Sistemi
>>> Informativi,dc=People,dc=GG-s-Domain,dc=it
>>> structuralObjectClass: inetOrgPerson
>>> entryUUID: e969a5fc-584e-1027-9dc7-fa88d05ed16f
>>> creatorsName: cn=Manager,dc=GG-s-Domain,dc=it
>>> createTimestamp: 20030801093311Z
>>> objectClass: inetOrgPerson
>>> objectClass: person
>>> objectClass: posixAccount
>>> objectClass: shadowAccount
>>> mail: christian.sa...@gg-s-domain.it
>>> mailHost: mail.GG-s-Domain.it
>>> mailMessageStore: /var/qmail/maildirs/GG-s-Domain.it/christian.sanvi
>>> *uid: Christian Sanvi*
>>> cn: csanvi
>>> sn: sanvi
>>> shadowMax: 9
>>> shadowWarning: 7
>>> loginShell: /bin/bash
>>> uidNumber: 1000
>>> gidNumber: 100
>>> homeDirectory: /home/christian
>>> gecos: Christian Sanvi,,,
>>> entryCSN: 2008042908:48:24Z#0x0002#0#
>>> modifiersName: cn=Manager,dc=GG-s-Domain,dc=it
>>> modifyTimestamp: 20080429084824Z
>>> userPassword:: e2NyeXB0fVc4Tmx0ck9pZDZhd3M=
>>> shadowLastChange: 14695
>>>
>>>
>>> This dn imported me fine (delete qmail and samba objectclass and rid
>>> attribute).
>>>
>>>
>>> Dne 9.4.2010 12:40, GG napsal(a):
>>> > Hello!
>>> >
>>> > So I added openldap.schema and qmail.schema, deleted /var/lib/ldap/*
>>> > and slapadd the ldif; I still get the same errors though!
>>> >
>>> > Being on the first line it seems as if dn: uid=,dc=,dc=,dc= is not
ok
>>> > for the new version, because it imports groups correctly  dn:
>>> > dc=,dc=,dc=
>>> >
>>> > Ideas?
>>> >
>>> > Cheers,
>>> > Giorgio
>>> >
>>> > On 4/8/10, Vladimir Psenicka  wrote:
>>> >> You have in gg-edited.ldif (first error on line 52):
>>> >>
>>> >> dn: uid=name surname,dc=Sistemi
>>> >> Informativi,dc=People,dc=GG-s-Domain,dc=it
>>> >> structuralObjectClass: inetOrgPerson
>>> >> entryUUID: e969a5fc-584e-1027-9dc7-fa88d05ed16f
>>> >> creatorsName: cn=Manager,dc=GG-s-Domain,dc=it
>>> >> createTimestamp: 20030801093311Z
>>> >> objectClass: inetOrgPerson
>>> >> objectClass: person
>>> >> objectClass: sambaAccount
>>> >> objectClass: qmailUser
>>> >> objectClass: posixAccount
>>> >> objectClass: shadowAccount
>>> >>
>>> >> Dou you have all apropriate schemas in your slapd.conf and in
>>> >> /etc/ldap/schema/ on your new server? You should have all schemas
in
>>> >> new
>>> >> slapd.conf as you had in slapd.conf on old server...qmail schema
>>> >> etc...
>>> >>
>>https://mail.prodeco.cz/roundcube/program/js/tiny_mce/themes/advanced/langs/cs.js?s=1240817786";>gt;
>> Dne 8.4.2010 11:44, GG napsal(a):
>>> >>> Hello Vladimir and NG,
>>> >>>
>>> >>> I added samba.schema and removed the "" and it imported ldif
> without
>>> >>> saying anything about groups now :-)
>>> >>>
>>> >>> There are some warnings I am attaching.
>>> >>>

Re: [Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04

[Vladimir Psenicka]

Hi GG

1. no delete, change objectClass:sambaAccount to
objectClass:sambaSamAccount in ldif, sambaAccount is deprecated
2. uncomment lines with rid in samba.schema in HISTORICAL if you want to
preserve rid attribute, else delete it (don't see rid in our ldif)
3. make all dn:uid=uid attribute

And after this try to import ldif ...


On Fri, 9 Apr 2010 17:43:45 +0200, GG  wrote:
> Hello,
> 
> I would delete sambaAccount but all users also use samba to logon to
> windows machines, wouldn't this prevent them from entering the domain
> etc?
> 
>> dn: *uid=Christian Sanvi*,dc=Sistemi
>> *uid: csanvi*
> 
> - I see what you mean. correct uid is csanvi: shall I make all dn:
> uid=*uid later defined*,dc,dc,dc?
> 
> - I imported user correctly with no sambaAccount but what are the
> consequences for usage with samba?
> 
> - sambaSID = should I put here the domain SID?
> http://www.aput.net/~jheiss/samba/ldap.shtml (seems he )
> sambaLMPassword = this should be like on LDAP any info?
> sambaNTPassword = this should be like on LDAP any info?
> sambaAcctFlags =
> sambaDomain = this should be like domain-name??
> 
> The thing is I have to import LDAP and also make samba work after.
> 
> - Is it possible to just import all LDAP without sambaAccount or
> sambaSamAccount and then add samba and domain part?
> 
> Ldap is just the back end, what then needs to work is samba and domain
PDC
> etc..
> 
> Giorgio
> 
> 
> 
> On 4/9/10, Vladimir Psenicka  wrote:
>> Hi.
>>
>> Can you change *objectClass: sambaAccount* to *objectClass:
>> sambaSamAccount* in whole ldif, but object class 'sambaSamAccount'
>> requires attribute 'sambaSID' and maybee other samba* attributes. Or
>> delete objectClass: sambaAccount from this dn when no samba* attribute
>> is specified in this dn. I can't see objectClass: sambaAccount in our
>> Samba 3.0 samba.schema.
>>
>> You can tune your old atributes (rid) in samba.schema: see HISTORICAL
>>
>>
>> Next your uid in dn must exactly be same as atribute uid
>>
>>
>> dn: *uid=Christian Sanvi*,dc=Sistemi
>> Informativi,dc=People,dc=GG-s-Domain,dc=it
>> structuralObjectClass: inetOrgPerson
>> entryUUID: e969a5fc-584e-1027-9dc7-fa88d05ed16f
>> creatorsName: cn=Manager,dc=GG-s-Domain,dc=it
>> createTimestamp: 20030801093311Z
>> objectClass: inetOrgPerson
>> objectClass: person
>> objectClass: posixAccount
>> objectClass: shadowAccount
>> mail: christian.sa...@gg-s-domain.it
>> mailHost: mail.GG-s-Domain.it
>> mailMessageStore: /var/qmail/maildirs/GG-s-Domain.it/christian.sanvi
>> *uid: Christian Sanvi*
>> cn: csanvi
>> sn: sanvi
>> shadowMax: 9
>> shadowWarning: 7
>> loginShell: /bin/bash
>> uidNumber: 1000
>> gidNumber: 100
>> homeDirectory: /home/christian
>> gecos: Christian Sanvi,,,
>> entryCSN: 2008042908:48:24Z#0x0002#0#
>> modifiersName: cn=Manager,dc=GG-s-Domain,dc=it
>> modifyTimestamp: 20080429084824Z
>> userPassword:: e2NyeXB0fVc4Tmx0ck9pZDZhd3M=
>> shadowLastChange: 14695
>>
>>
>> This dn imported me fine (delete qmail and samba objectclass and rid
>> attribute).
>>
>>
>> Dne 9.4.2010 12:40, GG napsal(a):
>> > Hello!
>> >
>> > So I added openldap.schema and qmail.schema, deleted /var/lib/ldap/*
>> > and slapadd the ldif; I still get the same errors though!
>> >
>> > Being on the first line it seems as if dn: uid=,dc=,dc=,dc= is not ok
>> > for the new version, because it imports groups correctly  dn:
>> > dc=,dc=,dc=
>> >
>> > Ideas?
>> >
>> > Cheers,
>> > Giorgio
>> >
>> > On 4/8/10, Vladimir Psenicka  wrote:
>> >> You have in gg-edited.ldif (first error on line 52):
>> >>
>> >> dn: uid=name surname,dc=Sistemi
>> >> Informativi,dc=People,dc=GG-s-Domain,dc=it
>> >> structuralObjectClass: inetOrgPerson
>> >> entryUUID: e969a5fc-584e-1027-9dc7-fa88d05ed16f
>> >> creatorsName: cn=Manager,dc=GG-s-Domain,dc=it
>> >> createTimestamp: 20030801093311Z
>> >> objectClass: inetOrgPerson
>> >> objectClass: person
>> >> objectClass: sambaAccount
>> >> objectClass: qmailUser
>> >> objectClass: posixAccount
>> >> objectClass: shadowAccount
>> >>
>> >> Dou you have all apropriate schemas in your slapd.conf and in
>> >> /etc/ldap/schema/ on your new server? You should have all schemas in
>> >> new
>> >> slapd.conf as you had in slapd.conf on old server...qmail schema
>> >> etc...
>> >>
>> >> Dne 8.4.2010 11:44, GG napsal(a):
>> >>> Hello Vladimir and NG,
>> >>>
>> >>> I added samba.schema and removed the "" and it imported ldif
without
>> >>> saying anything about groups now :-)
>> >>>
>> >>> There are some warnings I am attaching.
>> >>>
>> >>> It moans about
>> >>> str2entry: invalid value for attributeType objectClass #3 (syntax
>> >>> 1.3.6.1.4.1.1466.115.121.1.38)
>> >>> slapadd: could not parse entry (line=11937)
>> >>> and if I look at the ldif I find this
>> >>> dn: uid=someuid,dc=Filiali,dc=People,dc=domain,dc=it
>> >>>
>> >>> and other error
>> >>> slapadd: could not parse entry (line=6)
>> >>> <= str2entry: str2ad(mailHost): attribute type undefined
>> >>> this is the line in ldfi...
>https://ma

Re: [Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04

[GG]

Hello,

I would delete sambaAccount but all users also use samba to logon to
windows machines, wouldn't this prevent them from entering the domain
etc?

> dn: *uid=Christian Sanvi*,dc=Sistemi
> *uid: csanvi*

- I see what you mean. correct uid is csanvi: shall I make all dn:
uid=*uid later defined*,dc,dc,dc?

- I imported user correctly with no sambaAccount but what are the
consequences for usage with samba?

- sambaSID = should I put here the domain SID?
http://www.aput.net/~jheiss/samba/ldap.shtml (seems he )
sambaLMPassword = this should be like on LDAP any info?
sambaNTPassword = this should be like on LDAP any info?
sambaAcctFlags =
sambaDomain = this should be like domain-name??

The thing is I have to import LDAP and also make samba work after.

- Is it possible to just import all LDAP without sambaAccount or
sambaSamAccount and then add samba and domain part?

Ldap is just the back end, what then needs to work is samba and domain PDC etc..

Giorgio



On 4/9/10, Vladimir Psenicka  wrote:
> Hi.
>
> Can you change *objectClass: sambaAccount* to *objectClass:
> sambaSamAccount* in whole ldif, but object class 'sambaSamAccount'
> requires attribute 'sambaSID' and maybee other samba* attributes. Or
> delete objectClass: sambaAccount from this dn when no samba* attribute
> is specified in this dn. I can't see objectClass: sambaAccount in our
> Samba 3.0 samba.schema.
>
> You can tune your old atributes (rid) in samba.schema: see HISTORICAL
>
>
> Next your uid in dn must exactly be same as atribute uid
>
>
> dn: *uid=Christian Sanvi*,dc=Sistemi
> Informativi,dc=People,dc=GG-s-Domain,dc=it
> structuralObjectClass: inetOrgPerson
> entryUUID: e969a5fc-584e-1027-9dc7-fa88d05ed16f
> creatorsName: cn=Manager,dc=GG-s-Domain,dc=it
> createTimestamp: 20030801093311Z
> objectClass: inetOrgPerson
> objectClass: person
> objectClass: posixAccount
> objectClass: shadowAccount
> mail: christian.sa...@gg-s-domain.it
> mailHost: mail.GG-s-Domain.it
> mailMessageStore: /var/qmail/maildirs/GG-s-Domain.it/christian.sanvi
> *uid: Christian Sanvi*
> cn: csanvi
> sn: sanvi
> shadowMax: 9
> shadowWarning: 7
> loginShell: /bin/bash
> uidNumber: 1000
> gidNumber: 100
> homeDirectory: /home/christian
> gecos: Christian Sanvi,,,
> entryCSN: 2008042908:48:24Z#0x0002#0#
> modifiersName: cn=Manager,dc=GG-s-Domain,dc=it
> modifyTimestamp: 20080429084824Z
> userPassword:: e2NyeXB0fVc4Tmx0ck9pZDZhd3M=
> shadowLastChange: 14695
>
>
> This dn imported me fine (delete qmail and samba objectclass and rid
> attribute).
>
>
> Dne 9.4.2010 12:40, GG napsal(a):
> > Hello!
> >
> > So I added openldap.schema and qmail.schema, deleted /var/lib/ldap/*
> > and slapadd the ldif; I still get the same errors though!
> >
> > Being on the first line it seems as if dn: uid=,dc=,dc=,dc= is not ok
> > for the new version, because it imports groups correctly  dn:
> > dc=,dc=,dc=
> >
> > Ideas?
> >
> > Cheers,
> > Giorgio
> >
> > On 4/8/10, Vladimir Psenicka  wrote:
> >> You have in gg-edited.ldif (first error on line 52):
> >>
> >> dn: uid=name surname,dc=Sistemi
> >> Informativi,dc=People,dc=GG-s-Domain,dc=it
> >> structuralObjectClass: inetOrgPerson
> >> entryUUID: e969a5fc-584e-1027-9dc7-fa88d05ed16f
> >> creatorsName: cn=Manager,dc=GG-s-Domain,dc=it
> >> createTimestamp: 20030801093311Z
> >> objectClass: inetOrgPerson
> >> objectClass: person
> >> objectClass: sambaAccount
> >> objectClass: qmailUser
> >> objectClass: posixAccount
> >> objectClass: shadowAccount
> >>
> >> Dou you have all apropriate schemas in your slapd.conf and in
> >> /etc/ldap/schema/ on your new server? You should have all schemas in new
> >> slapd.conf as you had in slapd.conf on old server...qmail schema etc...
> >>
> >> Dne 8.4.2010 11:44, GG napsal(a):
> >>> Hello Vladimir and NG,
> >>>
> >>> I added samba.schema and removed the "" and it imported ldif without
> >>> saying anything about groups now :-)
> >>>
> >>> There are some warnings I am attaching.
> >>>
> >>> It moans about
> >>> str2entry: invalid value for attributeType objectClass #3 (syntax
> >>> 1.3.6.1.4.1.1466.115.121.1.38)
> >>> slapadd: could not parse entry (line=11937)
> >>> and if I look at the ldif I find this
> >>> dn: uid=someuid,dc=Filiali,dc=People,dc=domain,dc=it
> >>>
> >>> and other error
> >>> slapadd: could not parse entry (line=6)
> >>> <= str2entry: str2ad(mailHost): attribute type undefined
> >>> this is the line in ldfi...
> >>>
> >>> dn: uid=otheruid,dc=Esterni,dc=People,dc=domain,dc=it
> >>> cn: otheruid
> >>>
> >>> But the line is always the dn:
> >>> uid=someuid,dc=SomeSubDc,dc=People,dc=domain,dc=it
> >>>
> >>> but reading mailHost: I have a line in many accounts with maildir and
> >>> mail host etc that I don't need any more; shall I remove lines
> >>> containing mail attributes? (mytextools.com  is
> >>> great but I suppose there must be some regular expression too)
> >>>
> >>> I did a slapcat from destination server and it imported groups but no
> >>> actu

Re: [Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04

[Vladimir Psenicka]

Hi.

Can you change *objectClass: sambaAccount* to *objectClass:
sambaSamAccount* in whole ldif, but object class 'sambaSamAccount'
requires attribute 'sambaSID' and maybee other samba* attributes. Or
delete objectClass: sambaAccount from this dn when no samba* attribute
is specified in this dn. I can't see objectClass: sambaAccount in our
Samba 3.0 samba.schema.

