subject:"Re\: \[Samba\] samba3 to samba4 \/\/ logon hours \/\/ server role secrets.tdb, secrets.ldb"

Re: [Samba] samba3 to samba4 // logon hours // server role secrets.tdb, secrets.ldb

2012-10-16 Thread Johannes Paechnatz

 fyi - samba3 tdbsam backend. I removed/edited serveral user accounts
 with Umlauts in Fullname/Displayname. (tdbdump/text editor/tdbrestore)
 until all user accounts got migrated.

 What was your 'unix charset' (we may need to add a conversion here, as
 we assume UTF8 at the ldb layer).

old samba3 server:
LANG=de_DE
LC_ALL=de_DE

smb.conf:
display charset = ISO8859-1
unix charset = ISO8859-1
I remember the reason for this was a software that couldn't handle
UTF-8 (which is fixed meanwhile) - and I know that we need to convert
the whole content of the filesystem when we migrate...

 1. machine accounts: some machine accounts don't have Logon hours
 FF what seem to be a problem.
 Could I manually change fields (which fields?) in the tdbsam dump? I
 tried pdbedit  -Z of the specific account, but that seems to change it
 to an epoch style timestamp and migration fails again - so I removed
 them in the tdbsam dump to get the migration working, after that
 additional steps all user and machine accounts get migrated.

 Can you give me some more detail about what is wrong here?  We generally
 do want to convert any valid samba3 account.

old samba3 server:
add machine script = /usr/sbin/useradd -c Machine -d /dev/null -g 1000
-s /bin/false %u

all machine accounts are added via this entry - so I thought they are the same.

example:

Failed to modify account record
CN=w-2000-007,CN=Computers,DC=SAMBA4SRV to set user attributes:
objectclass_attrs: attribute 'logonHours' on entry
'CN=w-2000-007,CN=Computers,DC=SAMBA4SRV' contains at least one
invalid value!
ERROR(class 'passdb.error'): uncaught exception - Unable to add sam
account 'w-2000-007$', (-1073741811,Unexpected information received)
  File /usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py,
line 175, in _run
return self.run(*args, **kwargs)
  File /usr/lib/python2.7/dist-packages/samba/netcmd/domain.py, line
1321, in run
useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
  File /usr/lib/python2.7/dist-packages/samba/upgrade.py, line 883,
in upgrade_from_samba3
s4_passdb.add_sam_account(userdata[username])

on samba3
pdbedit -Lv

Unix username:w-2000-007$
NT username:
Account Flags:[W  ]
User SID: S-1-5-21-2800255703-2035631742-3861056042-3132
Primary Group SID:S-1-5-21-2800255703-2035631742-3861056042-513
Full Name:W-2000-007$
Home Directory:   \\filesrv\w-2000-007_
HomeDir Drive:L:
Logon Script: logon-users.bat
Profile Path: 
Domain:   BFE
Account desc:
Workstations:
Munged dial:
Logon time:   0
Logoff time:  9223372036854775807 seconds since the Epoch
Kickoff time: 9223372036854775807 seconds since the Epoch
Password last set:Mon, 19 Sep 2011 08:25:53 CEST
Password can change:  Mon, 19 Sep 2011 08:25:53 CEST
Password must change: Sun, 18 Dec 2011 07:25:53 CET
Last bad password   : 0
Bad password count  : 0
Logon hours : 30ACC81063

other successful migrated account:

Unix username:W-4000-026$
NT username:
Account Flags:[W  ]
User SID: S-1-5-21-2800255703-2035631742-3861056042-2219
Primary Group SID:S-1-5-21-2800255703-2035631742-3861056042-513
Full Name:W-4000-026$
Home Directory:   \\filesrv\w-4000-026_
HomeDir Drive:L:
Logon Script: logon-joh.bat
Profile Path: 
Domain:   BFE
Account desc:
Workstations:
Munged dial:
Logon time:   0
Logoff time:  9223372036854775807 seconds since the Epoch
Kickoff time: 9223372036854775807 seconds since the Epoch
Password last set:Mon, 14 Mar 2011 08:54:54 CET
Password can change:  Mon, 14 Mar 2011 08:54:54 CET
Password must change: Sun, 12 Jun 2011 09:54:54 CEST
Last bad password   : 0
Bad password count  : 0
Logon hours : FF

tdbdump of both (made on the samba4 machine, if tdbtools version matters?):

