samba - Jul 2003 - Samba 3 Beta3 using LDAP and NT4 Migrate

Hi,

I am trying a test of migrating a NT4 Domain to Samba 3 Beta 3 configured to
use LDAP on Redhat 8.  Is this possible?

Details
-------
I previously had Beta 2 on LDAP running as it's own domain controller
without problem and could create users (in LDAP) with smbpasswd -a.  XP
clients could join and login OK.

Now I have flushed that setup and have loaded Beta 3 configured to use LDAP,
installed a test NT4 domain controller and tried the NT4 migration steps
(Samba (nmbd, smbd) was not running as per instructions).

(1) the LDAP schema changed from Beta2 -> Beta3, this was not mentioned in
the release notes.  This was relatively simple to fix.

(2) the "net getsid" command:
    net getsid -S NT4PDC -w DOMNAME -U Administrator%passwd
does not exist?  Is there an equivalent?

I skipped this step.

(3) "net getlocalsid" returns, none set!.  I ran "net
setlocalsid" and gave
it the SID from "rpcclient NT4PDC -U Administrator%passwd".

(4) net join appeared to work well.

(5)  the net rpc vampire command fails:
Fetching DOMAIN database
SAM_DELTA_DOMAIN_INFO not handled
Creating unix group: 'Domain Admins'
Creating unix group: 'Domain Users'
Creating unix group: 'Domain Guests'
Creating account: Administrator
Creating account: Guest
Creating account: TESTPDC$
Creating account: user1
Creating account: user2
Creating account: admin1
Creating account: admin2
Creating account: CROAK$
Creating account: DEBBIE$
[2003/07/17 19:41:14, 0] utils/net_rpc_samsync.c:fetch_group_mem_info(583)
  Could not find global group 512
[2003/07/17 19:41:14, 0] utils/net_rpc_samsync.c:fetch_group_mem_info(583)
  Could not find global group 513
[2003/07/17 19:41:14, 0] utils/net_rpc_samsync.c:fetch_group_mem_info(583)
  Could not find global group 514
Fetching BUILTIN database
[2003/07/17 19:41:14, 0] rpc_client/cli_pipe.c:rpc_api_pipe_req(1026)
  SCHANNEL ERROR: seq_num must be even in client (seq_num=3)
SAM_DELTA_DOMAIN_INFO not handled
Creating unix group: 'Account Operators'
Creating unix group: 'Administrators'
Creating unix group: 'Backup Operators'
Creating unix group: 'Guests'
Creating unix group: 'Print Operators'
Creating unix group: 'Replicator'
Creating unix group: 'Server Operators'
Creating unix group: 'Users'

Nothing is put in LDAP, /etc/passwd., or /etc/group.  I was hoping my LDAP
would be populated :-(.

(6) I noticed that pdbedit -Lv did put the sambaDomain entry into LDAP.
This is the only change that occurred in LDAP.

(7) The migration instructions mention:
   Before attempting to migrate user and group accounts it is STRONGLY
   advised to create in Samba-3 the groups that are present on the MS
  Windows NT4 domain AND to connect these to suitable Unix/Linux groups

How does one create/connect these Samba-3 groups that work when using samba
with LDAP?

BTW I am using IBM's LDAP server 5.1 on Redhat 8

Thanks,
Peter

Le 17 juillet 2003 ? 20:01, Peter S. Calvert a ?crit:

Hi, I am also planning to do this, except that I haven't ibm ldap but
openldap.
I am using samba 3 beta 3, openldap and a red hat 9, with an NT 4
server.
> (1) the LDAP schema changed from Beta2 -> Beta3, this was not mentioned
in
> the release notes.  This was relatively simple to fix.
It didn't change anything for me except that I put the new samba.schema
in /etc/openldap/schema
> (2) the "net getsid" command:
>     net getsid -S NT4PDC -w DOMNAME -U Administrator%passwd
> does not exist?  Is there an equivalent?
Same problem !