You can tune your old atributes (rid) in samba.schema: see HISTORICAL


Next your uid in dn must exactly be same as atribute uid


dn: *uid=Christian Sanvi*,dc=Sistemi
Informativi,dc=People,dc=GG-s-Domain,dc=it
structuralObjectClass: inetOrgPerson
entryUUID: e969a5fc-584e-1027-9dc7-fa88d05ed16f
creatorsName: cn=Manager,dc=GG-s-Domain,dc=it
createTimestamp: 20030801093311Z
objectClass: inetOrgPerson
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
mail: christian.sa...@gg-s-domain.it
mailHost: mail.GG-s-Domain.it
mailMessageStore: /var/qmail/maildirs/GG-s-Domain.it/christian.sanvi
*uid: Christian Sanvi*
cn: csanvi
sn: sanvi
shadowMax: 9
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1000
gidNumber: 100
homeDirectory: /home/christian
gecos: Christian Sanvi,,,
entryCSN: 2008042908:48:24Z#0x0002#0#
modifiersName: cn=Manager,dc=GG-s-Domain,dc=it
modifyTimestamp: 20080429084824Z
userPassword:: e2NyeXB0fVc4Tmx0ck9pZDZhd3M=
shadowLastChange: 14695


This dn imported me fine (delete qmail and samba objectclass and rid
attribute).


Dne 9.4.2010 12:40, GG napsal(a):
> Hello!
> 
> So I added openldap.schema and qmail.schema, deleted /var/lib/ldap/*
> and slapadd the ldif; I still get the same errors though!
> 
> Being on the first line it seems as if dn: uid=,dc=,dc=,dc= is not ok
> for the new version, because it imports groups correctly  dn:
> dc=,dc=,dc=
> 
> Ideas?
> 
> Cheers,
> Giorgio
> 
> On 4/8/10, Vladimir Psenicka  wrote:
>> You have in gg-edited.ldif (first error on line 52):
>>
>> dn: uid=name surname,dc=Sistemi
>> Informativi,dc=People,dc=GG-s-Domain,dc=it
>> structuralObjectClass: inetOrgPerson
>> entryUUID: e969a5fc-584e-1027-9dc7-fa88d05ed16f
>> creatorsName: cn=Manager,dc=GG-s-Domain,dc=it
>> createTimestamp: 20030801093311Z
>> objectClass: inetOrgPerson
>> objectClass: person
>> objectClass: sambaAccount
>> objectClass: qmailUser
>> objectClass: posixAccount
>> objectClass: shadowAccount
>>
>> Dou you have all apropriate schemas in your slapd.conf and in
>> /etc/ldap/schema/ on your new server? You should have all schemas in new
>> slapd.conf as you had in slapd.conf on old server...qmail schema etc...
>>
>> Dne 8.4.2010 11:44, GG napsal(a):
>>> Hello Vladimir and NG,
>>>
>>> I added samba.schema and removed the "" and it imported ldif without
>>> saying anything about groups now :-)
>>>
>>> There are some warnings I am attaching.
>>>
>>> It moans about
>>> str2entry: invalid value for attributeType objectClass #3 (syntax
>>> 1.3.6.1.4.1.1466.115.121.1.38)
>>> slapadd: could not parse entry (line=11937)
>>> and if I look at the ldif I find this
>>> dn: uid=someuid,dc=Filiali,dc=People,dc=domain,dc=it
>>>
>>> and other error
>>> slapadd: could not parse entry (line=6)
>>> <= str2entry: str2ad(mailHost): attribute type undefined
>>> this is the line in ldfi...
>>>
>>> dn: uid=otheruid,dc=Esterni,dc=People,dc=domain,dc=it
>>> cn: otheruid
>>>
>>> But the line is always the dn:
>>> uid=someuid,dc=SomeSubDc,dc=People,dc=domain,dc=it
>>>
>>> but reading mailHost: I have a line in many accounts with maildir and
>>> mail host etc that I don't need any more; shall I remove lines
>>> containing mail attributes? (mytextools.com  is
>>> great but I suppose there must be some regular expression too)
>>>
>>> I did a slapcat from destination server and it imported groups but no
>>> actual users.
>>>
>>> I removed mail alternate attibutes (not mail: as it used for creating
>>> alias from ldap into mail server) anyway the error seems to be in the
>>> DN. it needs a dn but it gives this error
>>> str2entry: invalid value for attributeType objectClass #3 (syntax
>>> 1.3.6.1.4.1.1466.115.121.1.38)
>>> slapadd: could not parse entry (line=1)
>>>
>>> importing a single user from a partial ldif..
>>>
>>>
>>> Giorgio
>>>
>>> On 4/8/10, Vladimir Psenicka >> > wrote:
 1. comments to slapd.conf:

 if slapd.conf.destination is on your new server, then you are missing
 samba schema in your slapd.conf.destination.

 slapd.conf on new server:
 
 include /etc/ldap/schema/samba.schema
 

 Get samba.schema from your current samba instalation on new server. It
 should be in somewhere in: /usr/share/doc/samba-doc/examples/LDAP/

 2. comments on error importing ldif:

 slapadd-ing.LOG:

 slapadd: dn="dc=People,dc=GG-s-Domain,dc=it" (line=26): (64) value of
 naming attribute 'dc' is not present in entry

 which is in gg-edited.ldif:

 dn: dc=People,dc=GG-s-Domain,dc=it
>>>

Re: [Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04

[GG]

Hello!

So I added openldap.schema and qmail.schema, deleted /var/lib/ldap/*
and slapadd the ldif; I still get the same errors though!

Being on the first line it seems as if dn: uid=,dc=,dc=,dc= is not ok
for the new version, because it imports groups correctly  dn:
dc=,dc=,dc=

Ideas?

Cheers,
Giorgio

On 4/8/10, Vladimir Psenicka  wrote:
> You have in gg-edited.ldif (first error on line 52):
>
> dn: uid=name surname,dc=Sistemi
> Informativi,dc=People,dc=GG-s-Domain,dc=it
> structuralObjectClass: inetOrgPerson
> entryUUID: e969a5fc-584e-1027-9dc7-fa88d05ed16f
> creatorsName: cn=Manager,dc=GG-s-Domain,dc=it
> createTimestamp: 20030801093311Z
> objectClass: inetOrgPerson
> objectClass: person
> objectClass: sambaAccount
> objectClass: qmailUser
> objectClass: posixAccount
> objectClass: shadowAccount
>
> Dou you have all apropriate schemas in your slapd.conf and in
> /etc/ldap/schema/ on your new server? You should have all schemas in new
> slapd.conf as you had in slapd.conf on old server...qmail schema etc...
>
> Dne 8.4.2010 11:44, GG napsal(a):
> > Hello Vladimir and NG,
> >
> > I added samba.schema and removed the "" and it imported ldif without
> > saying anything about groups now :-)
> >
> > There are some warnings I am attaching.
> >
> > It moans about
> > str2entry: invalid value for attributeType objectClass #3 (syntax
> > 1.3.6.1.4.1.1466.115.121.1.38)
> > slapadd: could not parse entry (line=11937)
> > and if I look at the ldif I find this
> > dn: uid=someuid,dc=Filiali,dc=People,dc=domain,dc=it
> >
> > and other error
> > slapadd: could not parse entry (line=6)
> > <= str2entry: str2ad(mailHost): attribute type undefined
> > this is the line in ldfi...
> >
> > dn: uid=otheruid,dc=Esterni,dc=People,dc=domain,dc=it
> > cn: otheruid
> >
> > But the line is always the dn:
> > uid=someuid,dc=SomeSubDc,dc=People,dc=domain,dc=it
> >
> > but reading mailHost: I have a line in many accounts with maildir and
> > mail host etc that I don't need any more; shall I remove lines
> > containing mail attributes? (mytextools.com  is
> > great but I suppose there must be some regular expression too)
> >
> > I did a slapcat from destination server and it imported groups but no
> > actual users.
> >
> > I removed mail alternate attibutes (not mail: as it used for creating
> > alias from ldap into mail server) anyway the error seems to be in the
> > DN. it needs a dn but it gives this error
> > str2entry: invalid value for attributeType objectClass #3 (syntax
> > 1.3.6.1.4.1.1466.115.121.1.38)
> > slapadd: could not parse entry (line=1)
> >
> > importing a single user from a partial ldif..
> >
> >
> > Giorgio
> >
> > On 4/8/10, Vladimir Psenicka  > > wrote:
> >> 1. comments to slapd.conf:
> >>
> >> if slapd.conf.destination is on your new server, then you are missing
> >> samba schema in your slapd.conf.destination.
> >>
> >> slapd.conf on new server:
> >> 
> >> include /etc/ldap/schema/samba.schema
> >> 
> >>
> >> Get samba.schema from your current samba instalation on new server. It
> >> should be in somewhere in: /usr/share/doc/samba-doc/examples/LDAP/
> >>
> >> 2. comments on error importing ldif:
> >>
> >> slapadd-ing.LOG:
> >>
> >> slapadd: dn="dc=People,dc=GG-s-Domain,dc=it" (line=26): (64) value of
> >> naming attribute 'dc' is not present in entry
> >>
> >> which is in gg-edited.ldif:
> >>
> >> dn: dc=People,dc=GG-s-Domain,dc=it
> >> objectClass: dcObject
> >> objectClass: organizationalUnit
> >> ou: "People"
> >> dc: "People"
> >> structuralObjectClass: organizationalUnit
> >> entryUUID: 067e823e-5845-1027-9dc5-fa88d05ed16f
> >> creatorsName: cn=Manager,dc=GG-s-Domain,dc=it
> >> createTimestamp: 20030801082225Z
> >> entryCSN: 2003080108:22:25Z#0x0001#0#
> >> modifiersName: cn=Manager,dc=GG-s-Domain,dc=it
> >> modifyTimestamp: 20030801082225Z
> >>
> >> Can you try delete quotes in ou: "People" and dc: "People" and try to
> >> import ldif again? Or you can try delete objectClass: dcObject and dc:
> >> "People". In our ldap we haven't objectClass: dcObject in dn:
> >> ou=Users,dc=pavouk,dc=cz
> >>
> >> my ldif:
> >>
> >> dn: ou=Users,dc=pavouk,dc=cz
> >> objectClass: organizationalUnit
> >> ou: Users
> >> structuralObjectClass: organizationalUnit
> >> entryUUID: 00014016-c3a2-1029-9d4e-9147cb3e97d5
> >> creatorsName: cn=Manager,dc=pavouk,dc=cz
> >> createTimestamp: 20050927125727Z
> >> entryCSN: 20050927125727.00Z#01#000#00
> >> modifiersName: cn=Manager,dc=pavouk,dc=cz
> >> modifyTimestamp: 20050927125727Z
> >>
> >>
> >>
> >>
> >> Dne 7.4.2010 16:14, GG napsal(a):
> >> > Hello Vladimir and anyone else reading :-) !
> >> >
> >> > Attaching these files:
> >> >
> >> > - gg-edited.ldif
> >> > - slapd.conf.destination.txt
> >> > - slapd.conf.source.txt
> >> > - ldap.conf.destination.txt
> >> > - ldap.conf.source.txt
> >> > - slapadd-ing.LOG this was the log while importing ldif
> >> >
> >> >
> >> > NET SID ETC
> >> > 

Re: [Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04

[Vladimir Psenicka]

You have in gg-edited.ldif (first error on line 52):

dn: uid=Christian Sanvi,dc=Sistemi
Informativi,dc=People,dc=GG-s-Domain,dc=it
structuralObjectClass: inetOrgPerson
entryUUID: e969a5fc-584e-1027-9dc7-fa88d05ed16f
creatorsName: cn=Manager,dc=GG-s-Domain,dc=it
createTimestamp: 20030801093311Z
objectClass: inetOrgPerson
objectClass: person
objectClass: sambaAccount
objectClass: qmailUser
objectClass: posixAccount
objectClass: shadowAccount

Dou you have all apropriate schemas in your slapd.conf and in
/etc/ldap/schema/ on your new server? You should have all schemas in new
slapd.conf as you had in slapd.conf on old server...qmail schema etc...

Dne 8.4.2010 11:44, GG napsal(a):
> Hello Vladimir and NG,
> 
> I added samba.schema and removed the "" and it imported ldif without
> saying anything about groups now :-)
> 
> There are some warnings I am attaching.
>  
> It moans about
> str2entry: invalid value for attributeType objectClass #3 (syntax
> 1.3.6.1.4.1.1466.115.121.1.38)
> slapadd: could not parse entry (line=11937)
> and if I look at the ldif I find this
> dn: uid=someuid,dc=Filiali,dc=People,dc=domain,dc=it
> 
> and other error
> slapadd: could not parse entry (line=6)
> <= str2entry: str2ad(mailHost): attribute type undefined
> this is the line in ldfi...
> 
> dn: uid=otheruid,dc=Esterni,dc=People,dc=domain,dc=it
> cn: otheruid
>  
> But the line is always the dn:
> uid=someuid,dc=SomeSubDc,dc=People,dc=domain,dc=it
>  
> but reading mailHost: I have a line in many accounts with maildir and
> mail host etc that I don't need any more; shall I remove lines
> containing mail attributes? (mytextools.com  is
> great but I suppose there must be some regular expression too)
>  
> I did a slapcat from destination server and it imported groups but no
> actual users.
>  
> I removed mail alternate attibutes (not mail: as it used for creating
> alias from ldap into mail server) anyway the error seems to be in the
> DN. it needs a dn but it gives this error 
> str2entry: invalid value for attributeType objectClass #3 (syntax
> 1.3.6.1.4.1.1466.115.121.1.38)
> slapadd: could not parse entry (line=1)
>  
> importing a single user from a partial ldif..
>  
>  
> Giorgio 
>  
> On 4/8/10, Vladimir Psenicka  > wrote:
>> 1. comments to slapd.conf:
>>
>> if slapd.conf.destination is on your new server, then you are missing
>> samba schema in your slapd.conf.destination.
>>
>> slapd.conf on new server:
>> 
>> include /etc/ldap/schema/samba.schema
>> 
>>
>> Get samba.schema from your current samba instalation on new server. It
>> should be in somewhere in: /usr/share/doc/samba-doc/examples/LDAP/
>>
>> 2. comments on error importing ldif:
>>
>> slapadd-ing.LOG:
>>
>> slapadd: dn="dc=People,dc=GG-s-Domain,dc=it" (line=26): (64) value of
>> naming attribute 'dc' is not present in entry
>>
>> which is in gg-edited.ldif:
>>
>> dn: dc=People,dc=GG-s-Domain,dc=it
>> objectClass: dcObject
>> objectClass: organizationalUnit
>> ou: "People"
>> dc: "People"
>> structuralObjectClass: organizationalUnit
>> entryUUID: 067e823e-5845-1027-9dc5-fa88d05ed16f
>> creatorsName: cn=Manager,dc=GG-s-Domain,dc=it
>> createTimestamp: 20030801082225Z
>> entryCSN: 2003080108:22:25Z#0x0001#0#
>> modifiersName: cn=Manager,dc=GG-s-Domain,dc=it
>> modifyTimestamp: 20030801082225Z
>>
>> Can you try delete quotes in ou: "People" and dc: "People" and try to
>> import ldif again? Or you can try delete objectClass: dcObject and dc:
>> "People". In our ldap we haven't objectClass: dcObject in dn:
>> ou=Users,dc=pavouk,dc=cz
>>
>> my ldif:
>>
>> dn: ou=Users,dc=pavouk,dc=cz
>> objectClass: organizationalUnit
>> ou: Users
>> structuralObjectClass: organizationalUnit
>> entryUUID: 00014016-c3a2-1029-9d4e-9147cb3e97d5
>> creatorsName: cn=Manager,dc=pavouk,dc=cz
>> createTimestamp: 20050927125727Z
>> entryCSN: 20050927125727.00Z#01#000#00
>> modifiersName: cn=Manager,dc=pavouk,dc=cz
>> modifyTimestamp: 20050927125727Z
>>
>>
>>
>>
>> Dne 7.4.2010 16:14, GG napsal(a):
>> > Hello Vladimir and anyone else reading :-) !
>> >
>> > Attaching these files:
>> >
>> > - gg-edited.ldif
>> > - slapd.conf.destination.txt
>> > - slapd.conf.source.txt
>> > - ldap.conf.destination.txt
>> > - ldap.conf.source.txt
>> > - slapadd-ing.LOG this was the log while importing ldif
>> >
>> >
>> > NET SID ETC
>> > net setlocalsid
> S-1-5-21-1168...-..-...2
>> > net setdomainsid
> S-1-5-21-1168...-..-...1
>> >
>> > does net setlocal and domain sid have sense or should it be
>> > net setdomainsid
>> > twice with different sids?
>> >
>> > Thanks very much!
>> >
>> > Giorgio
>> >
>> > On 4/6/10, Vladimir Psenicka  > wrote:
>> >> Hi Gorgio
>> >>
>> >> Dne 2.4.2010 17:01, GG napsal(a):
>> >>> Hi all,
>> >>>
>> >>> So I have
>> >>> openldap2-2.1.12-74
>> >>> samba-2.2.7a-72
>> >>>
>> >>> I wo

