Daniel Carrasco Marín
2015-Apr-21 16:45 UTC
[Samba] Noob question: user moved to a OU dissapear from getent, but groups don't
Hi, first of all i'm sorry for my english. I'm triyng to migrate a Samba 3.6 domain to Samba 4 and I've a question about OU and Winbind: OU affects to something more besides GPO in AD and Winbind?. Because I've moved all users to an OU and all less one (strangely) have dissapear from "getent passwd" and the other SO tools. If i run "wbinfo -u" all users are showed but I've tried a lot of things like: - Reboot - Restart Winbind and Samba daemons - Stop daemons, clear winbind cache and start daemons again. - Move the users back to "Users" folder and repeat the above steps. But none of above has worked. Finally i've restored the server to an old state to make it work again. I've done something wrong?. I've to configure something to make the winbind read the OU? Now i've moved some disabled users to a new OU and have dissapear from getent, then the problem still there. Here's my samba cfg: [global] workgroup = CASA realm = casa.red netbios name = PDC.CASA.RED server string = %h server server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate idmap_ldb:use rfc2307 = yes preferred master = Yes domain master = Yes wins support = Yes encrypt passwords = yes # Winbind para mostrar grupos y usuarios del dominio en Linux winbind nss info = rfc2307 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind refresh tickets = Yes winbind nested groups = No winbind separator = + winbind normalize names = yes idmap config CASA : backend = ad idmap config * : backend = tdb idmap config * : range = 1000-20000000 # Desactivar Cups en este servidor printcap name = /etc/printcap load printers = no name resolve order = wins hosts lmhosts bcast ??Thanks!!
Rowland Penny
2015-Apr-21 16:56 UTC
[Samba] Noob question: user moved to a OU dissapear from getent, but groups don't
On 21/04/15 17:45, Daniel Carrasco Mar?n wrote:> Hi, first of all i'm sorry for my english. > > I'm triyng to migrate a Samba 3.6 domain to Samba 4 and I've a question > about OU and Winbind:How are you trying to migrate the domain ?> > OU affects to something more besides GPO in AD and Winbind?. Because I've > moved all users to an OU and all less one (strangely) have dissapear from > "getent passwd" and the other SO tools. > If i run "wbinfo -u" all users are showed but I've tried a lot of things > like: > > - Reboot > - Restart Winbind and Samba daemons > - Stop daemons, clear winbind cache and start daemons again. > - Move the users back to "Users" folder and repeat the above steps. > > But none of above has worked. Finally i've restored the server to an old > state to make it work again. > > I've done something wrong?. I've to configure something to make the winbind > read the OU? > > Now i've moved some disabled users to a new OU and have dissapear from > getent, then the problem still there. > > > Here's my samba cfg: > > [global] > workgroup = CASA > realm = casa.red > netbios name = PDC.CASA.RED > server string = %h server > server role = active directory domain controller > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, > winbind, ntp_signd, kcc, dnsupdate > idmap_ldb:use rfc2307 = yes > preferred master = Yes > domain master = Yes > wins support = Yes > encrypt passwords = yes > > > # Winbind para mostrar grupos y usuarios del dominio en Linux > winbind nss info = rfc2307 > winbind enum users = Yes > winbind enum groups = Yes > winbind use default domain = Yes > winbind refresh tickets = Yes > winbind nested groups = No > winbind separator = + > winbind normalize names = yes > > idmap config CASA : backend = ad > idmap config * : backend = tdb > idmap config * : range = 1000-20000000 > > # Desactivar Cups en este servidor > printcap name = /etc/printcap > load printers = no > > name resolve order = wins hosts lmhosts bcast > > > ??Thanks!!What do you think you have ? An AD DC or a member server ? If it is an AD DC, please put the smb.conf back to what it was, just after the upgrade (provided you ran the classicupgrade) If it is supposed to be a member server, remove the 'service role' & 'server services' lines. Rowland
Daniel Carrasco Marín
2015-Apr-21 17:34 UTC
[Samba] Noob question: user moved to a OU dissapear from getent, but groups don't