I will try again and maybe report, but these steps look quite obscure to
me.

Cheers,

-- 
Nicollet Xavier
EFREI Linux:     http://www.linux.efrei.fr/

(totally new to this gig but...)
I think the net getsid command should be
net rpc getsid

without the SID NT wont like you (well as far as I can see anyhow)
Hope that helps :c)

Matt D.

Peter S. Calvert wrote:
> Hi,
> 
> I am trying a test of migrating a NT4 Domain to Samba 3 Beta 3 configured
to
> use LDAP on Redhat 8.  Is this possible?
> 
> Details
> -------
> I previously had Beta 2 on LDAP running as it's own domain controller
> without problem and could create users (in LDAP) with smbpasswd -a.  XP
> clients could join and login OK.
> 
> Now I have flushed that setup and have loaded Beta 3 configured to use
LDAP,
> installed a test NT4 domain controller and tried the NT4 migration steps
> (Samba (nmbd, smbd) was not running as per instructions).
> 
> (1) the LDAP schema changed from Beta2 -> Beta3, this was not mentioned
in
> the release notes.  This was relatively simple to fix.
> 
> (2) the "net getsid" command:
>     net getsid -S NT4PDC -w DOMNAME -U Administrator%passwd
> does not exist?  Is there an equivalent?
> 
> I skipped this step.
> 
> (3) "net getlocalsid" returns, none set!.  I ran "net
setlocalsid" and gave
> it the SID from "rpcclient NT4PDC -U Administrator%passwd".
> 
> (4) net join appeared to work well.
> 
> (5)  the net rpc vampire command fails:
> Fetching DOMAIN database
> SAM_DELTA_DOMAIN_INFO not handled
> Creating unix group: 'Domain Admins'
> Creating unix group: 'Domain Users'
> Creating unix group: 'Domain Guests'
> Creating account: Administrator
> Creating account: Guest
> Creating account: TESTPDC$
> Creating account: user1
> Creating account: user2
> Creating account: admin1
> Creating account: admin2
> Creating account: CROAK$
> Creating account: DEBBIE$
> [2003/07/17 19:41:14, 0] utils/net_rpc_samsync.c:fetch_group_mem_info(583)
>   Could not find global group 512
> [2003/07/17 19:41:14, 0] utils/net_rpc_samsync.c:fetch_group_mem_info(583)
>   Could not find global group 513
> [2003/07/17 19:41:14, 0] utils/net_rpc_samsync.c:fetch_group_mem_info(583)
>   Could not find global group 514
> Fetching BUILTIN database
> [2003/07/17 19:41:14, 0] rpc_client/cli_pipe.c:rpc_api_pipe_req(1026)
>   SCHANNEL ERROR: seq_num must be even in client (seq_num=3)
> SAM_DELTA_DOMAIN_INFO not handled
> Creating unix group: 'Account Operators'
> Creating unix group: 'Administrators'
> Creating unix group: 'Backup Operators'
> Creating unix group: 'Guests'
> Creating unix group: 'Print Operators'
> Creating unix group: 'Replicator'
> Creating unix group: 'Server Operators'
> Creating unix group: 'Users'
> 
> Nothing is put in LDAP, /etc/passwd., or /etc/group.  I was hoping my LDAP
> would be populated :-(.
> 
> (6) I noticed that pdbedit -Lv did put the sambaDomain entry into LDAP.
> This is the only change that occurred in LDAP.
> 
> (7) The migration instructions mention:
>    Before attempting to migrate user and group accounts it is STRONGLY
>    advised to create in Samba-3 the groups that are present on the MS
>   Windows NT4 domain AND to connect these to suitable Unix/Linux groups
> 
> How does one create/connect these Samba-3 groups that work when using samba
> with LDAP?
> 
> BTW I am using IBM's LDAP server 5.1 on Redhat 8
> 
> Thanks,
> Peter
> 
> 
>