Re: [Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04

[Vladimir Psenicka]

1. comments to slapd.conf:

if slapd.conf.destination is on your new server, then you are missing
samba schema in your slapd.conf.destination.

slapd.conf on new server:

include /etc/ldap/schema/samba.schema


Get samba.schema from your current samba instalation on new server. It
should be in somewhere in: /usr/share/doc/samba-doc/examples/LDAP/

2. comments on error importing ldif:

slapadd-ing.LOG:

slapadd: dn="dc=People,dc=GG-s-Domain,dc=it" (line=26): (64) value of
naming attribute 'dc' is not present in entry

which is in gg-edited.ldif:

dn: dc=People,dc=GG-s-Domain,dc=it
objectClass: dcObject
objectClass: organizationalUnit
ou: "People"
dc: "People"
structuralObjectClass: organizationalUnit
entryUUID: 067e823e-5845-1027-9dc5-fa88d05ed16f
creatorsName: cn=Manager,dc=GG-s-Domain,dc=it
createTimestamp: 20030801082225Z
entryCSN: 2003080108:22:25Z#0x0001#0#
modifiersName: cn=Manager,dc=GG-s-Domain,dc=it
modifyTimestamp: 20030801082225Z

Can you try delete quotes in ou: "People" and dc: "People" and try to
import ldif again? Or you can try delete objectClass: dcObject and dc:
"People". In our ldap we haven't objectClass: dcObject in dn:
ou=Users,dc=pavouk,dc=cz

my ldif:

dn: ou=Users,dc=pavouk,dc=cz
objectClass: organizationalUnit
ou: Users
structuralObjectClass: organizationalUnit
entryUUID: 00014016-c3a2-1029-9d4e-9147cb3e97d5
creatorsName: cn=Manager,dc=pavouk,dc=cz
createTimestamp: 20050927125727Z
entryCSN: 20050927125727.00Z#01#000#00
modifiersName: cn=Manager,dc=pavouk,dc=cz
modifyTimestamp: 20050927125727Z




Dne 7.4.2010 16:14, GG napsal(a):
> Hello Vladimir and anyone else reading :-) !
> 
> Attaching these files:
> 
> - gg-edited.ldif
> - slapd.conf.destination.txt
> - slapd.conf.source.txt
> - ldap.conf.destination.txt
> - ldap.conf.source.txt
> - slapadd-ing.LOG this was the log while importing ldif
> 
> 
> NET SID ETC
> net setlocalsid S-1-5-21-1168...-..-...2
> net setdomainsid S-1-5-21-1168...-..-...1
> 
> does net setlocal and domain sid have sense or should it be
> net setdomainsid
> twice with different sids?
> 
> Thanks very much!
> 
> Giorgio
> 
> On 4/6/10, Vladimir Psenicka  wrote:
>> Hi Gorgio
>>
>> Dne 2.4.2010 17:01, GG napsal(a):
>>> Hi all,
>>>
>>> So I have
>>> openldap2-2.1.12-74
>>> samba-2.2.7a-72
>>>
>>> I would like to migrate this existing PDC service to a new server and
>>> to current production / stable releases (especially for windows 7
>>> joining to the domain).
>>>
>>> New server is Debian Lenny stable.
>>>
>>> I have exported the domain SID, and ldap.ldif
>>>
>>> Now lets get down to it :-)
>>> Before importing should I do something about organizational units and so? 
>>> How?
>>>
 Import only data to LDAP no configs (slapcat->slapadd)
>>>  slapadd -c -l slapcat.ldif
>>> I did this but attached errors showed up.
>>>
>>> Error, entries missing!
>>>   entry 3: dc=people,dc=ExampleDomain,dc=it
>>>   entry 4: dc=groups,dc=people,dc=ExampleDomain,dc=it
>>
>> Can you post first 100 lines of your ldif you try to import? You
>> probably missing some base ldif.
>>
>>>
>>>
>>> I know nothing about ldap, but my ldap is probably missing some pre
>>> required settings ? :-/
>>>
>>
>> Can you post slapd.conf also?
>>
>>
>>> Cheers!
>>> Giorgio
>>>
 Configs yes, live data no, but if you have ldap it *should* be enough to
 import ldif from old server, configure samba to use ldap and run smbpasswd
 -W to store ldap admin dn pass to secrets.tdb. After that you can test if
 samba see imported users in ldap (pdbedit -L).
>>>
>>>
>>>
>>>
>>>
>>>
>>> On 3/27/10, Vladimir Psenicka  wrote:
 On Fri, 26 Mar 2010 15:32:50 +0100, GG  wrote:
> wow I made it!
>
> I copied net and all the libs it complained about from another suse
> server which was not missing it :-)
>
> [2010/03/26 15:07:37, 0] param/loadparm.c:map_parameter(2435)
>   Unknown parameter encountered: "domain admin group"
> [2010/03/26 15:07:37, 0] param/loadparm.c:lp_do_parameter(3125)
>   Ignoring unknown parameter "domain admin group"
> SID for domain ThisIsLikeTheHostNameOrMaybeAtestDomain???
>  is: S-1-5-21-1bla bla
> SID for domain THISISMYDOMAIN is: S-1-5-other-bla bla
>
> Which shall I import?
>

 Import both for sure:-). First is localsid, second is domainsid

> So now back to mail number 2 :-)
>
> LDAP: I exported ldif :-) now
> I copied /etc/groups passwd shadow aliases
>
> now on the new server:
>
> how do I import LDAP and all its configs,
> samba and all its configs are only in smb.conf?
>
 Import only data to LDAP no configs (slapcat->slapadd)
 Configs yes, live data no, but if you have ldap it *should* be enough to
 import ldif from old server, configure samba to use ldap and run smbpasswd
 -W to store ldap admin dn pass to secrets.tdb. After that you can tes

Re: [Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04

[GG]

you are right! please excuse me I misread!

Giorgio

On 4/7/10, Gaiseric Vandal  wrote:
> They should be the same SID.   The SID of a DC should the same as the SID of
> the domain itself.  And if you had multiple DC's they should all have the
> same SID.
>
> At least that is what I have and it seems to work for me.
>
>
>
>
> On 04/07/2010 10:14 AM, GG wrote:
> > Hello Vladimir and anyone else reading :-) !
> >
> > Attaching these files:
> >
> > - gg-edited.ldif
> > - slapd.conf.destination.txt
> > - slapd.conf.source.txt
> > - ldap.conf.destination.txt
> > - ldap.conf.source.txt
> > - slapadd-ing.LOG this was the log while importing ldif
> >
> >
> > NET SID ETC
> > net setlocalsid
> S-1-5-21-1168...-..-...2
> > net setdomainsid
> S-1-5-21-1168...-..-...1
> >
> > does net setlocal and domain sid have sense or should it be
> > net setdomainsid
> > twice with different sids?
> >
> > Thanks very much!
> >
> > Giorgio
> >
> > On 4/6/10, Vladimir
> Psenicka  wrote:
> >
> >
> > > Hi Gorgio
> > >
> > > Dne 2.4.2010 17:01, GG napsal(a):
> > >
> > >
> > > > Hi all,
> > > >
> > > > So I have
> > > > openldap2-2.1.12-74
> > > > samba-2.2.7a-72
> > > >
> > > > I would like to migrate this existing PDC service to a new server and
> > > > to current production / stable releases (especially for windows 7
> > > > joining to the domain).
> > > >
> > > > New server is Debian Lenny stable.
> > > >
> > > > I have exported the domain SID, and ldap.ldif
> > > >
> > > > Now lets get down to it :-)
> > > > Before importing should I do something about organizational units and
> so? How?
> > > >
> > > >
> > > >
> > > > > Import only data to LDAP no configs (slapcat->slapadd)
> > > > >
> > > > >
> > > >  slapadd -c -l slapcat.ldif
> > > > I did this but attached errors showed up.
> > > >
> > > > Error, entries missing!
> > > >   entry 3: dc=people,dc=ExampleDomain,dc=it
> > > >   entry 4: dc=groups,dc=people,dc=ExampleDomain,dc=it
> > > >
> > > >
> > > Can you post first 100 lines of your ldif you try to import? You
> > > probably missing some base ldif.
> > >
> > >
> > >
> > > >
> > > > I know nothing about ldap, but my ldap is probably missing some pre
> > > > required settings ? :-/
> > > >
> > > >
> > > >
> > > Can you post slapd.conf also?
> > >
> > >
> > >
> > >
> > > > Cheers!
> > > > Giorgio
> > > >
> > > >
> > > >
> > > > > Configs yes, live data no, but if you have ldap it *should* be
> enough to
> > > > > import ldif from old server, configure samba to use ldap and run
> smbpasswd
> > > > > -W to store ldap admin dn pass to secrets.tdb. After that you can
> test if
> > > > > samba see imported users in ldap (pdbedit -L).
> > > > >
> > > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > On 3/27/10, Vladimir
> Psenicka  wrote:
> > > >
> > > >
> > > > > On Fri, 26 Mar 2010 15:32:50 +0100, GG  wrote:
> > > > >
> > > > >
> > > > > > wow I made it!
> > > > > >
> > > > > > I copied net and all the libs it complained about from another
> suse
> > > > > > server which was not missing it :-)
> > > > > >
> > > > > > [2010/03/26 15:07:37, 0]
> param/loadparm.c:map_parameter(2435)
> > > > > >   Unknown parameter encountered: "domain admin group"
> > > > > > [2010/03/26 15:07:37, 0]
> param/loadparm.c:lp_do_parameter(3125)
> > > > > >   Ignoring unknown parameter "domain admin group"
> > > > > > SID for domain
> ThisIsLikeTheHostNameOrMaybeAtestDomain???
> > > > > >  is: S-1-5-21-1bla bla
> > > > > > SID for domain THISISMYDOMAIN is: S-1-5-other-bla bla
> > > > > >
> > > > > > Which shall I import?
> > > > > >
> > > > > >
> > > > > >
> > > > > Import both for sure:-). First is localsid, second is domainsid
> > > > >
> > > > >
> > > > >
> > > > > > So now back to mail number 2 :-)
> > > > > >
> > > > > > LDAP: I exported ldif :-) now
> > > > > > I copied /etc/groups passwd shadow aliases
> > > > > >
> > > > > > now on the new server:
> > > > > >
> > > > > > how do I import LDAP and all its configs,
> > > > > > samba and all its configs are only in smb.conf?
> > > > > >
> > > > > >
> > > > > >
> > > > > Import only data to LDAP no configs (slapcat->slapadd)
> > > > > Configs yes, live data no, but if you have ldap it *should* be
> enough to
> > > > > import ldif from old server, configure samba to use ldap and run
> smbpasswd
> > > > > -W to store ldap admin dn pass to secrets.tdb. After that you can
> test if
> > > > > samba see imported users in ldap (pdbedit -L).
> > > > >
> > > > >
> > > > >
> > > > > > :-)
> > > > > > Giorgio
> > > > > >
> > > > > >
> > > > > >
> > > > > > On 3/26/10, Vladimir
> Psenicka  wrote:
> > > > > >
> > > > > >
> > > > > > > Paste ldap admin dn or ldap suffix in your smb.conf
> > > > > > >
> > > > > > > Dne 26.3.2010 15:24, Vladimir Psenicka napsal(a):
> > > > > > >
> > > > > > >
> > > > > > > > try this:
> > > > > > > >
> > > > > > > > ldapsearch -x -h localhost -D
> "cn=Manager,dc=WORKGROUP,dc=it" -W -b
> > > > > > > >
> "sambaDomainN

Re: [Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04

[Gaiseric Vandal]

They should be the same SID.   The SID of a DC should the same as the 
SID of the domain itself.  And if you had multiple DC's they should all 
have the same SID.


At least that is what I have and it seems to work for me.



On 04/07/2010 10:14 AM, GG wrote:

Hello Vladimir and anyone else reading :-) !

Attaching these files:

- gg-edited.ldif
- slapd.conf.destination.txt
- slapd.conf.source.txt
- ldap.conf.destination.txt
- ldap.conf.source.txt
- slapadd-ing.LOG this was the log while importing ldif


NET SID ETC
net setlocalsid S-1-5-21-1168...-..-...2
net setdomainsid S-1-5-21-1168...-..-...1

does net setlocal and domain sid have sense or should it be
net setdomainsid
twice with different sids?

Thanks very much!

Giorgio

On 4/6/10, Vladimir Psenicka  wrote:
   

Hi Gorgio

Dne 2.4.2010 17:01, GG napsal(a):
 

Hi all,

So I have
openldap2-2.1.12-74
samba-2.2.7a-72

I would like to migrate this existing PDC service to a new server and
to current production / stable releases (especially for windows 7
joining to the domain).

New server is Debian Lenny stable.

I have exported the domain SID, and ldap.ldif

Now lets get down to it :-)
Before importing should I do something about organizational units and so? How?

   

Import only data to LDAP no configs (slapcat->slapadd)
 

  slapadd -c -l slapcat.ldif
I did this but attached errors showed up.

Error, entries missing!
   entry 3: dc=people,dc=ExampleDomain,dc=it
   entry 4: dc=groups,dc=people,dc=ExampleDomain,dc=it
   

Can you post first 100 lines of your ldif you try to import? You
probably missing some base ldif.

 


I know nothing about ldap, but my ldap is probably missing some pre
required settings ? :-/

   

Can you post slapd.conf also?


 

Cheers!
Giorgio

   

Configs yes, live data no, but if you have ldap it *should* be enough to
import ldif from old server, configure samba to use ldap and run smbpasswd
-W to store ldap admin dn pass to secrets.tdb. After that you can test if
samba see imported users in ldap (pdbedit -L).
 






On 3/27/10, Vladimir Psenicka  wrote:
   

On Fri, 26 Mar 2010 15:32:50 +0100, GG  wrote:
 

wow I made it!

I copied net and all the libs it complained about from another suse
server which was not missing it :-)

[2010/03/26 15:07:37, 0] param/loadparm.c:map_parameter(2435)
   Unknown parameter encountered: "domain admin group"
[2010/03/26 15:07:37, 0] param/loadparm.c:lp_do_parameter(3125)
   Ignoring unknown parameter "domain admin group"
SID for domain ThisIsLikeTheHostNameOrMaybeAtestDomain???
  is: S-1-5-21-1bla bla
SID for domain THISISMYDOMAIN is: S-1-5-other-bla bla

Which shall I import?

   

Import both for sure:-). First is localsid, second is domainsid

 

So now back to mail number 2 :-)

LDAP: I exported ldif :-) now
I copied /etc/groups passwd shadow aliases

now on the new server:

how do I import LDAP and all its configs,
samba and all its configs are only in smb.conf?

   

Import only data to LDAP no configs (slapcat->slapadd)
Configs yes, live data no, but if you have ldap it *should* be enough to
import ldif from old server, configure samba to use ldap and run smbpasswd
-W to store ldap admin dn pass to secrets.tdb. After that you can test if
samba see imported users in ldap (pdbedit -L).

