Am Freitag, den 09.08.2019, 07:08 +1200 schrieb Andrew Bartlett:> On Thu, 2019-08-08 at 17:04 +0200, David Ayers via samba wrote: > > Hello! > > > > when using Samba [4.5.16-Debian] as standalone server in Windows > > environment to allow certain users to access shares, we are > > currently > > using the default tdbsam backend with a bunch of users. > > > > We now want to migrate the users from one standalone server to a > > replacement server.??To migrate the users I expected to able to > > export > > the users (incl. passwords) into a file on one server, copy the > > file > > over to the new server and import the users there.??Specifically I > > expected using: > > > > old: pdbedit -e tdbsam:/root/samba.user.tdbexp > > new: pdbedit -I tdbsam:/root/samba.user.tdbexp > > > > would do the trick.??A file is created during the export.??The > > import > > does not complain and has a return value indicating success.??But > > pdbedit -L (-v) does not list any of the imported users. > > Just copy (use tdbbackup for safety if you can't stop Samba) all the > tdb files and put them in the same spot on the new server.??That is > the > easiest way to do this. > > My guess is that the domain sid has been re-randomised on the new > server.??Dump that with 'net' (I forget the subcommand) and force it > in again (it is stored in a host-name specific key in secrets.tdb).I am not very familiar with the concept of a "domain" in the case of a standalone server. The new server is indeed simply a new installation with the smb.conf edited to match the old one. My goal is to transfer the users including the passwords (which I have no knowledge of) from the old server to the new server. From your comment I deduce that this may not possible without actually copying all tdb files directly. Is that truly the case? Cheers, David -- David Ayers - Team Austria Free Software Foundation Europe (FSFE) [] (http://www.fsfe.org) Become a supporter of the FSFE! [][][] (https://fsfe.org/join) Your donation powers our work! || (http://fsfe.org/donate) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: This is a digitally signed message part URL: <http://lists.samba.org/pipermail/samba/attachments/20190808/beb4186e/signature.sig>
On 08/08/2019 20:42, David Ayers via samba wrote:> Am Freitag, den 09.08.2019, 07:08 +1200 schrieb Andrew Bartlett: >> On Thu, 2019-08-08 at 17:04 +0200, David Ayers via samba wrote: >>> Hello! >>> >>> when using Samba [4.5.16-Debian] as standalone server in Windows >>> environment to allow certain users to access shares, we are >>> currently >>> using the default tdbsam backend with a bunch of users. >>> >>> We now want to migrate the users from one standalone server to a >>> replacement server.??To migrate the users I expected to able to >>> export >>> the users (incl. passwords) into a file on one server, copy the >>> file >>> over to the new server and import the users there.??Specifically I >>> expected using: >>> >>> old: pdbedit -e tdbsam:/root/samba.user.tdbexp >>> new: pdbedit -I tdbsam:/root/samba.user.tdbexp >>> >>> would do the trick.??A file is created during the export.??The >>> import >>> does not complain and has a return value indicating success.??But >>> pdbedit -L (-v) does not list any of the imported users. >> Just copy (use tdbbackup for safety if you can't stop Samba) all the >> tdb files and put them in the same spot on the new server.??That is >> the >> easiest way to do this. >> >> My guess is that the domain sid has been re-randomised on the new >> server.??Dump that with 'net' (I forget the subcommand) and force it >> in again (it is stored in a host-name specific key in secrets.tdb). > I am not very familiar with the concept of a "domain" in the case of a > standalone server.What I was asking was, what are you connecting from? ? If they are members of an Active Directory domain, you would probably be better of changing your standalone server into a Unix domain member, that way you can set permissions from Windows.> > The new server is indeed simply a new installation with the smb.conf > edited to match the old one. My goal is to transfer the users > including the passwords (which I have no knowledge of) from the old > server to the new server. > > From your comment I deduce that this may not possible without actually > copying all tdb files directly. Is that truly the case?You should be able export your database, but it isn't working for you, so it looks like Andrews idea is the best option. Rowland
Am Donnerstag, den 08.08.2019, 20:52 +0100 schrieb Rowland penny via samba:> On 08/08/2019 20:42, David Ayers via samba wrote: > > Am Freitag, den 09.08.2019, 07:08 +1200 schrieb Andrew Bartlett: > > > On Thu, 2019-08-08 at 17:04 +0200, David Ayers via samba wrote: > > > > Hello! > > > > > > > > when using Samba [4.5.16-Debian] as standalone server in > > > > Windows > > > > environment to allow certain users to access shares, we are > > > > currently > > > > using the default tdbsam backend with a bunch of users. > > > > > > > > We now want to migrate the users from one standalone server to > > > > a > > > > replacement server.??To migrate the users I expected to able to > > > > export > > > > the users (incl. passwords) into a file on one server, copy the > > > > file > > > > over to the new server and import the users > > > > there.??Specifically I > > > > expected using: > > > > > > > > old: pdbedit -e tdbsam:/root/samba.user.tdbexp > > > > new: pdbedit -I tdbsam:/root/samba.user.tdbexp > > > > > > > > would do the trick.??A file is created during the export.??The > > > > import > > > > does not complain and has a return value indicating > > > > success.??But > > > > pdbedit -L (-v) does not list any of the imported users. > > > > > > Just copy (use tdbbackup for safety if you can't stop Samba) all > > > the > > > tdb files and put them in the same spot on the new server.??That > > > is > > > the > > > easiest way to do this. > > > > > > My guess is that the domain sid has been re-randomised on the new > > > server.??Dump that with 'net' (I forget the subcommand) and force > > > it > > > in again (it is stored in a host-name specific key in > > > secrets.tdb). > > > > I am not very familiar with the concept of a "domain" in the case > > of a > > standalone server. > > What I was asking was, what are you connecting from? ?I was logged into the Debian server and executed the command as root (via sudo).> If they are members of an Active Directory domain, you would probably > be? > better of changing your standalone server into a Unix domain member,? > that way you can set permissions from Windows.There was no AD involved when the user was created. Some of clients that will be connected may be and others won't be part of an AD [mostly standalone quasi embedded manufacturing CNC-type controller systems, which probably won't be added to AD in the near future picking up definition files] but they are all currently not using AD to authenticate to the standalone server. In fact I'm currently unsure whether there is an AD at all but I'll suggest it the administrators there whether they would consider it. But currently we just want to transfer the same setup.> > The new server is indeed simply a new installation with the > > smb.conf > > edited to match the old one.??My goal is to transfer the users > > including the passwords (which I have no knowledge of) from the old > > server to the new server. > > > > ?From your comment I deduce that this may not possible without > > actually > > copying all tdb files directly.??Is that truly the case? > > You should be able export your database, but it isn't working for > you,? > so it looks like Andrews idea is the best option.Thank you for verifying that it should work as I had imagined. I guess I'll first try copying the tdb files tomorrow when I have a maintenance window. If that works, I guess I'll be fine until/if the setup an AD. Thank you very much! David -- David Ayers - Team Austria Free Software Foundation Europe (FSFE) [] (http://www.fsfe.org) Become a supporter of the FSFE! [][][] (https://fsfe.org/join) Your donation powers our work! || (http://fsfe.org/donate) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: This is a digitally signed message part URL: <http://lists.samba.org/pipermail/samba/attachments/20190808/450ef1ea/signature.sig>