Hi Rowland, I did that initially and that came with Failed to connect to ldap URL 'ldap://lin-pdc.lin - LDAP client internal error: NT_STATUS_BAD_NETWORK_NAME Hence I removed the whole ldap:// bit After your email I tried again but using ldap://localhost and it seems to have worked. Not sure what the issue is with the fqdn. I could run ldap queries when using fqdn. Regards, Praveen Ghimire -----Original Message----- From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny via samba Sent: Saturday, 24 March 2018 10:36 PM To: samba at lists.samba.org Subject: Re: [Samba] Samba NT4 to AD- LDAP On Sat, 24 Mar 2018 11:59:38 +0000 Praveen Ghimire via samba <samba at lists.samba.org> wrote:> Hi All, > > Following the link, tried to migrate NT4 to AD using LDAP but came > across some issues. > https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba > _AD_(Classic_Upgrade) > > I have done this step multiple times using TDB as the backend and it > has always worked. > > The issue I am seeing is when I run the following, we get> ERROR(<type 'exceptions.IndexError'>): uncaught exception - list index > out of range FileOK, the above tells you what the error is> File "/usr/lib/python2.7/dist-packages/samba/upgrade.py", line 664, in > upgrade_from_samba3 urls = samba3.lp.get("passdb > backend").split(":",1)[1].strip('"')The above shows you where it is coming from> passdb backend = ldapsamBecause of the above ;-) If you look closely at what fails: samba3.lp.get("passdb backend").split(":",1)[1].strip('"') It takes the 'passdb backend' line and tries to split it at the ':' character and then removes any ' " ' Now you know what is wrong, how to fix it ? In the short term, try changing the 'passdb backend' line in smb.conf to this: passdb backend = ldapsam:"ldap://lin-pdc.lin/" Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba ______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________
Hi Rowland, I have another samba box on the same classic domain. That box is just a member server and used for file sharing. Once we migrate the PDC to AD, what do we need to do the member server? Do we need to change smb.conf and add the realm name? Regards, Praveen Ghimire -----Original Message----- From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Praveen Ghimire via samba Sent: Saturday, 24 March 2018 10:50 PM To: 'Rowland Penny' Cc: samba at lists.samba.org Subject: Re: [Samba] Samba NT4 to AD- LDAP Hi Rowland, I did that initially and that came with Failed to connect to ldap URL 'ldap://lin-pdc.lin - LDAP client internal error: NT_STATUS_BAD_NETWORK_NAME Hence I removed the whole ldap:// bit After your email I tried again but using ldap://localhost and it seems to have worked. Not sure what the issue is with the fqdn. I could run ldap queries when using fqdn. Regards, Praveen Ghimire -----Original Message----- From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny via samba Sent: Saturday, 24 March 2018 10:36 PM To: samba at lists.samba.org Subject: Re: [Samba] Samba NT4 to AD- LDAP On Sat, 24 Mar 2018 11:59:38 +0000 Praveen Ghimire via samba <samba at lists.samba.org> wrote:> Hi All, > > Following the link, tried to migrate NT4 to AD using LDAP but came > across some issues. > https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba > _AD_(Classic_Upgrade) > > I have done this step multiple times using TDB as the backend and it > has always worked. > > The issue I am seeing is when I run the following, we get> ERROR(<type 'exceptions.IndexError'>): uncaught exception - list index > out of range FileOK, the above tells you what the error is> File "/usr/lib/python2.7/dist-packages/samba/upgrade.py", line 664, in > upgrade_from_samba3 urls = samba3.lp.get("passdb > backend").split(":",1)[1].strip('"')The above shows you where it is coming from> passdb backend = ldapsamBecause of the above ;-) If you look closely at what fails: samba3.lp.get("passdb backend").split(":",1)[1].strip('"') It takes the 'passdb backend' line and tries to split it at the ':' character and then removes any ' " ' Now you know what is wrong, how to fix it ? In the short term, try changing the 'passdb backend' line in smb.conf to this: passdb backend = ldapsam:"ldap://lin-pdc.lin/" Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba ______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba ______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________