 

:-)
Giorgio



On 3/26/10, Vladimir Psenicka  wrote:
   

Paste ldap admin dn or ldap suffix in your smb.conf

Dne 26.3.2010 15:24, Vladimir Psenicka napsal(a):
 

try this:

ldapsearch -x -h localhost -D "cn=Manager,dc=WORKGROUP,dc=it" -W -b
"sambaDomainName=WORKGROUP,dc=WORKGROUP,dc=it"

Dne 26.3.2010 15:00, GG napsal(a):
   

Hello!

I'm stuck on getdomainsid: Net command is missing even though libs
 

and
 

smbclient are installed.

I tried this:
# ldapsearch -x -h localhost -D "cn=Manager,dc=domain,dc=it" -W -b
"sambaDomainName=WORKGROUP,dc=domain,dc=it"
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base  with scope sub
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 34 Invalid DN syntax
text: invalid DN

# numResponses: 1

So: I'm not sure what is sambaDomainName=domain,dc=domain,dc=it...
I used WORKGROUP as it is the domain we use on pcs and the only one
defined in smb.conf

I also tried using my pdc HOSTNAME

and this was returned
# LDAPv3
# base  with scope sub
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 34 Invalid DN syntax
text: invalid DN

# numResponses: 1

Any way to get through this or how to use net command? Maybe
 

updating
 

samba-client?

I tried rpm -i samba-client but it says
file /usr/share/man/man1/smbclient.1.gz from install of
samba-client-2.2.12-1.suse82 conflicts with file from package
samba-client-2.2.7a-72 when trying to rpm -i
 

samba-client-

Re: [Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04

[GG]

Hello Vladimir and anyone else reading :-) !

Attaching these files:

- gg-edited.ldif
- slapd.conf.destination.txt
- slapd.conf.source.txt
- ldap.conf.destination.txt
- ldap.conf.source.txt
- slapadd-ing.LOG this was the log while importing ldif


NET SID ETC
net setlocalsid S-1-5-21-1168...-..-...2
net setdomainsid S-1-5-21-1168...-..-...1

does net setlocal and domain sid have sense or should it be
net setdomainsid
twice with different sids?

Thanks very much!

Giorgio

On 4/6/10, Vladimir Psenicka  wrote:
> Hi Gorgio
>
> Dne 2.4.2010 17:01, GG napsal(a):
> > Hi all,
> >
> > So I have
> > openldap2-2.1.12-74
> > samba-2.2.7a-72
> >
> > I would like to migrate this existing PDC service to a new server and
> > to current production / stable releases (especially for windows 7
> > joining to the domain).
> >
> > New server is Debian Lenny stable.
> >
> > I have exported the domain SID, and ldap.ldif
> >
> > Now lets get down to it :-)
> > Before importing should I do something about organizational units and so? 
> > How?
> >
> >> Import only data to LDAP no configs (slapcat->slapadd)
> >  slapadd -c -l slapcat.ldif
> > I did this but attached errors showed up.
> >
> > Error, entries missing!
> >   entry 3: dc=people,dc=ExampleDomain,dc=it
> >   entry 4: dc=groups,dc=people,dc=ExampleDomain,dc=it
>
> Can you post first 100 lines of your ldif you try to import? You
> probably missing some base ldif.
>
> >
> >
> > I know nothing about ldap, but my ldap is probably missing some pre
> > required settings ? :-/
> >
>
> Can you post slapd.conf also?
>
>
> > Cheers!
> > Giorgio
> >
> >> Configs yes, live data no, but if you have ldap it *should* be enough to
> >> import ldif from old server, configure samba to use ldap and run smbpasswd
> >> -W to store ldap admin dn pass to secrets.tdb. After that you can test if
> >> samba see imported users in ldap (pdbedit -L).
> >
> >
> >
> >
> >
> >
> > On 3/27/10, Vladimir Psenicka  wrote:
> >> On Fri, 26 Mar 2010 15:32:50 +0100, GG  wrote:
> >>> wow I made it!
> >>>
> >>> I copied net and all the libs it complained about from another suse
> >>> server which was not missing it :-)
> >>>
> >>> [2010/03/26 15:07:37, 0] param/loadparm.c:map_parameter(2435)
> >>>   Unknown parameter encountered: "domain admin group"
> >>> [2010/03/26 15:07:37, 0] param/loadparm.c:lp_do_parameter(3125)
> >>>   Ignoring unknown parameter "domain admin group"
> >>> SID for domain ThisIsLikeTheHostNameOrMaybeAtestDomain???
> >>>  is: S-1-5-21-1bla bla
> >>> SID for domain THISISMYDOMAIN is: S-1-5-other-bla bla
> >>>
> >>> Which shall I import?
> >>>
> >>
> >> Import both for sure:-). First is localsid, second is domainsid
> >>
> >>> So now back to mail number 2 :-)
> >>>
> >>> LDAP: I exported ldif :-) now
> >>> I copied /etc/groups passwd shadow aliases
> >>>
> >>> now on the new server:
> >>>
> >>> how do I import LDAP and all its configs,
> >>> samba and all its configs are only in smb.conf?
> >>>
> >> Import only data to LDAP no configs (slapcat->slapadd)
> >> Configs yes, live data no, but if you have ldap it *should* be enough to
> >> import ldif from old server, configure samba to use ldap and run smbpasswd
> >> -W to store ldap admin dn pass to secrets.tdb. After that you can test if
> >> samba see imported users in ldap (pdbedit -L).
> >>
> >>> :-)
> >>> Giorgio
> >>>
> >>>
> >>>
> >>> On 3/26/10, Vladimir Psenicka  wrote:
>  Paste ldap admin dn or ldap suffix in your smb.conf
> 
>  Dne 26.3.2010 15:24, Vladimir Psenicka napsal(a):
> > try this:
> >
> > ldapsearch -x -h localhost -D "cn=Manager,dc=WORKGROUP,dc=it" -W -b
> > "sambaDomainName=WORKGROUP,dc=WORKGROUP,dc=it"
> >
> > Dne 26.3.2010 15:00, GG napsal(a):
> >> Hello!
> >>
> >> I'm stuck on getdomainsid: Net command is missing even though libs
> >> and
> >> smbclient are installed.
> >>
> >> I tried this:
> >> # ldapsearch -x -h localhost -D "cn=Manager,dc=domain,dc=it" -W -b
> >> "sambaDomainName=WORKGROUP,dc=domain,dc=it"
> >> Enter LDAP Password:
> >> # extended LDIF
> >> #
> >> # LDAPv3
> >> # base  with scope sub
> >> # filter: (objectclass=*)
> >> # requesting: ALL
> >> #
> >>
> >> # search result
> >> search: 2
> >> result: 34 Invalid DN syntax
> >> text: invalid DN
> >>
> >> # numResponses: 1
> >>
> >> So: I'm not sure what is sambaDomainName=domain,dc=domain,dc=it...
> >> I used WORKGROUP as it is the domain we use on pcs and the only one
> >> defined in smb.conf
> >>
> >> I also tried using my pdc HOSTNAME
> >>
> >> and this was returned
> >> # LDAPv3
> >> # base  with scope sub
> >> # filter: (objectclass=*)
> >> # requesting: ALL
> >> #
> >>
> >> # search result
> >> search: 2
> >> result: 34 Invalid DN syntax
> >> text: invalid DN
> >>
> >> # numR

Re: [Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04

[Vladimir Psenicka]

Hi Gorgio

Dne 2.4.2010 17:01, GG napsal(a):
> Hi all,
> 
> So I have
> openldap2-2.1.12-74
> samba-2.2.7a-72
> 
> I would like to migrate this existing PDC service to a new server and
> to current production / stable releases (especially for windows 7
> joining to the domain).
> 
> New server is Debian Lenny stable.
> 
> I have exported the domain SID, and ldap.ldif
> 
> Now lets get down to it :-)
> Before importing should I do something about organizational units and so? How?
> 
>> Import only data to LDAP no configs (slapcat->slapadd)
>  slapadd -c -l slapcat.ldif
> I did this but attached errors showed up.
> 
> Error, entries missing!
>   entry 3: dc=people,dc=ExampleDomain,dc=it
>   entry 4: dc=groups,dc=people,dc=ExampleDomain,dc=it

Can you post first 100 lines of your ldif you try to import? You
probably missing some base ldif.

> 
> 
> I know nothing about ldap, but my ldap is probably missing some pre
> required settings ? :-/
> 

Can you post slapd.conf also?


> Cheers!
> Giorgio
> 
>> Configs yes, live data no, but if you have ldap it *should* be enough to
>> import ldif from old server, configure samba to use ldap and run smbpasswd
>> -W to store ldap admin dn pass to secrets.tdb. After that you can test if
>> samba see imported users in ldap (pdbedit -L).
> 
> 
> 
> 
> 
> 
> On 3/27/10, Vladimir Psenicka  wrote:
>> On Fri, 26 Mar 2010 15:32:50 +0100, GG  wrote:
>>> wow I made it!
>>>
>>> I copied net and all the libs it complained about from another suse
>>> server which was not missing it :-)
>>>
>>> [2010/03/26 15:07:37, 0] param/loadparm.c:map_parameter(2435)
>>>   Unknown parameter encountered: "domain admin group"
>>> [2010/03/26 15:07:37, 0] param/loadparm.c:lp_do_parameter(3125)
>>>   Ignoring unknown parameter "domain admin group"
>>> SID for domain ThisIsLikeTheHostNameOrMaybeAtestDomain???
>>>  is: S-1-5-21-1bla bla
>>> SID for domain THISISMYDOMAIN is: S-1-5-other-bla bla
>>>
>>> Which shall I import?
>>>
>>
>> Import both for sure:-). First is localsid, second is domainsid
>>
>>> So now back to mail number 2 :-)
>>>
>>> LDAP: I exported ldif :-) now
>>> I copied /etc/groups passwd shadow aliases
>>>
>>> now on the new server:
>>>
>>> how do I import LDAP and all its configs,
>>> samba and all its configs are only in smb.conf?
>>>
>> Import only data to LDAP no configs (slapcat->slapadd)
>> Configs yes, live data no, but if you have ldap it *should* be enough to
>> import ldif from old server, configure samba to use ldap and run smbpasswd
>> -W to store ldap admin dn pass to secrets.tdb. After that you can test if
>> samba see imported users in ldap (pdbedit -L).
>>
>>> :-)
>>> Giorgio
>>>
>>>
>>>
>>> On 3/26/10, Vladimir Psenicka  wrote:
 Paste ldap admin dn or ldap suffix in your smb.conf

 Dne 26.3.2010 15:24, Vladimir Psenicka napsal(a):
> try this:
>
> ldapsearch -x -h localhost -D "cn=Manager,dc=WORKGROUP,dc=it" -W -b
> "sambaDomainName=WORKGROUP,dc=WORKGROUP,dc=it"
>
> Dne 26.3.2010 15:00, GG napsal(a):
>> Hello!
>>
>> I'm stuck on getdomainsid: Net command is missing even though libs
>> and
>> smbclient are installed.
>>
>> I tried this:
>> # ldapsearch -x -h localhost -D "cn=Manager,dc=domain,dc=it" -W -b
>> "sambaDomainName=WORKGROUP,dc=domain,dc=it"
>> Enter LDAP Password:
>> # extended LDIF
>> #
>> # LDAPv3
>> # base  with scope sub
>> # filter: (objectclass=*)
>> # requesting: ALL
>> #
>>
>> # search result
>> search: 2
>> result: 34 Invalid DN syntax
>> text: invalid DN
>>
>> # numResponses: 1
>>
>> So: I'm not sure what is sambaDomainName=domain,dc=domain,dc=it...
>> I used WORKGROUP as it is the domain we use on pcs and the only one
>> defined in smb.conf
>>
>> I also tried using my pdc HOSTNAME
>>
>> and this was returned
>> # LDAPv3
>> # base  with scope sub
>> # filter: (objectclass=*)
>> # requesting: ALL
>> #
>>
>> # search result
>> search: 2
>> result: 34 Invalid DN syntax
>> text: invalid DN
>>
>> # numResponses: 1
>>
>> Any way to get through this or how to use net command? Maybe
>> updating
>> samba-client?
>>
>> I tried rpm -i samba-client but it says
>> file /usr/share/man/man1/smbclient.1.gz from install of
>> samba-client-2.2.12-1.suse82 conflicts with file from package
>> samba-client-2.2.7a-72 when trying to rpm -i
>> samba-client-2.2.12-1.rpm
>>
>> I found also the original package but it says it is already
>> installed.
>>
>> What happens if I remove samba-client and reinstall it soon after on
>> the production pdc?
>>
>>
>> Giorgio
>>
>> On 3/26/10, Vladimir Psenicka  wrote:
>>> Dne 26.3.2010 13:50, GG napsal(a):
 Hello!

>> Have you samba-client package installed?
>>

 yes I do at least smbclient is there! but no net c

Re: [Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04

[GG]

Hi all,

So I have
openldap2-2.1.12-74
samba-2.2.7a-72

I would like to migrate this existing PDC service to a new server and
to current production / stable releases (especially for windows 7
joining to the domain).

New server is Debian Lenny stable.

I have exported the domain SID, and ldap.ldif

Now lets get down to it :-)
Before importing should I do something about organizational units and so? How?

> Import only data to LDAP no configs (slapcat->slapadd)
 slapadd -c -l slapcat.ldif
I did this but attached errors showed up.

Error, entries missing!
  entry 3: dc=people,dc=ExampleDomain,dc=it
  entry 4: dc=groups,dc=people,dc=ExampleDomain,dc=it


I know nothing about ldap, but my ldap is probably missing some pre
required settings ? :-/

Cheers!
Giorgio

> Configs yes, live data no, but if you have ldap it *should* be enough to
> import ldif from old server, configure samba to use ldap and run smbpasswd
> -W to store ldap admin dn pass to secrets.tdb. After that you can test if
> samba see imported users in ldap (pdbedit -L).






On 3/27/10, Vladimir Psenicka  wrote:
> On Fri, 26 Mar 2010 15:32:50 +0100, GG  wrote:
> > wow I made it!
> >
> > I copied net and all the libs it complained about from another suse
> > server which was not missing it :-)
> >
> > [2010/03/26 15:07:37, 0] param/loadparm.c:map_parameter(2435)
> >   Unknown parameter encountered: "domain admin group"
> > [2010/03/26 15:07:37, 0] param/loadparm.c:lp_do_parameter(3125)
> >   Ignoring unknown parameter "domain admin group"
> > SID for domain ThisIsLikeTheHostNameOrMaybeAtestDomain???
> >  is: S-1-5-21-1bla bla
> > SID for domain THISISMYDOMAIN is: S-1-5-other-bla bla
> >
> > Which shall I import?
> >
>
> Import both for sure:-). First is localsid, second is domainsid
>
> > So now back to mail number 2 :-)
> >
> > LDAP: I exported ldif :-) now
> > I copied /etc/groups passwd shadow aliases
> >
> > now on the new server:
> >
> > how do I import LDAP and all its configs,
> > samba and all its configs are only in smb.conf?
> >
> Import only data to LDAP no configs (slapcat->slapadd)
> Configs yes, live data no, but if you have ldap it *should* be enough to
> import ldif from old server, configure samba to use ldap and run smbpasswd
> -W to store ldap admin dn pass to secrets.tdb. After that you can test if
> samba see imported users in ldap (pdbedit -L).
>
> > :-)
> > Giorgio
> >
> >
> >
> > On 3/26/10, Vladimir Psenicka  wrote:
> >> Paste ldap admin dn or ldap suffix in your smb.conf
> >>
> >> Dne 26.3.2010 15:24, Vladimir Psenicka napsal(a):
> >> > try this:
> >> >
> >> > ldapsearch -x -h localhost -D "cn=Manager,dc=WORKGROUP,dc=it" -W -b
> >> > "sambaDomainName=WORKGROUP,dc=WORKGROUP,dc=it"
> >> >
> >> > Dne 26.3.2010 15:00, GG napsal(a):
> >> >> Hello!
> >> >>
> >> >> I'm stuck on getdomainsid: Net command is missing even though libs
> and
> >> >> smbclient are installed.
> >> >>
> >> >> I tried this:
> >> >> # ldapsearch -x -h localhost -D "cn=Manager,dc=domain,dc=it" -W -b
> >> >> "sambaDomainName=WORKGROUP,dc=domain,dc=it"
> >> >> Enter LDAP Password:
> >> >> # extended LDIF
> >> >> #
> >> >> # LDAPv3
> >> >> # base  with scope sub
> >> >> # filter: (objectclass=*)
> >> >> # requesting: ALL
> >> >> #
> >> >>
> >> >> # search result
> >> >> search: 2
> >> >> result: 34 Invalid DN syntax
> >> >> text: invalid DN
> >> >>
> >> >> # numResponses: 1
> >> >>
> >> >> So: I'm not sure what is sambaDomainName=domain,dc=domain,dc=it...
> >> >> I used WORKGROUP as it is the domain we use on pcs and the only one
> >> >> defined in smb.conf
> >> >>
> >> >> I also tried using my pdc HOSTNAME
> >> >>
> >> >> and this was returned
> >> >> # LDAPv3
> >> >> # base  with scope sub
> >> >> # filter: (objectclass=*)
> >> >> # requesting: ALL
> >> >> #
> >> >>
> >> >> # search result
> >> >> search: 2
> >> >> result: 34 Invalid DN syntax
> >> >> text: invalid DN
> >> >>
> >> >> # numResponses: 1
> >> >>
> >> >> Any way to get through this or how to use net command? Maybe
> updating
> >> >> samba-client?
> >> >>
> >> >> I tried rpm -i samba-client but it says
> >> >> file /usr/share/man/man1/smbclient.1.gz from install of
> >> >> samba-client-2.2.12-1.suse82 conflicts with file from package
> >> >> samba-client-2.2.7a-72 when trying to rpm -i
> samba-client-2.2.12-1.rpm
> >> >>
> >> >> I found also the original package but it says it is already
> installed.
> >> >>
> >> >> What happens if I remove samba-client and reinstall it soon after on
> >> >> the production pdc?
> >> >>
> >> >>
> >> >> Giorgio
> >> >>
> >> >> On 3/26/10, Vladimir Psenicka  wrote:
> >> >>> Dne 26.3.2010 13:50, GG napsal(a):
> >>  Hello!
> >> 
> >> >> Have you samba-client package installed?
> >> >>
> >> 
> >>  yes I do at least smbclient is there! but no net command :-/
> >> 
> >> >> pavouk\pseni...@psenicka:~> rpm -qf `which net`
> >> >> samba-client-3.5.1-4.1.x86_64
> >> 
> >>  So here are the issues encountered...
> >>  file /us

