Since I don't seem to be having any luck with the classicupgrade, I decided to try starting from scratch and then adding users. I ran the command: /usr/local/samba/bin/samba-tool domain provision --realm=<my realm> \ --domain=<mydomain> --adminpass 'mypass' --server-role=dc \ --dns-backend=BIND9_DLZ Then I tried both adding and changing users. In neither case can I change the SID with pdbedit. It seems to be added with a system-defined SID, irrespective of what I specify. pdbedit -v is able to list the user's parameters, including the SID. Any suggestions? I am pretty much stuck here trying to figure out how to migrate from an existing SAMBA3 domain to SAMBA4.
2013-04-01 02:36 keltez?ssel, simon+samba at matthews.eu ?rta:> Since I don't seem to be having any luck with the classicupgrade, I > decided to try starting from scratch and then adding users. > > I ran the command: > /usr/local/samba/bin/samba-tool domain provision --realm=<my realm> \ > --domain=<mydomain> --adminpass 'mypass' --server-role=dc \ > --dns-backend=BIND9_DLZ > > Then I tried both adding and changing users. In neither case can I > change the SID with pdbedit. It seems to be added with a > system-defined SID, irrespective of what I specify. pdbedit -v is able > to list the user's parameters, including the SID. > > Any suggestions? I am pretty much stuck here trying to figure out how > to migrate from an existing SAMBA3 domain to SAMBA4. > >Hi, Trying to add users one by one (preserving SID) is IMHO a lot harder (you would probably need to ldbmodify the user record of each one) to do, than fixing your samba3 install to have it classicupgraded. Regards Geza Gemes
On Tue, 2 Apr 2013, Andrew Bartlett wrote:> On Mon, 2013-04-01 at 09:26 +0200, G?mes G?za wrote: > > 2013-04-01 02:36 keltez?ssel, simon+samba at matthews.eu ?rta: > > > Since I don't seem to be having any luck with the classicupgrade, I > > > decided to try starting from scratch and then adding users. > > > > > > I ran the command: > > > /usr/local/samba/bin/samba-tool domain provision --realm=<my realm> \ > > > --domain=<mydomain> --adminpass 'mypass' --server-role=dc \ > > > --dns-backend=BIND9_DLZ > > > > > > Then I tried both adding and changing users. In neither case can I > > > change the SID with pdbedit. It seems to be added with a system-defined > > > SID, irrespective of what I specify. pdbedit -v is able to list the > > > user's parameters, including the SID. > > > > > > Any suggestions? I am pretty much stuck here trying to figure out how to > > > migrate from an existing SAMBA3 domain to SAMBA4. > > > > > > > > Hi, > > > > Trying to add users one by one (preserving SID) is IMHO a lot harder (you > > would probably need to ldbmodify the user record of each one) to do, than > > fixing your samba3 install to have it classicupgraded. > > Indeed. The only way to safely import a list of users who already have > SIDs is to migrate them to Samba 4.0's AD DC using one of the supported > migration tools. > > These are 'samba-tool domain join dc' and 'samba-tool domain > classicupgrade'.Perhaps I need to address why the "classicupgrade" did not work. I see now that I did not pass the --dbdir option when running it before. I'll try again. If I could change the subject somewhat, I am also not clear on how to configure SAMBA4 and the DNS server if my network has an existing DNS server on another machine and I don't really want to move it. The DNS server is a stock install of bind from the distro's repository: bind-9.8.2-0.17.rc1.el6_4.4.x86_64 Simon
On Mon, Apr 1, 2013 at 11:33 PM, Andrew Bartlett <abartlet at samba.org> wrote:> On Mon, 2013-04-01 at 23:26 -0500, Hef wrote: > > I thought that samba was supposed to be able to use nsupdate to > > perform dynamic dns updates. Is this not accurate? > > Please keep comments on the list. >Apologies, I misused the reply button.> > These updates still have to be against a Samba DNS server. > > Even if Samba is configured to somehow update a different server, the > windows clients and other DCs also need to do the same. And if they > did, you couldn't add a windows DC with it's DNS server to the mix, > because the data wouldn't be in the directory where it is expected to > be. >My thought was to have the DNS registrations against samba4 and then have samba4 re-register against a dns server via nsupdate. I hadn't considered interacting with other windows based PDC's in the domain. Would that imply that for an upsteam DNS server, I should have an NS record pointing to the samba4 server as a subdomain? and instead of having a AD domain example.com, I should have ad.example.com?> > Andrew Bartlett > > -- > Andrew Bartlett http://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > > >