I am running samba as a fileserver, having some users (LDAP backend) and lots of files. No machines ever joined this setup. Now I want to join some clients, but want to upgrade to AD before I do that. Configuration is quite old, but had no issues so far. I've been following https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade) Since the LDAP backend runs on the old server and blocks ports 389/636, I want to follow "Upgrading on a new server" and I want to follow "Domain Controller name" because the new server has a different name, which should be "DC1". The new server ist running Ubuntu 18.10, which provides samba 4.8.4. Provisioning a new domain works flawless, no issues there. But I really want to perform an upgrade, migrating users and groups. In smb.conf, "netbios name = DC1" and "workgroup = WORKGROUP", hostname returns "dc1", hostname -f returns "dc1.samdom.domain.de". I prepared a local slapd and copied the samba-databases. I start the process like this: samba-tool domain classicupgrade --dbdir=/root/samba/ --realm=samdom.domain.de --dns-backend=SAMBA_INTERNAL -d 2 /root/smb.conf Output: ... smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DC1))] ... sid S-1-5-21-... does not belong to our domain ... Cannot open wins database, Ignoring: [Errno 2] No such file or directory: '/root/samba/wins.dat' ... Adding DomainDN: DC=DC1 DN: DC=DC1 is a NC ... Admin password: xxxxxxxxxxxxxxxxxxxxx Server Role: standalone server Hostname: dc1 NetBIOS Domain: DC1 DNS Domain: dc1 DOMAIN SID: S-1-5-21-2467318493-10260708-2946515883 ... Cannot open idmap database, Ignoring: [Errno 2] No such file or directory ... Content of /etc/samba/smb.conf (complete!): [global] log level = 2 netbios name = DC1 passdb backend = samba_dsdb realm = SAMDOM.DOMAIN.DE server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate workgroup = WORKGROUP idmap_ldb:use rfc2307 = yes Obviously, smb.conf is no complete. My questions: Documentation says, to change "netbios name" before upgrade if you want to change the domain controller name. But it is used in the ldap query for sambaDomainName, so currently I have to change it to WORKGROUP in order to import the LDAP data. How do I fix that? "DNS Domain" should be the realm I specified at the commandline? Why is it ignored and why is sambaDomainName used instead? Is it normal to get a smb.conf file that does not work? Is it indended as a starting point of should it convert my previous configuration? At least "server role" is missing and "server services" contains "dnsupdate" which it should not with SAMBA_INTERNAL. Do I have to worry about wins.dat missing? I don't have such a file. Best regards Patrick
On Sun, 31 Mar 2019 13:37:44 +0200 Patrick von der Hagen via samba <samba at lists.samba.org> wrote:> I am running samba as a fileserver, having some users (LDAP backend) > and lots of files. No machines ever joined this setup. Now I want to > join some clients, but want to upgrade to AD before I do that. > Configuration is quite old, but had no issues so far. I've been > following > https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade) > > Since the LDAP backend runs on the old server and blocks ports > 389/636, I want to follow "Upgrading on a new server" and I want to > follow "Domain Controller name" because the new server has a > different name, which should be "DC1". > > The new server ist running Ubuntu 18.10, which provides samba 4.8.4. > Provisioning a new domain works flawless, no issues there. But I > really want to perform an upgrade, migrating users and groups. > > In smb.conf, "netbios name = DC1" and "workgroup = WORKGROUP", > hostname returns "dc1", hostname -f returns "dc1.samdom.domain.de". > > I prepared a local slapd and copied the samba-databases. > > I start the process like this: > > samba-tool domain classicupgrade --dbdir=/root/samba/ > --realm=samdom.domain.de --dns-backend=SAMBA_INTERNAL -d > 2 /root/smb.conf > > Output: > ... > smbldap_search_domain_info: Searching > for:[(&(objectClass=sambaDomain)(sambaDomainName=DC1))] > ... > sid S-1-5-21-... does not belong to our domain > ... > Cannot open wins database, Ignoring: [Errno 2] No such file or > directory: '/root/samba/wins.dat' > ... > Adding DomainDN: DC=DC1 > DN: DC=DC1 is a NC > ... > Admin password: xxxxxxxxxxxxxxxxxxxxx > Server Role: standalone server > Hostname: dc1 > NetBIOS Domain: DC1 > DNS Domain: dc1 > DOMAIN SID: S-1-5-21-2467318493-10260708-2946515883 > ... > Cannot open idmap database, Ignoring: [Errno 2] No such file or > directory ... > > Content of /etc/samba/smb.conf (complete!): > [global] > log level = 2 > netbios name = DC1 > passdb backend = samba_dsdb > realm = SAMDOM.DOMAIN.DE > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, > drepl, winbindd, ntp_signd, kcc, dnsupdate > workgroup = WORKGROUP > idmap_ldb:use rfc2307 = yes > > Obviously, smb.conf is no complete. > > My questions: > > Documentation says, to change "netbios name" before upgrade if you > want to change the domain controller name. But it is used in the ldap > query for