Re: [Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04

[Vladimir Psenicka]

On Fri, 26 Mar 2010 15:32:50 +0100, GG  wrote:
> wow I made it!
> 
> I copied net and all the libs it complained about from another suse
> server which was not missing it :-)
> 
> [2010/03/26 15:07:37, 0] param/loadparm.c:map_parameter(2435)
>   Unknown parameter encountered: "domain admin group"
> [2010/03/26 15:07:37, 0] param/loadparm.c:lp_do_parameter(3125)
>   Ignoring unknown parameter "domain admin group"
> SID for domain ThisIsLikeTheHostNameOrMaybeAtestDomain???
>  is: S-1-5-21-1bla bla
> SID for domain THISISMYDOMAIN is: S-1-5-other-bla bla
> 
> Which shall I import?
> 

Import both for sure:-). First is localsid, second is domainsid

> So now back to mail number 2 :-)
> 
> LDAP: I exported ldif :-) now
> I copied /etc/groups passwd shadow aliases
> 
> now on the new server:
> 
> how do I import LDAP and all its configs,
> samba and all its configs are only in smb.conf?
> 
Import only data to LDAP no configs (slapcat->slapadd)
Configs yes, live data no, but if you have ldap it *should* be enough to
import ldif from old server, configure samba to use ldap and run smbpasswd
-W to store ldap admin dn pass to secrets.tdb. After that you can test if
samba see imported users in ldap (pdbedit -L).

> :-)
> Giorgio
> 
> 
> 
> On 3/26/10, Vladimir Psenicka  wrote:
>> Paste ldap admin dn or ldap suffix in your smb.conf
>>
>> Dne 26.3.2010 15:24, Vladimir Psenicka napsal(a):
>> > try this:
>> >
>> > ldapsearch -x -h localhost -D "cn=Manager,dc=WORKGROUP,dc=it" -W -b
>> > "sambaDomainName=WORKGROUP,dc=WORKGROUP,dc=it"
>> >
>> > Dne 26.3.2010 15:00, GG napsal(a):
>> >> Hello!
>> >>
>> >> I'm stuck on getdomainsid: Net command is missing even though libs
and
>> >> smbclient are installed.
>> >>
>> >> I tried this:
>> >> # ldapsearch -x -h localhost -D "cn=Manager,dc=domain,dc=it" -W -b
>> >> "sambaDomainName=WORKGROUP,dc=domain,dc=it"
>> >> Enter LDAP Password:
>> >> # extended LDIF
>> >> #
>> >> # LDAPv3
>> >> # base  with scope sub
>> >> # filter: (objectclass=*)
>> >> # requesting: ALL
>> >> #
>> >>
>> >> # search result
>> >> search: 2
>> >> result: 34 Invalid DN syntax
>> >> text: invalid DN
>> >>
>> >> # numResponses: 1
>> >>
>> >> So: I'm not sure what is sambaDomainName=domain,dc=domain,dc=it...
>> >> I used WORKGROUP as it is the domain we use on pcs and the only one
>> >> defined in smb.conf
>> >>
>> >> I also tried using my pdc HOSTNAME
>> >>
>> >> and this was returned
>> >> # LDAPv3
>> >> # base  with scope sub
>> >> # filter: (objectclass=*)
>> >> # requesting: ALL
>> >> #
>> >>
>> >> # search result
>> >> search: 2
>> >> result: 34 Invalid DN syntax
>> >> text: invalid DN
>> >>
>> >> # numResponses: 1
>> >>
>> >> Any way to get through this or how to use net command? Maybe
updating
>> >> samba-client?
>> >>
>> >> I tried rpm -i samba-client but it says
>> >> file /usr/share/man/man1/smbclient.1.gz from install of
>> >> samba-client-2.2.12-1.suse82 conflicts with file from package
>> >> samba-client-2.2.7a-72 when trying to rpm -i
samba-client-2.2.12-1.rpm
>> >>
>> >> I found also the original package but it says it is already
installed.
>> >>
>> >> What happens if I remove samba-client and reinstall it soon after on
>> >> the production pdc?
>> >>
>> >>
>> >> Giorgio
>> >>
>> >> On 3/26/10, Vladimir Psenicka  wrote:
>> >>> Dne 26.3.2010 13:50, GG napsal(a):
>>  Hello!
>> 
>> >> Have you samba-client package installed?
>> >>
>> 
>>  yes I do at least smbclient is there! but no net command :-/
>> 
>> >> pavouk\pseni...@psenicka:~> rpm -qf `which net`
>> >> samba-client-3.5.1-4.1.x86_64
>> 
>>  So here are the issues encountered...
>>  file /usr/share/man/man1/smbclient.1.gz from install of
>>  samba-client-2.2.12-1.suse82 conflicts with file from package
>>  samba-client-2.2.7a-72 when trying to rpm -i
>>  samba-client-2.2.12-1.rpm
>>  I found on net...
>> 
>> >>
>> >> or you can dig domainsid from ldap
>> 
>>  This sounds interesting! How do I do that?
>> 
>> >>>
>> >>> modify to your needs (domain):
>> >>>
>> >>> ldapsearch -x -h ldap -D "cn=admin,dc=domain,dc=cz" -W -b
>> >>> "sambaDomainName=domain,dc=domain,dc=cz"
>> >>>
>> >>> sambaSID: is your domainsid
>> >>>
>> >>> or you can use phpldapadmin to manage you ldap from browser
>> >>>
>>  Thanks very much!
>>  Giorgio
>> 
>>  On 3/26/10, GG  wrotehttps://mail.prodeco.cz/roundcube/program/js/tiny_mce/themes/advanced/langs/cs.js?s=1240817786";>:
>> > Hi!
>> >
>> > I'll be at it in a few minutes installing samba client / net
>> > command :-)
>> >
>> > I have a question about the samba sernet repos:
>> > Shall I apt-get remove samba and use
>> > http://enterprisesamba.com/index.php?id=148 +
>> > http://enterprisesamba.com/index.php?id=56
>> >  instead from start?
>> >
>> > What is the real advantage of sernet? What about installing
>> > official
>> > samba.org packages, are there diffe

Re: [Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04

[Vladimir Psenicka]

Paste ldap admin dn or ldap suffix in your smb.conf

Dne 26.3.2010 15:24, Vladimir Psenicka napsal(a):
> try this:
> 
> ldapsearch -x -h localhost -D "cn=Manager,dc=WORKGROUP,dc=it" -W -b
> "sambaDomainName=WORKGROUP,dc=WORKGROUP,dc=it"
> 
> Dne 26.3.2010 15:00, GG napsal(a):
>> Hello!
>>
>> I'm stuck on getdomainsid: Net command is missing even though libs and
>> smbclient are installed.
>>
>> I tried this:
>> # ldapsearch -x -h localhost -D "cn=Manager,dc=domain,dc=it" -W -b
>> "sambaDomainName=WORKGROUP,dc=domain,dc=it"
>> Enter LDAP Password:
>> # extended LDIF
>> #
>> # LDAPv3
>> # base  with scope sub
>> # filter: (objectclass=*)
>> # requesting: ALL
>> #
>>
>> # search result
>> search: 2
>> result: 34 Invalid DN syntax
>> text: invalid DN
>>
>> # numResponses: 1
>>
>> So: I'm not sure what is sambaDomainName=domain,dc=domain,dc=it...
>> I used WORKGROUP as it is the domain we use on pcs and the only one
>> defined in smb.conf
>>
>> I also tried using my pdc HOSTNAME
>>
>> and this was returned
>> # LDAPv3
>> # base  with scope sub
>> # filter: (objectclass=*)
>> # requesting: ALL
>> #
>>
>> # search result
>> search: 2
>> result: 34 Invalid DN syntax
>> text: invalid DN
>>
>> # numResponses: 1
>>
>> Any way to get through this or how to use net command? Maybe updating
>> samba-client?
>>
>> I tried rpm -i samba-client but it says
>> file /usr/share/man/man1/smbclient.1.gz from install of
>> samba-client-2.2.12-1.suse82 conflicts with file from package
>> samba-client-2.2.7a-72 when trying to rpm -i samba-client-2.2.12-1.rpm
>>
>> I found also the original package but it says it is already installed.
>>
>> What happens if I remove samba-client and reinstall it soon after on
>> the production pdc?
>>
>>
>> Giorgio
>>
>> On 3/26/10, Vladimir Psenicka  wrote:
>>> Dne 26.3.2010 13:50, GG napsal(a):
 Hello!

>> Have you samba-client package installed?
>>

 yes I do at least smbclient is there! but no net command :-/

>> pavouk\pseni...@psenicka:~> rpm -qf `which net`
>> samba-client-3.5.1-4.1.x86_64

 So here are the issues encountered...
 file /usr/share/man/man1/smbclient.1.gz from install of
 samba-client-2.2.12-1.suse82 conflicts with file from package
 samba-client-2.2.7a-72 when trying to rpm -i samba-client-2.2.12-1.rpm
 I found on net...

>>
>> or you can dig domainsid from ldap

 This sounds interesting! How do I do that?

>>>
>>> modify to your needs (domain):
>>>
>>> ldapsearch -x -h ldap -D "cn=admin,dc=domain,dc=cz" -W -b
>>> "sambaDomainName=domain,dc=domain,dc=cz"
>>>
>>> sambaSID: is your domainsid
>>>
>>> or you can use phpldapadmin to manage you ldap from browser
>>>
 Thanks very much!
 Giorgio

 On 3/26/10, GG  wrote:
> Hi!
>
> I'll be at it in a few minutes installing samba client / net command :-)
>
> I have a question about the samba sernet repos:
> Shall I apt-get remove samba and use
> http://enterprisesamba.com/index.php?id=148 +
> http://enterprisesamba.com/index.php?id=56
>  instead from start?
>
> What is the real advantage of sernet? What about installing official
> samba.org packages, are there differences with sernet (stability?) or
> is it just a more liberal repository?
>
> Also I read
 Ensure that all local user and group accounts that are used by samba
 have the same uid/gid.
>
> Shall I copy /etc/shadow and /etc/passwd over? other files for groups
> and users?
>
> I use rsync --verbose  --progress --stats --compress --rsh=ssh \
>  --recursive --times --perms --links  \
>  --owner --group --devices --specials \
>  --exclude-from '/root/exclude.txt (if any, not in this case as
> I'm only syncing data dir)' \
>  r...@old_pdc:/DATA /DATA
>
> This should bring over every attribute set on files... correct?
>
> [[[did only partially in one case: I set up a twin install (fresh
> install then live cd and full rsync and after that I kept mbr, but
> changed /boot and the /ect/fstab settings) and the server started
> etc.. LDAP did not work though: authentication was not available...
> So I must be missing something or this rsync parameter set must be
> missing something.. I had disconnected old PDC, set same IP and
> hostname to the VM well this worked well for other virtualizations and
> in this PDC I need to upgrade to win7 compatible samba version anyway
> :-)
> This was another story but just to share it as it is an excellent way
> of migrating sometimes specially for machines you do not master and
> this is my case very often.]]]
>
> Cheers,
> Giorgio
>
> On Fri, Mar 26, 2010 at 9:14 AM, Vladimir Psenicka
>  wrote:
>> Hi
>>
>> Dne 25.3.2010 17:41, GG napsal(a):
>>> Hello Vladimir, John and all the NG :-)
>>> Thanks so much for answering. I reall

Re: [Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04

[Vladimir Psenicka]

try this:

ldapsearch -x -h localhost -D "cn=Manager,dc=WORKGROUP,dc=it" -W -b
"sambaDomainName=WORKGROUP,dc=WORKGROUP,dc=it"

Dne 26.3.2010 15:00, GG napsal(a):
> Hello!
> 
> I'm stuck on getdomainsid: Net command is missing even though libs and
> smbclient are installed.
> 
> I tried this:
> # ldapsearch -x -h localhost -D "cn=Manager,dc=domain,dc=it" -W -b
> "sambaDomainName=WORKGROUP,dc=domain,dc=it"
> Enter LDAP Password:
> # extended LDIF
> #
> # LDAPv3
> # base  with scope sub
> # filter: (objectclass=*)
> # requesting: ALL
> #
> 
> # search result
> search: 2
> result: 34 Invalid DN syntax
> text: invalid DN
> 
> # numResponses: 1
> 
> So: I'm not sure what is sambaDomainName=domain,dc=domain,dc=it...
> I used WORKGROUP as it is the domain we use on pcs and the only one
> defined in smb.conf
> 
> I also tried using my pdc HOSTNAME
> 
> and this was returned
> # LDAPv3
> # base  with scope sub
> # filter: (objectclass=*)
> # requesting: ALL
> #
> 
> # search result
> search: 2
> result: 34 Invalid DN syntax
> text: invalid DN
> 
> # numResponses: 1
> 
> Any way to get through this or how to use net command? Maybe updating
> samba-client?
> 
> I tried rpm -i samba-client but it says
> file /usr/share/man/man1/smbclient.1.gz from install of
> samba-client-2.2.12-1.suse82 conflicts with file from package
> samba-client-2.2.7a-72 when trying to rpm -i samba-client-2.2.12-1.rpm
> 
> I found also the original package but it says it is already installed.
> 
> What happens if I remove samba-client and reinstall it soon after on
> the production pdc?
> 
> 
> Giorgio
> 
> On 3/26/10, Vladimir Psenicka  wrote:
>> Dne 26.3.2010 13:50, GG napsal(a):
>>> Hello!
>>>
> Have you samba-client package installed?
>
>>>
>>> yes I do at least smbclient is there! but no net command :-/
>>>
> pavouk\pseni...@psenicka:~> rpm -qf `which net`
> samba-client-3.5.1-4.1.x86_64
>>>
>>> So here are the issues encountered...
>>> file /usr/share/man/man1/smbclient.1.gz from install of
>>> samba-client-2.2.12-1.suse82 conflicts with file from package
>>> samba-client-2.2.7a-72 when trying to rpm -i samba-client-2.2.12-1.rpm
>>> I found on net...
>>>
>
> or you can dig domainsid from ldap
>>>
>>> This sounds interesting! How do I do that?
>>>
>>
>> modify to your needs (domain):
>>
>> ldapsearch -x -h ldap -D "cn=admin,dc=domain,dc=cz" -W -b
>> "sambaDomainName=domain,dc=domain,dc=cz"
>>
>> sambaSID: is your domainsid
>>
>> or you can use phpldapadmin to manage you ldap from browser
>>
>>> Thanks very much!
>>> Giorgio
>>>
>>> On 3/26/10, GG  wrote:
 Hi!

