On Mon, 28 Nov 2016 09:49:31 +0100 "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:> Am 2016-11-26 um 20:50 schrieb Stefan G. Weichinger via samba: > > > Thanks for the hints, I already read the wiki, yes. > > I will look at the users and groups next week then. > > attacked that now in a VM: > > cpied /var/lib/samba and /etc passwd over, did something like: > > # tree /usr/local/samba/ > /usr/local/samba/ > ├── dbdir > │ ├── account_policy.tdb > │ ├── gencache_notrans.tdb > │ ├── group_mapping.tdb > │ ├── passdb.tdb > │ ├── schannel_store.tdb > │ ├── secrets.tdb > │ └── wins.dat > └── etc > └── smb.PDC.conf > > It runs through OK mostly, things I wonder about are: > > * lines like: > > Ignoring group memberships of 'pl13' > S-1-5-21-2940660672-4062535256-4144655499-2026: Unable to enumerate > group memberships, (-1073741724,No such user) > > Do I have to have the users in /etc/passwd as well for the conversion? > > Asked differently: > > Does the classicupgrade change anythin in the running samba-config or > not? Am I supposed to run it *on* the NT4-samba-PDC and just generate > the new config first, then cp this generated config over into some > test environment ... ? > > thanks, regards, Stefan > >Have you read this: https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_%28Classic_Upgrade%29 Particularly this part: https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_%28Classic_Upgrade%29#Upgrading_on_a_new_server Accepted practice is to test first in a test domain and then do it again in production, once you know exactly what needs fixing in your old setup (hopefully nothing) The upgrade should read from ldap and the Samba databases, not /etc/passwd & /etc/group Rowland
Am 2016-11-28 um 10:27 schrieb Rowland Penny via samba:> Have you read this: > > https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_%28Classic_Upgrade%29 > > Particularly this part: > > https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_%28Classic_Upgrade%29#Upgrading_on_a_new_serverYes, as you can see from my subdir-tree ... exactly as the Wiki. (btw "wins.dat" is not mentioned in the wiki but was needed here)> Accepted practice is to test first in a test domain and then do it > again in production, once you know exactly what needs fixing in your > old setup (hopefully nothing) > > The upgrade should read from ldap and the Samba databases, > not /etc/passwd & /etc/groupAs there is no LDAP on the old server and no passwd/group needed: what am I missing that is leading to: Ignoring group memberships of 'pl13' S-1-5-21-2940660672-4062535256-4144655499-2026: Unable to enumerate group memberships, (-1073741724,No such user) ? Thanks, Stefan
On Mon, 28 Nov 2016 10:54:55 +0100 "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:> Am 2016-11-28 um 10:27 schrieb Rowland Penny via samba: > > > Have you read this: > > > > https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_%28Classic_Upgrade%29 > > > > Particularly this part: > > > > https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_%28Classic_Upgrade%29#Upgrading_on_a_new_server > > Yes, as you can see from my subdir-tree ... exactly as the Wiki. > > (btw "wins.dat" is not mentioned in the wiki but was needed here) > > > Accepted practice is to test first in a test domain and then do it > > again in production, once you know exactly what needs fixing in your > > old setup (hopefully nothing) > > > > The upgrade should read from ldap and the Samba databases, > > not /etc/passwd & /etc/group > > As there is no LDAP on the old server and no passwd/group needed: > what am I missing that is leading to: > > Ignoring group memberships of 'pl13' > S-1-5-21-2940660672-4062535256-4144655499-2026: Unable to enumerate > group memberships, (-1073741724,No such user) > > ? > > Thanks, Stefan >OK, that error message is coming from here: try: group_memberships = s3db.enum_group_memberships(user); for group in group_memberships: if str(group) in groupmembers: if user.user_sid not in groupmembers[str(group)]: groupmembers[str(group)].append(user.user_sid) else: groupmembers[str(group)] = [user.user_sid]; except passdb.error, e: logger.warn("Ignoring group memberships of '%s' %s: %s", username, user.user_sid, e) and it seems that it cannot find the user 'pl13' If there are only a few of these, then they can be ignored, but if there are a lot, it needs sorting. If you examine this line: group_memberships = s3db.enum_group_memberships(user); it uses 's3db' to get the group memberships of the user, 's3db' is obtained here: def get_sam_db(self): return passdb.PDB(self.lp.get('passdb backend')) In English, this means 'what is to the right of 'passd backend =' in smb.conf So, at this point, it might help if you posted your smb.conf. Rowland