Hello! when using Samba [4.5.16-Debian] as standalone server in Windows environment to allow certain users to access shares, we are currently using the default tdbsam backend with a bunch of users. We now want to migrate the users from one standalone server to a replacement server.??To migrate the users I expected to able to export the users (incl. passwords) into a file on one server, copy the file over to the new server and import the users there.??Specifically I expected using: old: pdbedit -e tdbsam:/root/samba.user.tdbexp new: pdbedit -I tdbsam:/root/samba.user.tdbexp would do the trick.??A file is created during the export.??The import does not complain and has a return value indicating success.??But pdbedit -L (-v) does not list any of the imported users. I've been trying to locate documentation how to cleanly administrate a standalone server but haven't found much more than: https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Serve r Is there any further documentation? Thank you! David Ayers -- David Ayers - Team Austria Free Software Foundation Europe (FSFE) [] (http://www.fsfe.org) Become a supporter of the FSFE! [][][] (https://fsfe.org/join) Your donation powers our work! || (http://fsfe.org/donate) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: This is a digitally signed message part URL: <http://lists.samba.org/pipermail/samba/attachments/20190808/e9566d69/signature.sig>
On Thu, Aug 08, 2019 at 05:04:08PM +0200, David Ayers via samba wrote:> Hello! > > when using Samba [4.5.16-Debian] as standalone server in Windows > environment to allow certain users to access shares, we are currently > using the default tdbsam backend with a bunch of users. > > We now want to migrate the users from one standalone server to a > replacement server.??To migrate the users I expected to able to export > the users (incl. passwords) into a file on one server, copy the file > over to the new server and import the users there.??Specifically I > expected using: > > old: pdbedit -e tdbsam:/root/samba.user.tdbexp > new: pdbedit -I tdbsam:/root/samba.user.tdbexp > > would do the trick.??A file is created during the export.??The import > does not complain and has a return value indicating success.??But > pdbedit -L (-v) does not list any of the imported users.What does a tdbdump of the newly created file say ?
Am Donnerstag, den 08.08.2019, 10:13 -0700 schrieb Jeremy Allison:> On Thu, Aug 08, 2019 at 05:04:08PM +0200, David Ayers via samba > wrote: > > Hello! > > > > when using Samba [4.5.16-Debian] as standalone server in Windows > > environment to allow certain users to access shares, we are > > currently > > using the default tdbsam backend with a bunch of users. > > > > We now want to migrate the users from one standalone server to a > > replacement server.??To migrate the users I expected to able to > > export > > the users (incl. passwords) into a file on one server, copy the > > file > > over to the new server and import the users there.??Specifically I > > expected using: > > > > old: pdbedit -e tdbsam:/root/samba.user.tdbexp > > new: pdbedit -I tdbsam:/root/samba.user.tdbexp > > > > would do the trick.??A file is created during the export.??The > > import > > does not complain and has a return value indicating success.??But > > pdbedit -L (-v) does not list any of the imported users. > > What does a tdbdump of the newly created file say ?Interesting... it seems to be pretty empty: { key(19) = "INFO/minor_version\00" data(4) = "\00\00\00\00" } { key(9) = "NEXT_RID\00" data(4) = "\E8\03\00\00" } { key(13) = "INFO/version\00" data(4) = "\04\00\00\00" } -- David Ayers - Team Austria Free Software Foundation Europe (FSFE) [] (http://www.fsfe.org) Become a supporter of the FSFE! [][][] (https://fsfe.org/join) Your donation powers our work! || (http://fsfe.org/donate) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: This is a digitally signed message part URL: <http://lists.samba.org/pipermail/samba/attachments/20190808/9b7b4a16/signature.sig>
On Thu, 2019-08-08 at 17:04 +0200, David Ayers via samba wrote:> Hello! > > when using Samba [4.5.16-Debian] as standalone server in Windows > environment to allow certain users to access shares, we are currently > using the default tdbsam backend with a bunch of users. > > We now want to migrate the users from one standalone server to a > replacement server. To migrate the users I expected to able to export > the users (incl. passwords) into a file on one server, copy the file > over to the new server and import the users there. Specifically I > expected using: > > old: pdbedit -e tdbsam:/root/samba.user.tdbexp > new: pdbedit -I tdbsam:/root/samba.user.tdbexp > > would do the trick. A file is created during the export. The import > does not complain and has a return value indicating success. But > pdbedit -L (-v) does not list any of the imported users.Just copy (use tdbbackup for safety if you can't stop Samba) all the tdb files and put them in the same spot on the new server. That is the easiest way to do this. My guess is that the domain sid has been re-randomised on the new server. Dump that with 'net' (I forget the subcommand) and force it in again (it is stored in a host-name specific key in secrets.tdb). Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Am Freitag, den 09.08.2019, 07:08 +1200 schrieb Andrew Bartlett:> On Thu, 2019-08-08 at 17:04 +0200, David Ayers via samba wrote: > > Hello! > > > > when using Samba [4.5.16-Debian] as standalone server in Windows > > environment to allow certain users to access shares, we are > > currently > > using the default tdbsam backend with a bunch of users. > > > > We now want to migrate the users from one standalone server to a > > replacement server.??To migrate the users I expected to able to > > export > > the users (incl. passwords) into a file on one server, copy the > > file > > over to the new server and import the users there.??Specifically I > > expected using: > > > > old: pdbedit -e tdbsam:/root/samba.user.tdbexp > > new: pdbedit -I tdbsam:/root/samba.user.tdbexp > > > > would do the trick.??A file is created during the export.??The > > import > > does not complain and has a return value indicating success.??But > > pdbedit -L (-v) does not list any of the imported users. > > Just copy (use tdbbackup for safety if you can't stop Samba) all the > tdb files and put them in the same spot on the new server.??That is > the > easiest way to do this. > > My guess is that the domain sid has been re-randomised on the new > server.??Dump that with 'net' (I forget the subcommand) and force it > in again (it is stored in a host-name specific key in secrets.tdb).I am not very familiar with the concept of a "domain" in the case of a standalone server. The new server is indeed simply a new installation with the smb.conf edited to match the old one. My goal is to transfer the users including the passwords (which I have no knowledge of) from the old server to the new server. From your comment I deduce that this may not possible without actually copying all tdb files directly. Is that truly the case? Cheers, David -- David Ayers - Team Austria Free Software Foundation Europe (FSFE) [] (http://www.fsfe.org) Become a supporter of the FSFE! [][][] (https://fsfe.org/join) Your donation powers our work! || (http://fsfe.org/donate) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: This is a digitally signed message part URL: <http://lists.samba.org/pipermail/samba/attachments/20190808/beb4186e/signature.sig>