 I'll be at it in a few minutes installing samba client / net command :-)

 I have a question about the samba sernet repos:
 Shall I apt-get remove samba and use
 http://enterprisesamba.com/index.php?id=148 +
 http://enterprisesamba.com/index.php?id=56
  instead from start?

 What is the real advantage of sernet? What about installing official
 samba.org packages, are there differences with sernet (stability?) or
 is it just a more liberal repository?

 Also I read
>>> Ensure that all local user and group accounts that are used by samba
>>> have the same uid/gid.

 Shall I copy /etc/shadow and /etc/passwd over? other files for groups
 and users?

 I use rsync --verbose  --progress --stats --compress --rsh=ssh \
  --recursive --times --perms --links  \
  --owner --group --devices --specials \
  --exclude-from '/root/exclude.txt (if any, not in this case as
 I'm only syncing data dir)' \
  r...@old_pdc:/DATA /DATA

 This should bring over every attribute set on files... correct?

 [[[did only partially in one case: I set up a twin install (fresh
 install then live cd and full rsync and after that I kept mbr, but
 changed /boot and the /ect/fstab settings) and the server started
 etc.. LDAP did not work though: authentication was not available...
 So I must be missing something or this rsync parameter set must be
 missing something.. I had disconnected old PDC, set same IP and
 hostname to the VM well this worked well for other virtualizations and
 in this PDC I need to upgrade to win7 compatible samba version anyway
 :-)
 This was another story but just to share it as it is an excellent way
 of migrating sometimes specially for machines you do not master and
 this is my case very often.]]]

 Cheers,
 Giorgio

 On Fri, Mar 26, 2010 at 9:14 AM, Vladimir Psenicka
  wrote:
> Hi
>
> Dne 25.3.2010 17:41, GG napsal(a):
>> Hello Vladimir, John and all the NG :-)
>> Thanks so much for answering. I really hoped someone would :-)
>>
>> So I installed Debian latest stable netinst on the future production
>> server and here are my issues in the quotes :-( no net command on my
>> suse 8.2
>>
>> Cheers :-)
>> Giorgio
>>
>

Re: [Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04

[GG]

Hello!

I'm stuck on getdomainsid: Net command is missing even though libs and
smbclient are installed.

I tried this:
# ldapsearch -x -h localhost -D "cn=Manager,dc=domain,dc=it" -W -b
"sambaDomainName=WORKGROUP,dc=domain,dc=it"
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base  with scope sub
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 34 Invalid DN syntax
text: invalid DN

# numResponses: 1

So: I'm not sure what is sambaDomainName=domain,dc=domain,dc=it...
I used WORKGROUP as it is the domain we use on pcs and the only one
defined in smb.conf

I also tried using my pdc HOSTNAME

and this was returned
# LDAPv3
# base  with scope sub
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 34 Invalid DN syntax
text: invalid DN

# numResponses: 1

Any way to get through this or how to use net command? Maybe updating
samba-client?

I tried rpm -i samba-client but it says
file /usr/share/man/man1/smbclient.1.gz from install of
samba-client-2.2.12-1.suse82 conflicts with file from package
samba-client-2.2.7a-72 when trying to rpm -i samba-client-2.2.12-1.rpm

I found also the original package but it says it is already installed.

What happens if I remove samba-client and reinstall it soon after on
the production pdc?


Giorgio

On 3/26/10, Vladimir Psenicka  wrote:
> Dne 26.3.2010 13:50, GG napsal(a):
> > Hello!
> >
> >>> Have you samba-client package installed?
> >>>
> >
> > yes I do at least smbclient is there! but no net command :-/
> >
> >>> pavouk\pseni...@psenicka:~> rpm -qf `which net`
> >>> samba-client-3.5.1-4.1.x86_64
> >
> > So here are the issues encountered...
> > file /usr/share/man/man1/smbclient.1.gz from install of
> > samba-client-2.2.12-1.suse82 conflicts with file from package
> > samba-client-2.2.7a-72 when trying to rpm -i samba-client-2.2.12-1.rpm
> > I found on net...
> >
> >>>
> >>> or you can dig domainsid from ldap
> >
> > This sounds interesting! How do I do that?
> >
>
> modify to your needs (domain):
>
> ldapsearch -x -h ldap -D "cn=admin,dc=domain,dc=cz" -W -b
> "sambaDomainName=domain,dc=domain,dc=cz"
>
> sambaSID: is your domainsid
>
> or you can use phpldapadmin to manage you ldap from browser
>
> > Thanks very much!
> > Giorgio
> >
> > On 3/26/10, GG  wrote:
> >> Hi!
> >>
> >> I'll be at it in a few minutes installing samba client / net command :-)
> >>
> >> I have a question about the samba sernet repos:
> >> Shall I apt-get remove samba and use
> >> http://enterprisesamba.com/index.php?id=148 +
> >> http://enterprisesamba.com/index.php?id=56
> >>  instead from start?
> >>
> >> What is the real advantage of sernet? What about installing official
> >> samba.org packages, are there differences with sernet (stability?) or
> >> is it just a more liberal repository?
> >>
> >> Also I read
> > Ensure that all local user and group accounts that are used by samba
> > have the same uid/gid.
> >>
> >> Shall I copy /etc/shadow and /etc/passwd over? other files for groups
> >> and users?
> >>
> >> I use rsync --verbose  --progress --stats --compress --rsh=ssh \
> >>  --recursive --times --perms --links  \
> >>  --owner --group --devices --specials \
> >>  --exclude-from '/root/exclude.txt (if any, not in this case as
> >> I'm only syncing data dir)' \
> >>  r...@old_pdc:/DATA /DATA
> >>
> >> This should bring over every attribute set on files... correct?
> >>
> >> [[[did only partially in one case: I set up a twin install (fresh
> >> install then live cd and full rsync and after that I kept mbr, but
> >> changed /boot and the /ect/fstab settings) and the server started
> >> etc.. LDAP did not work though: authentication was not available...
> >> So I must be missing something or this rsync parameter set must be
> >> missing something.. I had disconnected old PDC, set same IP and
> >> hostname to the VM well this worked well for other virtualizations and
> >> in this PDC I need to upgrade to win7 compatible samba version anyway
> >> :-)
> >> This was another story but just to share it as it is an excellent way
> >> of migrating sometimes specially for machines you do not master and
> >> this is my case very often.]]]
> >>
> >> Cheers,
> >> Giorgio
> >>
> >> On Fri, Mar 26, 2010 at 9:14 AM, Vladimir Psenicka
> >>  wrote:
> >>> Hi
> >>>
> >>> Dne 25.3.2010 17:41, GG napsal(a):
>  Hello Vladimir, John and all the NG :-)
>  Thanks so much for answering. I really hoped someone would :-)
> 
>  So I installed Debian latest stable netinst on the future production
>  server and here are my issues in the quotes :-( no net command on my
>  suse 8.2
> 
>  Cheers :-)
>  Giorgio
> 
> 
> > On Thu, Mar 25, 2010 at 14:00, John H Terpstra <*...@samba.org> wrote:
> >> On 03/25/2010 03:33 AM, Vladimir Psenicka wrote:
> >> What about Debian Stable with Sernet samba repo, where you can choose
> >> Samba 3.4.x or 3.5.x
> >>
> >> My hints on migrating to 

Re: [Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04

[Vladimir Psenicka]

Dne 26.3.2010 13:50, GG napsal(a):
> Hello!
> 
>>> Have you samba-client package installed?
>>>
> 
> yes I do at least smbclient is there! but no net command :-/
> 
>>> pavouk\pseni...@psenicka:~> rpm -qf `which net`
>>> samba-client-3.5.1-4.1.x86_64
> 
> So here are the issues encountered...
> file /usr/share/man/man1/smbclient.1.gz from install of
> samba-client-2.2.12-1.suse82 conflicts with file from package
> samba-client-2.2.7a-72 when trying to rpm -i samba-client-2.2.12-1.rpm
> I found on net...
> 
>>>
>>> or you can dig domainsid from ldap
> 
> This sounds interesting! How do I do that?
> 

modify to your needs (domain):

ldapsearch -x -h ldap -D "cn=admin,dc=domain,dc=cz" -W -b
"sambaDomainName=domain,dc=domain,dc=cz"

sambaSID: is your domainsid

or you can use phpldapadmin to manage you ldap from browser

> Thanks very much!
> Giorgio
> 
> On 3/26/10, GG  wrote:
>> Hi!
>>
>> I'll be at it in a few minutes installing samba client / net command :-)
>>
>> I have a question about the samba sernet repos:
>> Shall I apt-get remove samba and use
>> http://enterprisesamba.com/index.php?id=148 +
>> http://enterprisesamba.com/index.php?id=56
>>  instead from start?
>>
>> What is the real advantage of sernet? What about installing official
>> samba.org packages, are there differences with sernet (stability?) or
>> is it just a more liberal repository?
>>
>> Also I read
> Ensure that all local user and group accounts that are used by samba
> have the same uid/gid.
>>
>> Shall I copy /etc/shadow and /etc/passwd over? other files for groups
>> and users?
>>
>> I use rsync --verbose  --progress --stats --compress --rsh=ssh \
>>  --recursive --times --perms --links  \
>>  --owner --group --devices --specials \
>>  --exclude-from '/root/exclude.txt (if any, not in this case as
>> I'm only syncing data dir)' \
>>  r...@old_pdc:/DATA /DATA
>>
>> This should bring over every attribute set on files... correct?
>>
>> [[[did only partially in one case: I set up a twin install (fresh
>> install then live cd and full rsync and after that I kept mbr, but
>> changed /boot and the /ect/fstab settings) and the server started
>> etc.. LDAP did not work though: authentication was not available...
>> So I must be missing something or this rsync parameter set must be
>> missing something.. I had disconnected old PDC, set same IP and
>> hostname to the VM well this worked well for other virtualizations and
>> in this PDC I need to upgrade to win7 compatible samba version anyway
>> :-)
>> This was another story but just to share it as it is an excellent way
>> of migrating sometimes specially for machines you do not master and
>> this is my case very often.]]]
>>
>> Cheers,
>> Giorgio
>>
>> On Fri, Mar 26, 2010 at 9:14 AM, Vladimir Psenicka
>>  wrote:
>>> Hi
>>>
>>> Dne 25.3.2010 17:41, GG napsal(a):
 Hello Vladimir, John and all the NG :-)
 Thanks so much for answering. I really hoped someone would :-)

 So I installed Debian latest stable netinst on the future production
 server and here are my issues in the quotes :-( no net command on my
 suse 8.2

 Cheers :-)
 Giorgio


> On Thu, Mar 25, 2010 at 14:00, John H Terpstra <*...@samba.org> wrote:
>> On 03/25/2010 03:33 AM, Vladimir Psenicka wrote:
>> What about Debian Stable with Sernet samba repo, where you can choose
>> Samba 3.4.x or 3.5.x
>>
>> My hints on migrating to new server:
>>
>> 1. install new server (Samba,ldap etc.)

 done :-) Debian Stable netinst

>> 2. set same hostname on new server
 My ignorance comes out :-)
 Must I set it different from the production server as FW points
 production.domain.com - I have clients using DNS=oldPDC and PDC
 forwards queries to FW. FW has pdc.domain.com defined to point to lan
 ip.

>>>
>>> Ok, can be changed later
>>>
>> 3. export ldap data from old server and import them to new server

 slapcat -f /etc/openldap/ldap.conf -l /ldap.ldif
 OK

> Ensure that all local user and group accounts that are used by samba
> have the same uid/gid.
 my ignorance again... another hint?
>
>> 4. export SID (net getlocalsid) and set it on new server (net
>> setlocalsid oldsid)
>
> Note:
>  net getdomainsid (on old server)
>  net setdomainsid (on new server)
 thanks :-)

 # net getdomainsid
 -bash: net: command not found :-( and not found in yast

 I understand it has to do with extracting the sid from
 /etc/samba/secrets.tdb but how do I install the command? suse 8.2 yast
 has now net package and googling net is.. well wow!

>>>
>>> Have you samba-client package installed?
>>>
>>> pavouk\pseni...@psenicka:~> rpm -qf `which net`
>>> samba-client-3.5.1-4.1.x86_64
>>>
>>> or you can dig domainsid from ldap
>>>
>> 5. configure samba on new server as PDC with ldap and shares in smb.conf
>> from old samba smb.conf

Re: [Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04

[GG]

Hello!

> > Have you samba-client package installed?
> >

yes I do at least smbclient is there! but no net command :-/

> > pavouk\pseni...@psenicka:~> rpm -qf `which net`
> > samba-client-3.5.1-4.1.x86_64

So here are the issues encountered...
file /usr/share/man/man1/smbclient.1.gz from install of
samba-client-2.2.12-1.suse82 conflicts with file from package
samba-client-2.2.7a-72 when trying to rpm -i samba-client-2.2.12-1.rpm
I found on net...

> >
> > or you can dig domainsid from ldap

This sounds interesting! How do I do that?

Thanks very much!
Giorgio

On 3/26/10, GG  wrote:
> Hi!
>
> I'll be at it in a few minutes installing samba client / net command :-)
>
> I have a question about the samba sernet repos:
> Shall I apt-get remove samba and use
> http://enterprisesamba.com/index.php?id=148 +
> http://enterprisesamba.com/index.php?id=56
>  instead from start?
>
> What is the real advantage of sernet? What about installing official
> samba.org packages, are there differences with sernet (stability?) or
> is it just a more liberal repository?
>
> Also I read
> >>> Ensure that all local user and group accounts that are used by samba
> >>> have the same uid/gid.
>
> Shall I copy /etc/shadow and /etc/passwd over? other files for groups
> and users?
>
> I use rsync --verbose  --progress --stats --compress --rsh=ssh \
>  --recursive --times --perms --links  \
>  --owner --group --devices --specials \
>  --exclude-from '/root/exclude.txt (if any, not in this case as
> I'm only syncing data dir)' \
>  r...@old_pdc:/DATA /DATA
>
> This should bring over every attribute set on files... correct?
>
> [[[did only partially in one case: I set up a twin install (fresh
> install then live cd and full rsync and after that I kept mbr, but
> changed /boot and the /ect/fstab settings) and the server started
> etc.. LDAP did not work though: authentication was not available...
> So I must be missing something or this rsync parameter set must be
> missing something.. I had disconnected old PDC, set same IP and
> hostname to the VM well this worked well for other virtualizations and
> in this PDC I need to upgrade to win7 compatible samba version anyway
> :-)
> This was another story but just to share it as it is an excellent way
> of migrating sometimes specially for machines you do not master and
> this is my case very often.]]]
>
> Cheers,
> Giorgio
>
> On Fri, Mar 26, 2010 at 9:14 AM, Vladimir Psenicka
>  wrote:
> > Hi
> >
> > Dne 25.3.2010 17:41, GG napsal(a):
> >> Hello Vladimir, John and all the NG :-)
> >> Thanks so much for answering. I really hoped someone would :-)
> >>
> >> So I installed Debian latest stable netinst on the future production
> >> server and here are my issues in the quotes :-( no net command on my
> >> suse 8.2
> >>
> >> Cheers :-)
> >> Giorgio
> >>
> >>
> >>> On Thu, Mar 25, 2010 at 14:00, John H Terpstra <*...@samba.org> wrote:
>  On 03/25/2010 03:33 AM, Vladimir Psenicka wrote:
>  What about Debian Stable with Sernet samba repo, where you can choose
>  Samba 3.4.x or 3.5.x
> 
>  My hints on migrating to new server:
> 
>  1. install new server (Samba,ldap etc.)
> >>
> >> done :-) Debian Stable netinst
> >>
>  2. set same hostname on new server
> >> My ignorance comes out :-)
> >> Must I set it different from the production server as FW points
> >> production.domain.com - I have clients using DNS=oldPDC and PDC
> >> forwards queries to FW. FW has pdc.domain.com defined to point to lan
> >> ip.
> >>
> >
> > Ok, can be changed later
> >
>  3. export ldap data from old server and import them to new server
> >>
> >> slapcat -f /etc/openldap/ldap.conf -l /ldap.ldif
> >> OK
> >>
> >>> Ensure that all local user and group accounts that are used by samba
> >>> have the same uid/gid.
> >> my ignorance again... another hint?
> >>>
>  4. export SID (net getlocalsid) and set it on new server (net
>  setlocalsid oldsid)
> >>>
> >>> Note:
> >>>  net getdomainsid (on old server)
> >>>  net setdomainsid (on new server)
> >> thanks :-)
> >>
> >> # net getdomainsid
> >> -bash: net: command not found :-( and not found in yast
> >>
> >> I understand it has to do with extracting the sid from
> >> /etc/samba/secrets.tdb but how do I install the command? suse 8.2 yast
> >> has now net package and googling net is.. well wow!
> >>
> >
> > Have you samba-client package installed?
> >
> > pavouk\pseni...@psenicka:~> rpm -qf `which net`
> > samba-client-3.5.1-4.1.x86_64
> >
> > or you can dig domainsid from ldap
> >
>  5. configure samba on new server as PDC with ldap and shares in smb.conf
>  from old samba smb.conf (check with testparm)
> >>
> >> I see it only contains shares so I bet smb.conf would just keep all
> >> the old settings rigth? /DATA will be rsynced
> >>
> >
> > Maybe smb.conf from Samba2 is too different from Samba 3. I will keep
> > current smb.conf on new server and add only shares from old smb.conf to
> > new smb.conf.
> >
>  6.

