On 08/28/2015 03:56 AM, Rowland Penny wrote:> On 27/08/15 23:23, Robert Moskowitz wrote: >> So as I said, I grabbed EVERYTHING that was in the /etc/samba dir >> along with ALL .tbd files and ran: >> >> # samba-tool domain classicupgrade --dbdir=/root/samba.PDC/dbdir/ >> --use-xattrs=yes --realm=home.htt --dns-backend=BIND9_DLZ >> /root/samba.PDC/etc/smb.conf >> >> ANd it resulted in (note ldap error): >> >> Reading smb.conf >> NOTE: Service printers is flagged unavailable. >> NOTE: Service print$ is flagged unavailable. >> Unknown parameter encountered: "force directory security mode" >> Ignoring unknown parameter "force directory security mode" >> Provisioning >> Exporting account policy >> Exporting groups >> Exporting users >> Next rid = 1000 >> Exporting posix attributes >> Reading WINS database >> Looking up IPv4 addresses >> Looking up IPv6 addresses >> No IPv6 address will be assigned >> Setting up secrets.ldb >> Setting up the registry >> Setting up the privileges database >> Setting up idmap db >> Setting up SAM db >> Setting up sam.ldb partitions and settings >> Setting up sam.ldb rootDSE >> Pre-loading the Samba 4 and AD schema >> Adding DomainDN: DC=home,DC=htt >> Adding configuration container >> Setting up sam.ldb schema >> Setting up sam.ldb configuration data >> Setting up display specifiers >> Modifying display specifiers >> Adding users container >> Modifying users container >> Adding computers container >> Modifying computers container >> Setting up sam.ldb data >> Setting up well known security principals >> Setting up sam.ldb users and groups >> Setting up self join >> Setting acl on sysvol skipped >> Adding DNS accounts >> Creating CN=MicrosoftDNS,CN=System,DC=home,DC=htt >> Creating DomainDnsZones and ForestDnsZones partitions >> Populating DomainDnsZones and ForestDnsZones partitions >> See /var/lib/samba/private/named.conf for an example configuration >> include file for BIND >> and /var/lib/samba/private/named.txt for further documentation >> required for secure DNS updates >> Setting up sam.ldb rootDSE marking as synchronized >> Fixing provision GUIDs >> A Kerberos configuration suitable for Samba 4 has been generated at >> /var/lib/samba/private/krb5.conf >> Setting up fake yp server settings >> Once the above files are installed, your Samba4 server will be ready >> to use >> Admin password: --------------- >> Server Role: active directory domain controller >> Hostname: homebase >> NetBIOS Domain: HOME >> DNS Domain: home.htt >> DOMAIN SID: S-1-5-21-4240919292-2417995422-4236335894 >> Importing WINS database >> Importing Account policy >> Importing idmap database >> Cannot open idmap database, Ignoring: [Errno 2] No such file or >> directoryWhat is this error about?>> Adding groups >> Importing groups >> Committing 'add groups' transaction to disk >> Adding users >> Importing users >> Committing 'add users' transaction to disk >> Adding users to groups >> Committing 'add users to groups' transaction to disk >> >> > > What ldap error?Too fast last evening... See above about idmap, not ldap. ARGH!> As far as I can see, you just upgraded to ADThat is good to know.
On 28/08/15 10:47, Robert Moskowitz wrote:> > > On 08/28/2015 03:56 AM, Rowland Penny wrote: >> On 27/08/15 23:23, Robert Moskowitz wrote: >>> So as I said, I grabbed EVERYTHING that was in the /etc/samba dir >>> along with ALL .tbd files and ran: >>> >>> # samba-tool domain classicupgrade --dbdir=/root/samba.PDC/dbdir/ >>> --use-xattrs=yes --realm=home.htt --dns-backend=BIND9_DLZ >>> /root/samba.PDC/etc/smb.conf >>> >>> ANd it resulted in (note ldap error): >>> >>> Reading smb.conf >>> NOTE: Service printers is flagged unavailable. >>> NOTE: Service print$ is flagged unavailable. >>> Unknown parameter encountered: "force directory security mode" >>> Ignoring unknown parameter "force directory security mode" >>> Provisioning >>> Exporting account policy >>> Exporting groups >>> Exporting users >>> Next rid = 1000 >>> Exporting posix attributes >>> Reading WINS database >>> Looking up IPv4 addresses >>> Looking up IPv6 addresses >>> No IPv6 address will be assigned >>> Setting up secrets.ldb >>> Setting up the registry >>> Setting up the privileges database >>> Setting up idmap db >>> Setting up SAM db >>> Setting up sam.ldb partitions and settings >>> Setting up sam.ldb rootDSE >>> Pre-loading the Samba 4 and AD schema >>> Adding DomainDN: DC=home,DC=htt >>> Adding configuration container >>> Setting up sam.ldb schema >>> Setting up sam.ldb configuration data >>> Setting up display specifiers >>> Modifying display specifiers >>> Adding users container >>> Modifying users container >>> Adding computers container >>> Modifying computers container >>> Setting up sam.ldb data >>> Setting up well known security principals >>> Setting up sam.ldb users and groups >>> Setting up self join >>> Setting acl on sysvol skipped >>> Adding DNS accounts >>> Creating CN=MicrosoftDNS,CN=System,DC=home,DC=htt >>> Creating DomainDnsZones and ForestDnsZones partitions >>> Populating DomainDnsZones and ForestDnsZones partitions >>> See /var/lib/samba/private/named.conf for an example configuration >>> include file for BIND >>> and /var/lib/samba/private/named.txt for further documentation >>> required for secure DNS updates >>> Setting up sam.ldb rootDSE marking as synchronized >>> Fixing provision GUIDs >>> A Kerberos configuration suitable for Samba 4 has been generated at >>> /var/lib/samba/private/krb5.conf >>> Setting up fake yp server settings >>> Once the above files are installed, your Samba4 server will be ready >>> to use >>> Admin password: --------------- >>> Server Role: active directory domain controller >>> Hostname: homebase >>> NetBIOS Domain: HOME >>> DNS Domain: home.htt >>> DOMAIN SID: S-1-5-21-4240919292-2417995422-4236335894 >>> Importing WINS database >>> Importing Account policy >>> Importing idmap database >>> Cannot open idmap database, Ignoring: [Errno 2] No such file or >>> directory > > What is this error about? > >>> Adding groups >>> Importing groups >>> Committing 'add groups' transaction to disk >>> Adding users >>> Importing users >>> Committing 'add users' transaction to disk >>> Adding users to groups >>> Committing 'add users to groups' transaction to disk >>> >>> >> >> What ldap error? > > Too fast last evening... See above about idmap, not ldap. ARGH!That is a fairly common error, now I have never actually done a classicupgrade, but I think what it means is that it cannot find any idmap info, seeing as how mostly this setting wasn't used, this is not surprising.> >> As far as I can see, you just upgraded to AD > > That is good to know. > >Try running some tests with ldapsearch or ldbsearch, see if your users & groups are there etc. Rowland
On 08/28/2015 05:57 AM, Rowland Penny wrote:> On 28/08/15 10:47, Robert Moskowitz wrote: >> >> >> On 08/28/2015 03:56 AM, Rowland Penny wrote: >>> On 27/08/15 23:23, Robert Moskowitz wrote: >>>> So as I said, I grabbed EVERYTHING that was in the /etc/samba dir >>>> along with ALL .tbd files and ran: >>>> >>>> # samba-tool domain classicupgrade --dbdir=/root/samba.PDC/dbdir/ >>>> --use-xattrs=yes --realm=home.htt --dns-backend=BIND9_DLZ >>>> /root/samba.PDC/etc/smb.conf >>>> >>>> ANd it resulted in (note ldap error): >>>> >>>> Reading smb.conf >>>> NOTE: Service printers is flagged unavailable. >>>> NOTE: Service print$ is flagged unavailable. >>>> Unknown parameter encountered: "force directory security mode" >>>> Ignoring unknown parameter "force directory security mode" >>>> Provisioning >>>> Exporting account policy >>>> Exporting groups >>>> Exporting users >>>> Next rid = 1000 >>>> Exporting posix attributes >>>> Reading WINS database >>>> Looking up IPv4 addresses >>>> Looking up IPv6 addresses >>>> No IPv6 address will be assigned >>>> Setting up secrets.ldb >>>> Setting up the registry >>>> Setting up the privileges database >>>> Setting up idmap db >>>> Setting up SAM db >>>> Setting up sam.ldb partitions and settings >>>> Setting up sam.ldb rootDSE >>>> Pre-loading the Samba 4 and AD schema >>>> Adding DomainDN: DC=home,DC=htt >>>> Adding configuration container >>>> Setting up sam.ldb schema >>>> Setting up sam.ldb configuration data >>>> Setting up display specifiers >>>> Modifying display specifiers >>>> Adding users container >>>> Modifying users container >>>> Adding computers container >>>> Modifying computers container >>>> Setting up sam.ldb data >>>> Setting up well known security principals >>>> Setting up sam.ldb users and groups >>>> Setting up self join >>>> Setting acl on sysvol skipped >>>> Adding DNS accounts >>>> Creating CN=MicrosoftDNS,CN=System,DC=home,DC=htt >>>> Creating DomainDnsZones and ForestDnsZones partitions >>>> Populating DomainDnsZones and ForestDnsZones partitions >>>> See /var/lib/samba/private/named.conf for an example configuration >>>> include file for BIND >>>> and /var/lib/samba/private/named.txt for further documentation >>>> required for secure DNS updates >>>> Setting up sam.ldb rootDSE marking as synchronized >>>> Fixing provision GUIDs >>>> A Kerberos configuration suitable for Samba 4 has been generated at >>>> /var/lib/samba/private/krb5.conf >>>> Setting up fake yp server settings >>>> Once the above files are installed, your Samba4 server will be >>>> ready to use >>>> Admin password: --------------- >>>> Server Role: active directory domain controller >>>> Hostname: homebase >>>> NetBIOS Domain: HOME >>>> DNS Domain: home.htt >>>> DOMAIN SID: S-1-5-21-4240919292-2417995422-4236335894 >>>> Importing WINS database >>>> Importing Account policy >>>> Importing idmap database >>>> Cannot open idmap database, Ignoring: [Errno 2] No such file or >>>> directory >> >> What is this error about? >> >>>> Adding groups >>>> Importing groups >>>> Committing 'add groups' transaction to disk >>>> Adding users >>>> Importing users >>>> Committing 'add users' transaction to disk >>>> Adding users to groups >>>> Committing 'add users to groups' transaction to disk >>>> >>>> >>> >>> What ldap error? >> >> Too fast last evening... See above about idmap, not ldap. ARGH! > > That is a fairly common error, now I have never actually done a > classicupgrade, but I think what it means is that it cannot find any > idmap info, seeing as how mostly this setting wasn't used, this is not > surprising. >> >>> As far as I can see, you just upgraded to AD >> >> That is good to know. >> >> > > Try running some tests with ldapsearch or ldbsearch, see if your users > & groups are there etc.I have not worked with ldap. Can you provide/point me to examples of such commands? My users were all unix users that I have not created on my new server. In fact, I am wondering if I want to maintain that or do a different user method and put their homedir someplace other than /home/user. What do you advise? I will only have 2 - 8 users. But I would like to generalize this. Perhaps I can sell a arm7 based NAS :)