samba - Aug 2007 - Migrating NT4->Samba3: Found bogus group member...

Hi, 

today I tried to migrate an old NT4 PDC to Samba 3 as described in 

  http://samba.org/samba/docs/man/Samba-HOWTO-Collection/NT4Migration.html

but with the Samba databases on LDAP: Whenever I tried that 

  net rpc vampire -S NT4PDC -U administrator%passwd

I received error messages that the users cannot be created. When I set
debugging to level 2, it told me about 

  Found bogus group member: ...



Unfortunately, error messages are that poor that I did not yet figure
out what exactly is the problem. 

Does anyone know about this problem?


And, btw., the instructions are quite confusing. The HOWTO tells about
creating groups, but within the process of creating (and trying to use
the smbldap-* scripts) I had to deal with groups in /etc/group, LDAP
posix groups, Samba groups etc.

Is there anywhere a precise description about how things belong
together and which groups and contents are required? It is sort of
difficult to debug if it not obvious how the data structures should
look like.

regards
Hadmut

Hadmut,

I wrote the HOWTO and I may be able to help you. 

In return for helping you, when you have a working system will you help me to 
fix the HOWTO documentation? Is that a deal you can handle?


On Thursday 16 August 2007 14:25, Hadmut Danisch wrote:
> Hi,
>
> today I tried to migrate an old NT4 PDC to Samba 3 as described in
>
>   http://samba.org/samba/docs/man/Samba-HOWTO-Collection/NT4Migration.html
>
> but with the Samba databases on LDAP: Whenever I tried that
>
>   net rpc vampire -S NT4PDC -U administrator%passwd
>
> I received error messages that the users cannot be created. When I set
> debugging to level 2, it told me about
>
>   Found bogus group member: ...
It sounds like you have Windows groups that have spaces in them. Does you 
Samba host OS support spaces in group names?

The smbldap scripts will create a Windows Domain group (you call that a Samba 
group) and maps that to a POSIX group with the same name. If your Samba host 
OS does not support groups that have spaces in them, you will need to create 
the Windows (Samba) groups and the matching POSIX group manually.

For example, if your Windows Domain Group on the NT4 domain is called
"Master
Plummers", the smbldap scripts will create a Windows domain group 
called "Master Plummers" (in the SambaSAM part of the LDAP directory
entry)
for the POSIX account (it will add to the LDAP directory) called "Master 
Plummers".

To get around the problem of a space in the name you should change the Windows 
domain group name (eliminate the space) before migration. Following 
migration, you could rename the Windows (SambaSAM) group name by re-insertion 
of the space.
>
>
> Unfortunately, error messages are that poor that I did not yet figure
> out what exactly is the problem.
It can be a challenge to figure out what is the originating cause of the 
problem.
> Does anyone know about this problem?
Your information is not detailed enough to finger the cause. I just took a 
hunch from the few dozen migrations I had to do.
>
> And, btw., the instructions are quite confusing. 
Since you have recognized that, please help me to fix them. Just point me to 
exactly what is confusing - I'll try to fix it.
> The HOWTO tells about 
> creating groups, but within the process of creating (and trying to use
> the smbldap-* scripts) I had to deal with groups in /etc/group, LDAP
> posix groups, Samba groups etc.
If your groups are in LDAP, why would you add them to /etc/group? Where does 
the documentation tell you to add them to LDAP, Samba (Windows domain) 
and /etc/group? That is plain stupid and must be fixed. so please point me to 
it.
>
> Is there anywhere a precise description about how things belong
> together and which groups and contents are required? It is sort of
> difficult to debug if it not obvious how the data structures should
> look like.
Have you read the book "Samba3- By Example"? There is a chapter in
there that
provides a detailed example of a migration from NT4 to Samba3. Is that not 
clear enough? What is confusing about it? Please help me to fix it.

- John T.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :
http://lists.samba.org/archive/samba/attachments/20070816/ca51bb07/attachment.bin