Re: [Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04

[Vladimir Psenicka]

Dne 26.3.2010 10:59, GG napsal(a):
> Hi!
> 
> I'll be at it in a few minutes installing samba client / net command :-)
> 
> I have a question about the samba sernet repos:
> Shall I apt-get remove samba and use
> http://enterprisesamba.com/index.php?id=148 +
> http://enterprisesamba.com/index.php?id=56
>  instead from start?
> 

Yes, you should remove Debian samba packages and install sernet-samba
packages.

> What is the real advantage of sernet? What about installing official
> samba.org packages, are there differences with sernet (stability?) or
> is it just a more liberal repository?

I don't know how much are samba.org repositories updated, but sernet
repos seems to be updated often. Maybe somebody can explain this better.

> 
> Also I read
 Ensure that all local user and group accounts that are used by samba
 have the same uid/gid.
> 
> Shall I copy /etc/shadow and /etc/passwd over? other files for groups
> and users?
> 
> I use rsync --verbose  --progress --stats --compress --rsh=ssh \
>   --recursive --times --perms --links  \
>   --owner --group --devices --specials \
>   --exclude-from '/root/exclude.txt (if any, not in this case as
> I'm only syncing data dir)' \
>   r...@old_pdc:/DATA /DATA
> 
> This should bring over every attribute set on files... correct?

Yes

> 
> [[[did only partially in one case: I set up a twin install (fresh
> install then live cd and full rsync and after that I kept mbr, but
> changed /boot and the /ect/fstab settings) and the server started
> etc.. LDAP did not work though: authentication was not available...
> So I must be missing something or this rsync parameter set must be
> missing something.. I had disconnected old PDC, set same IP and
> hostname to the VM well this worked well for other virtualizations and
> in this PDC I need to upgrade to win7 compatible samba version anyway
> :-)
> This was another story but just to share it as it is an excellent way
> of migrating sometimes specially for machines you do not master and
> this is my case very often.]]]
> 
> Cheers,
> Giorgio
> 
> On Fri, Mar 26, 2010 at 9:14 AM, Vladimir Psenicka
>  wrote:
>> Hi
>>
>> Dne 25.3.2010 17:41, GG napsal(a):
>>> Hello Vladimir, John and all the NG :-)
>>> Thanks so much for answering. I really hoped someone would :-)
>>>
>>> So I installed Debian latest stable netinst on the future production
>>> server and here are my issues in the quotes :-( no net command on my
>>> suse 8.2
>>>
>>> Cheers :-)
>>> Giorgio
>>>
>>>
 On Thu, Mar 25, 2010 at 14:00, John H Terpstra <*...@samba.org> wrote:
> On 03/25/2010 03:33 AM, Vladimir Psenicka wrote:
> What about Debian Stable with Sernet samba repo, where you can choose
> Samba 3.4.x or 3.5.x
>
> My hints on migrating to new server:
>
> 1. install new server (Samba,ldap etc.)
>>>
>>> done :-) Debian Stable netinst
>>>
> 2. set same hostname on new server
>>> My ignorance comes out :-)
>>> Must I set it different from the production server as FW points
>>> production.domain.com - I have clients using DNS=oldPDC and PDC
>>> forwards queries to FW. FW has pdc.domain.com defined to point to lan
>>> ip.
>>>
>>
>> Ok, can be changed later
>>
> 3. export ldap data from old server and import them to new server
>>>
>>> slapcat -f /etc/openldap/ldap.conf -l /ldap.ldif
>>> OK
>>>
 Ensure that all local user and group accounts that are used by samba
 have the same uid/gid.
>>> my ignorance again... another hint?

> 4. export SID (net getlocalsid) and set it on new server (net
> setlocalsid oldsid)

 Note:
  net getdomainsid (on old server)
  net setdomainsid (on new server)
>>> thanks :-)
>>>
>>> # net getdomainsid
>>> -bash: net: command not found :-( and not found in yast
>>>
>>> I understand it has to do with extracting the sid from
>>> /etc/samba/secrets.tdb but how do I install the command? suse 8.2 yast
>>> has now net package and googling net is.. well wow!
>>>
>>
>> Have you samba-client package installed?
>>
>> pavouk\pseni...@psenicka:~> rpm -qf `which net`
>> samba-client-3.5.1-4.1.x86_64
>>
>> or you can dig domainsid from ldap
>>
> 5. configure samba on new server as PDC with ldap and shares in smb.conf
> from old samba smb.conf (check with testparm)
>>>
>>> I see it only contains shares so I bet smb.conf would just keep all
>>> the old settings rigth? /DATA will be rsynced
>>>
>>
>> Maybe smb.conf from Samba2 is too different from Samba 3. I will keep
>> current smb.conf on new server and add only shares from old smb.conf to
>> new smb.conf.
>>
> 6. stop samba on old server
> 7. copy all data (with perms) and netlogon share to new server
> 8. stop old server
> 9. start samba on new server a check everything is working fine (domain
> logon from windows box, shares and perms)
>
> This can be done best when no users are logged in samba (maybe at 
> weekend?)
>
> P.S. We have ubuntu 8.04 as PDC and Wi

Re: [Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04

[GG]

Hi!

I'll be at it in a few minutes installing samba client / net command :-)

I have a question about the samba sernet repos:
Shall I apt-get remove samba and use
http://enterprisesamba.com/index.php?id=148 +
http://enterprisesamba.com/index.php?id=56
 instead from start?

What is the real advantage of sernet? What about installing official
samba.org packages, are there differences with sernet (stability?) or
is it just a more liberal repository?

Also I read
>>> Ensure that all local user and group accounts that are used by samba
>>> have the same uid/gid.

Shall I copy /etc/shadow and /etc/passwd over? other files for groups
and users?

I use rsync --verbose  --progress --stats --compress --rsh=ssh \
  --recursive --times --perms --links  \
  --owner --group --devices --specials \
  --exclude-from '/root/exclude.txt (if any, not in this case as
I'm only syncing data dir)' \
  r...@old_pdc:/DATA /DATA

This should bring over every attribute set on files... correct?

[[[did only partially in one case: I set up a twin install (fresh
install then live cd and full rsync and after that I kept mbr, but
changed /boot and the /ect/fstab settings) and the server started
etc.. LDAP did not work though: authentication was not available...
So I must be missing something or this rsync parameter set must be
missing something.. I had disconnected old PDC, set same IP and
hostname to the VM well this worked well for other virtualizations and
in this PDC I need to upgrade to win7 compatible samba version anyway
:-)
This was another story but just to share it as it is an excellent way
of migrating sometimes specially for machines you do not master and
this is my case very often.]]]

Cheers,
Giorgio

On Fri, Mar 26, 2010 at 9:14 AM, Vladimir Psenicka
 wrote:
> Hi
>
> Dne 25.3.2010 17:41, GG napsal(a):
>> Hello Vladimir, John and all the NG :-)
>> Thanks so much for answering. I really hoped someone would :-)
>>
>> So I installed Debian latest stable netinst on the future production
>> server and here are my issues in the quotes :-( no net command on my
>> suse 8.2
>>
>> Cheers :-)
>> Giorgio
>>
>>
>>> On Thu, Mar 25, 2010 at 14:00, John H Terpstra <*...@samba.org> wrote:
 On 03/25/2010 03:33 AM, Vladimir Psenicka wrote:
 What about Debian Stable with Sernet samba repo, where you can choose
 Samba 3.4.x or 3.5.x

 My hints on migrating to new server:

 1. install new server (Samba,ldap etc.)
>>
>> done :-) Debian Stable netinst
>>
 2. set same hostname on new server
>> My ignorance comes out :-)
>> Must I set it different from the production server as FW points
>> production.domain.com - I have clients using DNS=oldPDC and PDC
>> forwards queries to FW. FW has pdc.domain.com defined to point to lan
>> ip.
>>
>
> Ok, can be changed later
>
 3. export ldap data from old server and import them to new server
>>
>> slapcat -f /etc/openldap/ldap.conf -l /ldap.ldif
>> OK
>>
>>> Ensure that all local user and group accounts that are used by samba
>>> have the same uid/gid.
>> my ignorance again... another hint?
>>>
 4. export SID (net getlocalsid) and set it on new server (net
 setlocalsid oldsid)
>>>
>>> Note:
>>>  net getdomainsid (on old server)
>>>  net setdomainsid (on new server)
>> thanks :-)
>>
>> # net getdomainsid
>> -bash: net: command not found :-( and not found in yast
>>
>> I understand it has to do with extracting the sid from
>> /etc/samba/secrets.tdb but how do I install the command? suse 8.2 yast
>> has now net package and googling net is.. well wow!
>>
>
> Have you samba-client package installed?
>
> pavouk\pseni...@psenicka:~> rpm -qf `which net`
> samba-client-3.5.1-4.1.x86_64
>
> or you can dig domainsid from ldap
>
 5. configure samba on new server as PDC with ldap and shares in smb.conf
 from old samba smb.conf (check with testparm)
>>
>> I see it only contains shares so I bet smb.conf would just keep all
>> the old settings rigth? /DATA will be rsynced
>>
>
> Maybe smb.conf from Samba2 is too different from Samba 3. I will keep
> current smb.conf on new server and add only shares from old smb.conf to
> new smb.conf.
>
 6. stop samba on old server
 7. copy all data (with perms) and netlogon share to new server
 8. stop old server
 9. start samba on new server a check everything is working fine (domain
 logon from windows box, shares and perms)

 This can be done best when no users are logged in samba (maybe at weekend?)

 P.S. We have ubuntu 8.04 as PDC and Windows 7 can't join to domain
>>
>> thanks I move to Debian with ease :-) ubuntu is a great deb derived right?
>>
> Ubuntu 8.04 LTS is now older than Debian Stable. When Ubuntu 10.04 LTS
> comes out this will be no longer truth.
>
>>> Check http://wiki.samba.org for info regarding Windows 7.
>>>
>>> Cheers,
>>> John T.
>>>
 Dne 25.3.2010 01:05, GG napsal(a):
> Hello Vladimir and hi all,
>
> Thanks very much for replying!
>
> Any

Re: [Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04

[Vladimir Psenicka]

Hi

Dne 25.3.2010 17:41, GG napsal(a):
> Hello Vladimir, John and all the NG :-)
> Thanks so much for answering. I really hoped someone would :-)
> 
> So I installed Debian latest stable netinst on the future production
> server and here are my issues in the quotes :-( no net command on my
> suse 8.2
> 
> Cheers :-)
> Giorgio
> 
> 
>> On Thu, Mar 25, 2010 at 14:00, John H Terpstra <*...@samba.org> wrote:
>>> On 03/25/2010 03:33 AM, Vladimir Psenicka wrote:
>>> What about Debian Stable with Sernet samba repo, where you can choose
>>> Samba 3.4.x or 3.5.x
>>>
>>> My hints on migrating to new server:
>>>
>>> 1. install new server (Samba,ldap etc.)
> 
> done :-) Debian Stable netinst
> 
>>> 2. set same hostname on new server
> My ignorance comes out :-)
> Must I set it different from the production server as FW points
> production.domain.com - I have clients using DNS=oldPDC and PDC
> forwards queries to FW. FW has pdc.domain.com defined to point to lan
> ip.
> 

Ok, can be changed later

>>> 3. export ldap data from old server and import them to new server
> 
> slapcat -f /etc/openldap/ldap.conf -l /ldap.ldif
> OK
> 
>> Ensure that all local user and group accounts that are used by samba
>> have the same uid/gid.
> my ignorance again... another hint?
>>
>>> 4. export SID (net getlocalsid) and set it on new server (net
>>> setlocalsid oldsid)
>>
>> Note:
>>  net getdomainsid (on old server)
>>  net setdomainsid (on new server)
> thanks :-)
> 
> # net getdomainsid
> -bash: net: command not found :-( and not found in yast
> 
> I understand it has to do with extracting the sid from
> /etc/samba/secrets.tdb but how do I install the command? suse 8.2 yast
> has now net package and googling net is.. well wow!
> 

Have you samba-client package installed?

pavouk\pseni...@psenicka:~> rpm -qf `which net`
samba-client-3.5.1-4.1.x86_64

or you can dig domainsid from ldap

>>> 5. configure samba on new server as PDC with ldap and shares in smb.conf
>>> from old samba smb.conf (check with testparm)
> 
> I see it only contains shares so I bet smb.conf would just keep all
> the old settings rigth? /DATA will be rsynced
> 

Maybe smb.conf from Samba2 is too different from Samba 3. I will keep
current smb.conf on new server and add only shares from old smb.conf to
new smb.conf.

>>> 6. stop samba on old server
>>> 7. copy all data (with perms) and netlogon share to new server
>>> 8. stop old server
>>> 9. start samba on new server a check everything is working fine (domain
>>> logon from windows box, shares and perms)
>>>
>>> This can be done best when no users are logged in samba (maybe at weekend?)
>>>
>>> P.S. We have ubuntu 8.04 as PDC and Windows 7 can't join to domain
> 
> thanks I move to Debian with ease :-) ubuntu is a great deb derived right?
> 
Ubuntu 8.04 LTS is now older than Debian Stable. When Ubuntu 10.04 LTS
comes out this will be no longer truth.

>> Check http://wiki.samba.org for info regarding Windows 7.
>>
>> Cheers,
>> John T.
>>
>>> Dne 25.3.2010 01:05, GG napsal(a):
 Hello Vladimir and hi all,

 Thanks very much for replying!

 Any suggested os? I'd go for debian or what advised, I just happen to
 know ubuntu more...