On Sat, 24 Mar 2018 13:27:44 +0000 Praveen Ghimire <PGhimire at sundata.com.au> wrote:> Hi Rowland, > > I have another samba box on the same classic domain. That box is just > a member server and used for file sharing. Once we migrate the PDC to > AD, what do we need to do the member server? Do we need to change > smb.conf and add the realm name? > >Basically yes, for more info see here: https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member Rowland
On Sat, 2018-03-24 at 12:50 +0000, Praveen Ghimire via samba wrote:> Hi Rowland, > > I did that initially and that came with > Failed to connect to ldap URL 'ldap://lin-pdc.lin - LDAP client internal error: NT_STATUS_BAD_NETWORK_NAME > Hence I removed the whole ldap:// bit > > After your email I tried again but using ldap://localhost and it seems to have worked. Not sure what the issue is with the fqdn. I could run ldap queries when using fqdn. >This patch should fix it. Praveen can you test it? Rowland, after Praveen has tested it, perhaps you would like to review it? We don't have the infrastructure for a test against the LDAP backend (a long-standing problem) so sadly there is no automatic test. Thanks, Andrew Bartlett> Regards, > > Praveen Ghimire > > > > -----Original Message----- > From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny via samba > Sent: Saturday, 24 March 2018 10:36 PM > To: samba at lists.samba.org > Subject: Re: [Samba] Samba NT4 to AD- LDAP > > On Sat, 24 Mar 2018 11:59:38 +0000 > Praveen Ghimire via samba <samba at lists.samba.org> wrote: > > > Hi All, > > > > Following the link, tried to migrate NT4 to AD using LDAP but came > > across some issues. > > https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba > > _AD_(Classic_Upgrade) > > > > I have done this step multiple times using TDB as the backend and it > > has always worked. > > > > The issue I am seeing is when I run the following, we get > > ERROR(<type 'exceptions.IndexError'>): uncaught exception - list index > > out of range File > > OK, the above tells you what the error is > > > File "/usr/lib/python2.7/dist-packages/samba/upgrade.py", line 664, in > > upgrade_from_samba3 urls = samba3.lp.get("passdb > > backend").split(":",1)[1].strip('"') > > The above shows you where it is coming from > > > passdb backend = ldapsam > > Because of the above ;-) > > If you look closely at what fails: > > samba3.lp.get("passdb backend").split(":",1)[1].strip('"') > > It takes the 'passdb backend' line and tries to split it at the ':' > character and then removes any ' " ' > > Now you know what is wrong, how to fix it ? > > In the short term, try changing the 'passdb backend' line in smb.conf to > this: > > passdb backend = ldapsam:"ldap://lin-pdc.lin/" > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > > ______________________________________________________________________ > This email has been scanned by the Symantec Email Security.cloud service. > For more information please visit http://www.symanteccloud.com ______________________________________________________________________-- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba -------------- next part --------------
On Sun, 25 Mar 2018 08:01:57 +1300 Andrew Bartlett <abartlet at samba.org> wrote:> On Sat, 2018-03-24 at 12:50 +0000, Praveen Ghimire via samba wrote: > > Hi Rowland, > > > > I did that initially and that came with > > Failed to connect to ldap URL 'ldap://lin-pdc.lin - LDAP client > > internal error: NT_STATUS_BAD_NETWORK_NAME Hence I removed the > > whole ldap:// bit > > > > After your email I tried again but using ldap://localhost and it > > seems to have worked. Not sure what the issue is with the fqdn. I > > could run ldap queries when using fqdn. > > > > This patch should fix it. > > Praveen can you test it? > > Rowland, after Praveen has tested it, perhaps you would like to review > it? We don't have the infrastructure for a test against the LDAP > backend (a long-standing problem) so sadly there is no automatic > test. > > Thanks, > > Andrew Bartlett >Hi Andrew,, but what if the ldap server isn't on localhost ? Praveen's smb.conf had this: idmap config *: ldap_url = ldap://lin-pdc.lin/ This is valid, so it looks like the 'idmap config' lines need to be parsed as well. Check if 'ldapsam' contains the URL, if not parse the 'idmap config' lines for the URL and then, if still not found, fall back to 'localhost' Rowland