sambaDomainName, so currently I have to change it to > WORKGROUP in order to import the LDAP data. How do I fix that? > > "DNS Domain" should be the realm I specified at the commandline? Why > is it ignored and why is sambaDomainName used instead? > > Is it normal to get a smb.conf file that does not work? Is it > indended as a starting point of should it convert my previous > configuration? At least "server role" is missing and "server > services" contains "dnsupdate" which it should not with > SAMBA_INTERNAL. > > Do I have to worry about wins.dat missing? I don't have such a file. > > Best regards > Patrick > >Lets start with the obvious questions: What is the original OS ? What OS are you moving to ? What version of Samba is on the original OS ? and finally and most importantly, What is in the original smb.conf ? Rowland
Am 31.03.19 um 14:08 schrieb Rowland Penny via samba:> On Sun, 31 Mar 2019 13:37:44 +0200 > Patrick von der Hagen via samba <samba at lists.samba.org> wrote: > >> I am running samba as a fileserver, having some users (LDAP backend) >> and lots of files. No machines ever joined this setup. Now I want to >> join some clients, but want to upgrade to AD before I do that. >> Configuration is quite old, but had no issues so far. I've been >> following >> https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade) >> >> Since the LDAP backend runs on the old server and blocks ports >> 389/636, I want to follow "Upgrading on a new server" and I want to >> follow "Domain Controller name" because the new server has a >> different name, which should be "DC1". >> >> The new server ist running Ubuntu 18.10, which provides samba 4.8.4. >> Provisioning a new domain works flawless, no issues there. But I >> really want to perform an upgrade, migrating users and groups. >> >> In smb.conf, "netbios name = DC1" and "workgroup = WORKGROUP", >> hostname returns "dc1", hostname -f returns "dc1.samdom.domain.de". >> >> I prepared a local slapd and copied the samba-databases. >> >> I start the process like this: >> >> samba-tool domain classicupgrade --dbdir=/root/samba/ >> --realm=samdom.domain.de --dns-backend=SAMBA_INTERNAL -d >> 2 /root/smb.conf >> >> Output: >> ... >> smbldap_search_domain_info: Searching >> for:[(&(objectClass=sambaDomain)(sambaDomainName=DC1))] >> ... >> sid S-1-5-21-... does not belong to our domain >> ... >> Cannot open wins database, Ignoring: [Errno 2] No such file or >> directory: '/root/samba/wins.dat' >> ... >> Adding DomainDN: DC=DC1 >> DN: DC=DC1 is a NC >> ... >> Admin password: xxxxxxxxxxxxxxxxxxxxx >> Server Role: standalone server >> Hostname: dc1 >> NetBIOS Domain: DC1 >> DNS Domain: dc1 >> DOMAIN SID: S-1-5-21-2467318493-10260708-2946515883 >> ... >> Cannot open idmap database, Ignoring: [Errno 2] No such file or >> directory ... >> >> Content of /etc/samba/smb.conf (complete!): >> [global] >> log level = 2 >> netbios name = DC1 >> passdb backend = samba_dsdb >> realm = SAMDOM.DOMAIN.DE >> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, >> drepl, winbindd, ntp_signd, kcc, dnsupdate >> workgroup = WORKGROUP >> idmap_ldb:use rfc2307 = yes >> >> Obviously, smb.conf is no complete. >> >> My questions: >> >> Documentation says, to change "netbios name" before upgrade if you >> want to change the domain controller name. But it is used in the ldap >> query for sambaDomainName, so currently I have to change it to >> WORKGROUP in order to import the LDAP data. How do I fix that? >> >> "DNS Domain" should be the realm I specified at the commandline? Why >> is it ignored and why is sambaDomainName used instead? >> >> Is it normal to get a smb.conf file that does not work? Is it >> indended as a starting point of should it convert my previous >> configuration? At least "server role" is missing and "server >> services" contains "dnsupdate" which it should not with >> SAMBA_INTERNAL. >> >> Do I have to worry about wins.dat missing? I don't have such a file. >> >> Best regards >> Patrick >> >> > Lets start with the obvious questions: > > What is the original OS ? > What OS are you moving to ? > What version of Samba is on the original OS ? > and finally and most importantly, What is in the original smb.conf ?the old server runs Ubuntu 18.04 (LTS) and samba 4.7.6-Ubuntu. I'd stick with LTS, but it has the same issues, so I upgraded the new server to Ubuntu 18.10 and samba 4.8.4 Configuration: [global] security = user workgroup = WORKGROUP netbios name = DC1 server string = %h server (Samba, Ubuntu) dns proxy = no log file = /var/log/samba/log.%m max log size = 1000 panic action = /usr/share/samba/panic-action %d server role = standalone server passdb backend = ldapsam:ldap://localhost ldap suffix = dc=domain,dc=de ldap user suffix = ou=People ldap group suffix = ou=Group ldap machine suffix = ou=machines ldap idmap suffix = ou=Idmap ldap admin dn = cn=admin,dc=domain,dc=de ldap ssl = off ldap passwd sync = yes obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes map to guest = bad user and some shares, which should not matter. Best regards Patrick