On 15/09/14 16:52, igorfk at ig.com.br wrote:>
>
> Hi everybody,
>
> I have to migrate a member samba3 + openldap to a samba4 pdc
>
> In another server I'd compiled samba 4.2 from git with the following
> options:
> # ./configure --with-winbind --with-ads --with-ldap --with-pam_smbpass
> --with-quotas --with-utmp --enable-pthreadpool --with-acl-support
> --with-aio-support --with-fam --enable-selftest --enable-cups
> --enable-avahi
OK, firstly I do not recommend using using 4.2 from git, this is the
development branch and could have problems, I would suggest that you use
the latest samba4 tarball instead.
Next your configure options could be reduced to ./configure
--enable-selftest, all the rest are the defaults and you do not really
need ' --enable-selftest'
Finally, what OS are you using, is there a recent samba4 package available?
> compiling, testing (make quicktest) and installing were ok, no errors.
>
> Then I imported the ldap base from the original samba server to the new
> server without any problem with "# slapadd -l
> backup_from_original_ldap.ldif"
>
> With apache directory studio I removed the duplicate sid's, confliting
> names, etc
>
> After that I executed the migration via samba-tool with these
> parameters:
> # /usr/local/samba/bin/samba-tool domain classicupgrade
> --dbdir=/root/original_ldap_bk/var/lib/samba/ --use-xattrs=yes
> --dns-backend=BIND9_DLZ --realm=domain.com.br
> /root/original_ldap_bk/etc/samba/smb.conf
>
> The base is migrated an administrator password is generated and dlz
> generate the proper zones
>
> After I start the samba server, with "# samba" I can query
successfully
> the dns for "# host -t SRV _ldap._tcp.domain.com.br.", "#
host -t SRV
> _kerberos._udp.domain.com.br." , "# host -t A
dc1.domain.com.br." just
> like the wiki suggest.
>
> But it cannot start kerberos, kinit always return "Cannot contact any
> KDC for realm 'DOMAIN.COM.BR while getting > initial
credentials"
>
> When I start samba with "# samba -i -M single -d 9" winbind dies
with
> the following warnings:
>
> /usr/local/samba/sbin/winbindd: Failed to fetch our own, local AD domain
> join password for winbindd's internal use
> /usr/local/samba/sbin/winbindd: unable to initialize domain list
> Child /usr/local/samba/sbin/winbindd exited with status 1 - Operation
> not permitted
>
> Does anybody have a clue to what I have to do to proper initialize
> winbind, kerberos?
What is in /etc/resolv.conf and /etc/krb5.conf
Rowland