{
key(17) = USER_w-2000-007$\00
data(199) = 
\00\00\00\00\FF\FF\FF\7F\FF\FF\FF\7F\00\00\00\00q\E0vN\8F\19zFq\87\EDN\0C\00\00\00w-2000-007$\00\04\00\00\00BFE\00\01\00\00\00\00\0C\00\00\00W-2000-007$\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\01\00\00\00\00\01\00\00\00\00\01\00\00\00\00\01\00\00\00\00\0C\00\00\01\02\00\00\00\00\00\00\10\00\00\00\8C\9A\F1\16\AA@\90\1Ef\0E\95\B2\CAW\7F\97\00\00\00\00\80\00\00\00\00\00\00\00\00\00
\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\000\AC\C8\10c\7F\00\00\00\80\00\10\00\00\00\00\00\00\00\00\00\00\00\00
}

{
key(13) = RID_0c3c\00
data(12) = w-2000-007$\00
}


{
key(17) = USER_w-4000-026$\00
data(199) =

Re: [Samba] samba3 to samba4 // logon hours // server role secrets.tdb, secrets.ldb

2012-10-16 Thread Andrew Bartlett

On Tue, 2012-10-16 at 08:45 +0200, Johannes Paechnatz wrote:
  fyi - samba3 tdbsam backend. I removed/edited serveral user accounts
  with Umlauts in Fullname/Displayname. (tdbdump/text editor/tdbrestore)
  until all user accounts got migrated.
 
  What was your 'unix charset' (we may need to add a conversion here, as
  we assume UTF8 at the ldb layer).
 
 old samba3 server:
 LANG=de_DE
 LC_ALL=de_DE
 
 smb.conf:
 display charset = ISO8859-1
 unix charset = ISO8859-1
 I remember the reason for this was a software that couldn't handle
 UTF-8 (which is fixed meanwhile) - and I know that we need to convert
 the whole content of the filesystem when we migrate...

OK, that's certainly the issue here.  Can you please file a bug, so we
can try and handle or at least detect it more clearly at classicupgrade
time?

  1. machine accounts: some machine accounts don't have Logon hours
  FF what seem to be a problem.
  Could I manually change fields (which fields?) in the tdbsam dump? I
  tried pdbedit  -Z of the specific account, but that seems to change it
  to an epoch style timestamp and migration fails again - so I removed
  them in the tdbsam dump to get the migration working, after that
  additional steps all user and machine accounts get migrated.
 
  Can you give me some more detail about what is wrong here?  We generally
  do want to convert any valid samba3 account.
 
 old samba3 server:
 add machine script = /usr/sbin/useradd -c Machine -d /dev/null -g 1000
 -s /bin/false %u
 
 all machine accounts are added via this entry - so I thought they are the 
 same.

Well, that doesn't control the samba passdb.tdb record, which is where
the failure is.

 example:
 
 Failed to modify account record
 CN=w-2000-007,CN=Computers,DC=SAMBA4SRV to set user attributes:
 objectclass_attrs: attribute 'logonHours' on entry
 'CN=w-2000-007,CN=Computers,DC=SAMBA4SRV' contains at least one
 invalid value!
 ERROR(class 'passdb.error'): uncaught exception - Unable to add sam
 account 'w-2000-007$', (-1073741811,Unexpected information received)
   File /usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py,
 line 175, in _run
 return self.run(*args, **kwargs)
   File /usr/lib/python2.7/dist-packages/samba/netcmd/domain.py, line
 1321, in run
 useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
   File /usr/lib/python2.7/dist-packages/samba/upgrade.py, line 883,
 in upgrade_from_samba3
 s4_passdb.add_sam_account(userdata[username])
 
 on samba3
 pdbedit -Lv
 
 Unix username:w-2000-007$
 NT username:
 Account Flags:[W  ]
 User SID: S-1-5-21-2800255703-2035631742-3861056042-3132
 Primary Group SID:S-1-5-21-2800255703-2035631742-3861056042-513
 Full Name:W-2000-007$
 Home Directory:   \\filesrv\w-2000-007_
 HomeDir Drive:L:
 Logon Script: logon-users.bat
 Profile Path: 
 Domain:   BFE
 Account desc:
 Workstations:
 Munged dial:
 Logon time:   0
 Logoff time:  9223372036854775807 seconds since the Epoch
 Kickoff time: 9223372036854775807 seconds since the Epoch
 Password last set:Mon, 19 Sep 2011 08:25:53 CEST
 Password can change:  Mon, 19 Sep 2011 08:25:53 CEST
 Password must change: Sun, 18 Dec 2011 07:25:53 CET
 Last bad password   : 0
 Bad password count  : 0
 Logon hours : 30ACC81063

That looks like an un-initialised value to me...

 other successful migrated account:
 
 Unix username:W-4000-026$
 NT username:
 Account Flags:[W  ]
 User SID: S-1-5-21-2800255703-2035631742-3861056042-2219
 Primary Group SID:S-1-5-21-2800255703-2035631742-3861056042-513
 Full Name:W-4000-026$
 Home Directory:   \\filesrv\w-4000-026_
 HomeDir Drive:L:
 Logon Script: logon-joh.bat
 Profile Path: 
 Domain:   BFE
 Account desc:
 Workstations:
 Munged dial:
 Logon time:   0
 Logoff time:  9223372036854775807 seconds since the Epoch
 Kickoff time: 9223372036854775807 seconds since the Epoch
 Password last set:Mon, 14 Mar 2011 08:54:54 CET
 Password can change:  Mon, 14 Mar 2011 08:54:54 CET
 Password must change: Sun, 12 Jun 2011 09:54:54 CEST
 Last bad password   : 0
 Bad password count  : 0
 Logon hours : FF
 
 tdbdump of both (made on the samba4 machine, if tdbtools version matters?):
 
 {
 key(17) = USER_w-2000-007$\00
 data(199) = 
 \00\00\00\00\FF\FF\FF\7F\FF\FF\FF\7F\00\00\00\00q\E0vN\8F\19zFq\87\EDN\0C\00\00\00w-2000-007$\00\04\00\00\00BFE\00\01\00\00\00\00\0C\00\00\00W-2000-007$\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\01\00\00\00\00\01\00\00\00\00\01\00\00\00\00\01\00\00\00\00\0C\00\00\01\02\00\00\00\00\00\00\10\00\00\00\8C\9A\F1\16\AA@\90\1Ef\0E\95\B2\CAW\7F\97\00\00\00\00\80\00\00\00\00\00\00\00\00\00

Re: [Samba] samba3 to samba4 // logon hours // server role secrets.tdb, secrets.ldb

2012-10-15 Thread Andrew Bartlett

On Mon, 2012-10-15 at 11:52 +0200, Johannes Paechnatz wrote:
 Hello.
 
 I tried the migration from samba3 domain master (pdc) to a samba4.
 
 samba4 -V:
 Version 4.1.0pre1-GIT-2c3a808
 
 I used the wiki entry about samba3 migration as a guide, copied over
 the data etc. but I have some questions left.
 
 fyi - samba3 tdbsam backend. I removed/edited serveral user accounts
 with Umlauts in Fullname/Displayname. (tdbdump/text editor/tdbrestore)
 until all user accounts got migrated.

What was your 'unix charset' (we may need to add a conversion here, as
we assume UTF8 at the ldb layer). 

 1. machine accounts: some machine accounts don't have Logon hours
 FF what seem to be a problem.
 Could I manually change fields (which fields?) in the tdbsam dump? I
 tried pdbedit  -Z of the specific account, but that seems to change it
 to an epoch style timestamp and migration fails again - so I removed
 them in the tdbsam dump to get the migration working, after that
 additional steps all user and machine accounts get migrated.

Can you give me some more detail about what is wrong here?  We generally
do want to convert any valid samba3 account.

 2. The server role of samba3 is ROLE_DOMAIN_PDC after migration the
 samba4 server is stand alone and starting of smbd works without error.
 BUT if I change the server role to active directory domain controller
 and try samba instead of smbd, I get an error: Failed to find record
 for MYDOMAIN-HERE in /var/lib/samba/private/secrets.ldb: No such
 object: Have you provisioned the MYDOMAIN-HERE domain? Provisioning an
 new and empty ADS from scratch does work - but I need the migration
 ;-)
 I tried to modify the secrets.tdb before I start the classicupgrade
 without success.
 
 This is a show-stopper ;-)

Exactly what command did you run? 

We should upgrade a ROLE_DOMAIN_PDC into an 'server role = active
directory domain controller'.  Are you sure you are using the smb.conf
produced by the upgrade?

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba3 to samba4 // logon hours // server role secrets.tdb, secrets.ldb

Re: [Samba] samba3 to samba4 // logon hours // server role secrets.tdb, secrets.ldb

Re: [Samba] samba3 to samba4 // logon hours // server role secrets.tdb, secrets.ldb

3 matches

Site Navigation

Mail list logo

Footer information