Thanks for your reply. I've migrated the domain copying all files in /var/lib/samba and /etc/samba from original domain to new domain, I've edit the smb file to change the "passdb backend" line to match the old server (because original is localhost and give me an error connecting), and then I run this command: samba-tool domain classicupgrade --dbdir=/home/user/samba --use-xattrs=yes --realm=casa.red --dns-backend=BIND9_DLZ /home/user/smb.conf After all the progress i change the bind config file to add the samba file (matching with the Bind Version 9.9). When I connect to new domain all users and groups are in "Users" folder, then if i move all groups to new OU "getent group" works perfect, but if i move some users to new OU then it dissapear from "getent passwd". I've done some test and is strange because I've 100 users: - I've moved some users and have dissapear from getent (88 users). - Later i've move some other users and the result was 94 users. - Later without touch anything it goes back to 100 users. - Later again i've move another user and has changed to ~74 users (i don't remember the exact number). - And now it's back to 100 users and for now is not changing... Maybe is a problem of cache, but i don't know why the cache wasn't be updated after all i did. Even i've purged the winbind package and deleted the cache files to install a clean version of winbind and the problem persist... Is an AD, but if I use the smb.conf provided by classicupgrade then getent don't show the AD users/groups (it don't have any info about Winbind). Maybe I should create a hybrid adding only the Winbind entries? Anyway, tomorrow i'll try because i've to revert again to the backup image and is late. Greetings!! 2015-04-21 18:56 GMT+02:00 Rowland Penny <rowlandpenny at googlemail.com>:> On 21/04/15 17:45, Daniel Carrasco Mar?n wrote: > >> Hi, first of all i'm sorry for my english. >> >> I'm triyng to migrate a Samba 3.6 domain to Samba 4 and I've a question >> about OU and Winbind: >> > > How are you trying to migrate the domain ? > > >> OU affects to something more besides GPO in AD and Winbind?. Because I've >> moved all users to an OU and all less one (strangely) have dissapear from >> "getent passwd" and the other SO tools. >> If i run "wbinfo -u" all users are showed but I've tried a lot of things >> like: >> >> - Reboot >> - Restart Winbind and Samba daemons >> - Stop daemons, clear winbind cache and start daemons again. >> - Move the users back to "Users" folder and repeat the above steps. >> >> >> But none of above has worked. Finally i've restored the server to an old >> state to make it work again. >> >> I've done something wrong?. I've to configure something to make the >> winbind >> read the OU? >> >> Now i've moved some disabled users to a new OU and have dissapear from >> getent, then the problem still there. >> >> >> Here's my samba cfg: >> >> [global] >> workgroup = CASA >> realm = casa.red >> netbios name = PDC.CASA.RED >> server string = %h server >> server role = active directory domain controller >> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, >> winbind, ntp_signd, kcc, dnsupdate >> idmap_ldb:use rfc2307 = yes >> preferred master = Yes >> domain master = Yes >> wins support = Yes >> encrypt passwords = yes >> >> >> # Winbind para mostrar grupos y usuarios del dominio en Linux >> winbind nss info = rfc2307 >> winbind enum users = Yes >> winbind enum groups = Yes >> winbind use default domain = Yes >> winbind refresh tickets = Yes >> winbind nested groups = No >> winbind separator = + >> winbind normalize names = yes >> >> idmap config CASA : backend = ad >> idmap config * : backend = tdb >> idmap config * : range = 1000-20000000 >> >> # Desactivar Cups en este servidor >> printcap name = /etc/printcap >> load printers = no >> >> name resolve order = wins hosts lmhosts bcast >> >> >> ??Thanks!! >> > > What do you think you have ? > An AD DC or a member server ? > If it is an AD DC, please put the smb.conf back to what it was, just > after the upgrade (provided you ran the classicupgrade) > If it is supposed to be a member server, remove the 'service role' & > 'server services' lines. > > Rowland > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Possibly Parallel Threads
- Noob question: user moved to a OU dissapear from getent, but groups don't
- Noob question: user moved to a OU dissapear from getent, but groups don't
- Noob question: user moved to a OU dissapear from getent, but groups don't
- Noob question: user moved to a OU dissapear from getent, but groups don't
- after identify labels dissapear XP