 Any strategy or hint on migrating from ancient ldap + samba to a new 
 server?
 Already tried rsyncing (using all options to keep perms and attributes
 grp  own mod etc) on a twin v-machine but server starts and the ldap
 auth fails to work :-(

 I'm a bit stuck at the moment :-( and I have posponed the problem for
 too long grrr

 Giorgio

 On Wed, Mar 24, 2010 at 9:20 AM, Vladimir Psenicka
  wrote:
> Dne 23.3.2010 15:48, Giorgio napsal(a):
>> Hello,
>> Hopefully I'm in the right place asking for help :-)
>>
>> I need to move from an old physical Suse 8.2 - samba 2.2.7 + ldap - to
>> latest samba versions, I would like to use an ubuntu 8.04 virtual 
>> machine.
>>
>> The domain is in production on the physical server, to be dismissed after
>> migration. It is also the file server!!! so /DATA/ has all shared and
>> permission driven file access..
>>
>> I was following https://help.ubuntu.com/8.10/serverguide/C/samba-dc.html 
>> but
>> I realize I am in a different scenario...
>>
>> Production so no errors are admitted :-(, migration to new os and 
>> versions..
>> all at once?
>>
>> I have a dump of the physical server (dd sda mbr and single partitions :)
>> plus an rsync with all permissions daily backup, just to be safe ;)
>>
>>
>> What would you guru's suggest as a strategy?
>>
>> Can I create a new server and add it as secondary domain controller and 
>> then
>> once the replica is up? I'd feel quite comfortable with this method.
>>
>> BTW I need a new version of samba as they have already bought Windows 7
>> boxes (without asking if they were supported arrgh).
>>
>>

Re: [Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04

[GG]

Hello Vladimir, John and all the NG :-)
Thanks so much for answering. I really hoped someone would :-)

So I installed Debian latest stable netinst on the future production
server and here are my issues in the quotes :-( no net command on my
suse 8.2

Cheers :-)
Giorgio


>On Thu, Mar 25, 2010 at 14:00, John H Terpstra <*...@samba.org> wrote:
>> On 03/25/2010 03:33 AM, Vladimir Psenicka wrote:
> > What about Debian Stable with Sernet samba repo, where you can choose
> > Samba 3.4.x or 3.5.x
> >
> > My hints on migrating to new server:
> >
> > 1. install new server (Samba,ldap etc.)

done :-) Debian Stable netinst

> > 2. set same hostname on new server
My ignorance comes out :-)
Must I set it different from the production server as FW points
production.domain.com - I have clients using DNS=oldPDC and PDC
forwards queries to FW. FW has pdc.domain.com defined to point to lan
ip.

> > 3. export ldap data from old server and import them to new server

slapcat -f /etc/openldap/ldap.conf -l /ldap.ldif
OK

> Ensure that all local user and group accounts that are used by samba
> have the same uid/gid.
my ignorance again... another hint?
>
> > 4. export SID (net getlocalsid) and set it on new server (net
> > setlocalsid oldsid)
>
> Note:
>  net getdomainsid (on old server)
>  net setdomainsid (on new server)
thanks :-)

# net getdomainsid
-bash: net: command not found :-( and not found in yast

I understand it has to do with extracting the sid from
/etc/samba/secrets.tdb but how do I install the command? suse 8.2 yast
has now net package and googling net is.. well wow!

> > 5. configure samba on new server as PDC with ldap and shares in smb.conf
> > from old samba smb.conf (check with testparm)

I see it only contains shares so I bet smb.conf would just keep all
the old settings rigth? /DATA will be rsynced

> > 6. stop samba on old server
> > 7. copy all data (with perms) and netlogon share to new server
> > 8. stop old server
> > 9. start samba on new server a check everything is working fine (domain
> > logon from windows box, shares and perms)
> >
> > This can be done best when no users are logged in samba (maybe at weekend?)
> >
> > P.S. We have ubuntu 8.04 as PDC and Windows 7 can't join to domain

thanks I move to Debian with ease :-) ubuntu is a great deb derived right?

> Check http://wiki.samba.org for info regarding Windows 7.
>
> Cheers,
> John T.
>
> > Dne 25.3.2010 01:05, GG napsal(a):
> >> Hello Vladimir and hi all,
> >>
> >> Thanks very much for replying!
> >>
> >> Any suggested os? I'd go for debian or what advised, I just happen to
> >> know ubuntu more...
> >>
> >>
> >> Any strategy or hint on migrating from ancient ldap + samba to a new 
> >> server?
> >> Already tried rsyncing (using all options to keep perms and attributes
> >> grp  own mod etc) on a twin v-machine but server starts and the ldap
> >> auth fails to work :-(
> >>
> >> I'm a bit stuck at the moment :-( and I have posponed the problem for
> >> too long grrr
> >>
> >> Giorgio
> >>
> >> On Wed, Mar 24, 2010 at 9:20 AM, Vladimir Psenicka
> >>  wrote:
> >>> Dne 23.3.2010 15:48, Giorgio napsal(a):
>  Hello,
>  Hopefully I'm in the right place asking for help :-)
> 
>  I need to move from an old physical Suse 8.2 - samba 2.2.7 + ldap - to
>  latest samba versions, I would like to use an ubuntu 8.04 virtual 
>  machine.
> 
>  The domain is in production on the physical server, to be dismissed after
>  migration. It is also the file server!!! so /DATA/ has all shared and
>  permission driven file access..
> 
>  I was following https://help.ubuntu.com/8.10/serverguide/C/samba-dc.html 
>  but
>  I realize I am in a different scenario...
> 
>  Production so no errors are admitted :-(, migration to new os and 
>  versions..
>  all at once?
> 
>  I have a dump of the physical server (dd sda mbr and single partitions :)
>  plus an rsync with all permissions daily backup, just to be safe ;)
> 
> 
>  What would you guru's suggest as a strategy?
> 
>  Can I create a new server and add it as secondary domain controller and 
>  then
>  once the replica is up? I'd feel quite comfortable with this method.
> 
>  BTW I need a new version of samba as they have already bought Windows 7
>  boxes (without asking if they were supported arrgh).
> 
>  Thanks to all of you who read or answered :-)
> 
>  Gio
> >>>
> >>> Hi.
> >>>
> >>> Ubuntu 8.10 is bad idea if you will be connecting Windows 7 into domain,
> >>> because of old Samba version. Samba 3.4.x or 3.5.x is recommended for
> >>> Win7. Wait for Ubuntu 10.04 LTS (next month) if you want Ubuntu.
> >>>
> >>> --
> >>> Vladimir Psenicka
> >>> --
> >>> To unsubscribe from this list go to the following URL and read the
> >>> instructions:  https://lists.samba.org/mailman/options/samba
> >>>
> >
> >
>
> --
> To unsubscribe from this list go to the following URL and read the

Re: [Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04

[John H Terpstra]

On 03/25/2010 03:33 AM, Vladimir Psenicka wrote:
> What about Debian Stable with Sernet samba repo, where you can choose
> Samba 3.4.x or 3.5.x
> 
> My hints on migrating to new server:
> 
> 1. install new server (Samba,ldap etc.)
> 2. set same hostname on new server
> 3. export ldap data from old server and import them to new server

Ensure that all local user and group accounts that are used by samba
have the same uid/gid.

> 4. export SID (net getlocalsid) and set it on new server (net
> setlocalsid oldsid)

Note:
  net getdomainsid (on old server)
  net setdomainsid (on new server)

> 5. configure samba on new server as PDC with ldap and shares in smb.conf
> from old samba smb.conf (check with testparm)
> 6. stop samba on old server
> 7. copy all data (with perms) and netlogon share to new server
> 8. stop old server
> 9. start samba on new server a check everything is working fine (domain
> logon from windows box, shares and perms)
> 
> This can be done best when no users are logged in samba (maybe at weekend?)
> 
> P.S. We have ubuntu 8.04 as PDC and Windows 7 can't join to domain

Check http://wiki.samba.org for info regarding Windows 7.

Cheers,
John T.

> Dne 25.3.2010 01:05, GG napsal(a):
>> Hello Vladimir and hi all,
>>
>> Thanks very much for replying!
>>
>> Any suggested os? I'd go for debian or what advised, I just happen to
>> know ubuntu more...
>>
>>
>> Any strategy or hint on migrating from ancient ldap + samba to a new server?
>> Already tried rsyncing (using all options to keep perms and attributes
>> grp  own mod etc) on a twin v-machine but server starts and the ldap
>> auth fails to work :-(
>>
>> I'm a bit stuck at the moment :-( and I have posponed the problem for
>> too long grrr
>>
>> Giorgio
>>
>> On Wed, Mar 24, 2010 at 9:20 AM, Vladimir Psenicka
>>  wrote:
>>> Dne 23.3.2010 15:48, Giorgio napsal(a):
 Hello,
 Hopefully I'm in the right place asking for help :-)

 I need to move from an old physical Suse 8.2 - samba 2.2.7 + ldap - to
 latest samba versions, I would like to use an ubuntu 8.04 virtual machine.

 The domain is in production on the physical server, to be dismissed after
 migration. It is also the file server!!! so /DATA/ has all shared and
 permission driven file access..

 I was following https://help.ubuntu.com/8.10/serverguide/C/samba-dc.html 
 but
 I realize I am in a different scenario...

 Production so no errors are admitted :-(, migration to new os and 
 versions..
 all at once?

 I have a dump of the physical server (dd sda mbr and single partitions :)
 plus an rsync with all permissions daily backup, just to be safe ;)


 What would you guru's suggest as a strategy?

 Can I create a new server and add it as secondary domain controller and 
 then
 once the replica is up? I'd feel quite comfortable with this method.

 BTW I need a new version of samba as they have already bought Windows 7
 boxes (without asking if they were supported arrgh).

 Thanks to all of you who read or answered :-)

 Gio
>>>
>>> Hi.
>>>
>>> Ubuntu 8.10 is bad idea if you will be connecting Windows 7 into domain,
>>> because of old Samba version. Samba 3.4.x or 3.5.x is recommended for
>>> Win7. Wait for Ubuntu 10.04 LTS (next month) if you want Ubuntu.
>>>
>>> --
>>> Vladimir Psenicka
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
> 
> 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04

[Vladimir Psenicka]

What about Debian Stable with Sernet samba repo, where you can choose
Samba 3.4.x or 3.5.x

My hints on migrating to new server:

1. install new server (Samba,ldap etc.)
2. set same hostname on new server
3. export ldap data from old server and import them to new server
4. export SID (net getlocalsid) and set it on new server (net
setlocalsid oldsid)
5. configure samba on new server as PDC with ldap and shares in smb.conf
from old samba smb.conf (check with testparm)
6. stop samba on old server
7. copy all data (with perms) and netlogon share to new server
8. stop old server
9. start samba on new server a check everything is working fine (domain
logon from windows box, shares and perms)

This can be done best when no users are logged in samba (maybe at weekend?)

P.S. We have ubuntu 8.04 as PDC and Windows 7 can't join to domain

Dne 25.3.2010 01:05, GG napsal(a):
> Hello Vladimir and hi all,
> 
> Thanks very much for replying!
> 
> Any suggested os? I'd go for debian or what advised, I just happen to
> know ubuntu more...
> 
> 
> Any strategy or hint on migrating from ancient ldap + samba to a new server?
> Already tried rsyncing (using all options to keep perms and attributes
> grp  own mod etc) on a twin v-machine but server starts and the ldap
> auth fails to work :-(
> 
> I'm a bit stuck at the moment :-( and I have posponed the problem for
> too long grrr
> 
> Giorgio
> 
> On Wed, Mar 24, 2010 at 9:20 AM, Vladimir Psenicka
>  wrote:
>> Dne 23.3.2010 15:48, Giorgio napsal(a):
>>> Hello,
>>> Hopefully I'm in the right place asking for help :-)
>>>
>>> I need to move from an old physical Suse 8.2 - samba 2.2.7 + ldap - to
>>> latest samba versions, I would like to use an ubuntu 8.04 virtual machine.
>>>
>>> The domain is in production on the physical server, to be dismissed after
>>> migration. It is also the file server!!! so /DATA/ has all shared and
>>> permission driven file access..
>>>
>>> I was following https://help.ubuntu.com/8.10/serverguide/C/samba-dc.html but
>>> I realize I am in a different scenario...
>>>
>>> Production so no errors are admitted :-(, migration to new os and versions..
>>> all at once?
>>>
>>> I have a dump of the physical server (dd sda mbr and single partitions :)
>>> plus an rsync with all permissions daily backup, just to be safe ;)
>>>
>>>
>>> What would you guru's suggest as a strategy?
>>>
>>> Can I create a new server and add it as secondary domain controller and then
>>> once the replica is up? I'd feel quite comfortable with this method.
>>>
>>> BTW I need a new version of samba as they have already bought Windows 7
>>> boxes (without asking if they were supported arrgh).
>>>
>>> Thanks to all of you who read or answered :-)
>>>
>>> Gio
>>
>> Hi.
>>
>> Ubuntu 8.10 is bad idea if you will be connecting Windows 7 into domain,
>> because of old Samba version. Samba 3.4.x or 3.5.x is recommended for
>> Win7. Wait for Ubuntu 10.04 LTS (next month) if you want Ubuntu.
>>
>> --
>> Vladimir Psenicka
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>


-- 
Vladimir Psenicka
IT system engineer
PRODECO, a.s.
Tel.: 417 633 762
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04

[GG]

Hello Vladimir and hi all,

Thanks very much for replying!

Any suggested os? I'd go for debian or what advised, I just happen to
know ubuntu more...


Any strategy or hint on migrating from ancient ldap + samba to a new server?
Already tried rsyncing (using all options to keep perms and attributes
grp  own mod etc) on a twin v-machine but server starts and the ldap
auth fails to work :-(

I'm a bit stuck at the moment :-( and I have posponed the problem for
too long grrr

Giorgio

On Wed, Mar 24, 2010 at 9:20 AM, Vladimir Psenicka
 wrote:
> Dne 23.3.2010 15:48, Giorgio napsal(a):
>> Hello,
>> Hopefully I'm in the right place asking for help :-)
>>
>> I need to move from an old physical Suse 8.2 - samba 2.2.7 + ldap - to
>> latest samba versions, I would like to use an ubuntu 8.04 virtual machine.
>>
>> The domain is in production on the physical server, to be dismissed after
>> migration. It is also the file server!!! so /DATA/ has all shared and
>> permission driven file access..
>>
>> I was following https://help.ubuntu.com/8.10/serverguide/C/samba-dc.html but
>> I realize I am in a different scenario...
>>
>> Production so no errors are admitted :-(, migration to new os and versions..
>> all at once?
>>
>> I have a dump of the physical server (dd sda mbr and single partitions :)
>> plus an rsync with all permissions daily backup, just to be safe ;)
>>
>>
>> What would you guru's suggest as a strategy?
>>
>> Can I create a new server and add it as secondary domain controller and then
>> once the replica is up? I'd feel quite comfortable with this method.
>>
>> BTW I need a new version of samba as they have already bought Windows 7
>> boxes (without asking if they were supported arrgh).
>>
>> Thanks to all of you who read or answered :-)
>>
>> Gio
>
> Hi.
>
> Ubuntu 8.10 is bad idea if you will be connecting Windows 7 into domain,
> because of old Samba version. Samba 3.4.x or 3.5.x is recommended for
> Win7. Wait for Ubuntu 10.04 LTS (next month) if you want Ubuntu.
>
> --
> Vladimir Psenicka
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04

[Vladimir Psenicka]

Dne 23.3.2010 15:48, Giorgio napsal(a):
> Hello,
> Hopefully I'm in the right place asking for help :-)
> 
> I need to move from an old physical Suse 8.2 - samba 2.2.7 + ldap - to
> latest samba versions, I would like to use an ubuntu 8.04 virtual machine.
> 
> The domain is in production on the physical server, to be dismissed after
> migration. It is also the file server!!! so /DATA/ has all shared and
> permission driven file access..
> 
> I was following https://help.ubuntu.com/8.10/serverguide/C/samba-dc.html but
> I realize I am in a different scenario...
> 
> Production so no errors are admitted :-(, migration to new os and versions..
> all at once?
> 
> I have a dump of the physical server (dd sda mbr and single partitions :)
> plus an rsync with all permissions daily backup, just to be safe ;)
> 
> 
> What would you guru's suggest as a strategy?
> 
> Can I create a new server and add it as secondary domain controller and then
> once the replica is up? I'd feel quite comfortable with this method.
> 
> BTW I need a new version of samba as they have already bought Windows 7
> boxes (without asking if they were supported arrgh).
> 
> Thanks to all of you who read or answered :-)
> 
> Gio

Hi.

Ubuntu 8.10 is bad idea if you will be connecting Windows 7 into domain,
because of old Samba version. Samba 3.4.x or 3.5.x is recommended for
Win7. Wait for Ubuntu 10.04 LTS (next month) if you want Ubuntu.

-- 
Vladimir Psenicka
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba