Rowland penny
2019-Dec-05 19:27 UTC
[Samba] security = ads, backend = ad parameter not working in samba 4.10.10
On 05/12/2019 19:08, S?rgio Basto wrote:> I did a new AD with a new name.You get more than a new name> Samba 4.0.0 don't have demoteYes, but you could have upgraded to a version that did.> , I move from a Sernet software to a free > and open software in Centos 7 (I use RedHat flavor since 2001) .How did you manage to provision an AD DC using red-hat packages ?> I just migrate the users and his password nothing more ... I had to > remove a lot of fields, OU(s) etc for example: [1] .Just which user attributes did you migrate ? The users objectSid would have contained the SID of the old Domain, for instance.> > And is working very well, I'm very happy, yesterday I upgrade all DC(s) > to samba 4.10.10 and it was very smooth .This sure surprises me, people have upgrading correctly and have had problems.> > And well, I want add a new uidNumber and gidNumber to every user and > group in AD , how I can do that ? to use backend = ad , I want use > backend = ad . >You can write a script to do this using ldbmodify, or there is 'Adam' produced by one of regular poster, see here: https://gitlab.com/JonathonReinhart/adam Unfortunately, there appears to be a problem with his git at the moment :-( Or you can wait until 4.12.0 is released, samba-tool will then be able to do it for you. Rowland
Sérgio Basto
2019-Dec-05 19:48 UTC
[Samba] security = ads, backend = ad parameter not working in samba 4.10.10
On Thu, 2019-12-05 at 19:27 +0000, Rowland penny via samba wrote:> On 05/12/2019 19:08, S?rgio Basto wrote: > > I did a new AD with a new name. > You get more than a new name > > Samba 4.0.0 don't have demote > Yes, but you could have upgraded to a version that did. > > , I move from a Sernet software to a free > > and open software in Centos 7 (I use RedHat flavor since 2001) . > How did you manage to provision an AD DC using red-hat packages ?I made the packages [1] (BTW I'm a fedora packager maintainer ). [1] https://github.com/sergiomb2/sambaad> > I just migrate the users and his password nothing more ... I had > > to > > remove a lot of fields, OU(s) etc for example: [1] . > > Just which user attributes did you migrate ? > > The users objectSid would have contained the SID of the old Domain, > for > instance.Not objectSid, here is the complete list of attributes [2] extracted from the final file that was imported . [2] accountExpires: badPasswordTime: badPwdCount: cn: description: displayName: distinguishedName: dn: givenName: initials: lastLogoff: lastLogon: lastLogonTimestamp: logonCount: logonHours: msDS-SupportedEncryptionTypes: mSMQDigests: mSMQSignCertificates: name: objectCategory: objectClass: sAMAccountName: servicePrincipalName: sn: streetAddress: unicodePwd: userAccountControl: userParameters: userPrincipalName:> > And is working very well, I'm very happy, yesterday I upgrade all > > DC(s) > > to samba 4.10.10 and it was very smooth . > This sure surprises me, people have upgrading correctly and have had > problems.No one complained, until now :)> > And well, I want add a new uidNumber and gidNumber to every user > > and > > group in AD , how I can do that ? to use backend = ad , I want use > > backend = ad . > > > You can write a script to do this using ldbmodify, or there is > 'Adam' > produced by one of regular poster, see here: > > https://gitlab.com/JonathonReinhart/adam > > Unfortunately, there appears to be a problem with his git at the > moment :-( > > Or you can wait until 4.12.0 is released, samba-tool will then be > able > to do it for you.Great many many Thanks,> Rowland > > >-- S?rgio M. B.
Rowland penny
2019-Dec-05 19:56 UTC
[Samba] security = ads, backend = ad parameter not working in samba 4.10.10
On 05/12/2019 19:48, S?rgio Basto wrote:> I made the packages [1] (BTW I'm a fedora packager maintainer ). > > [1] https://github.com/sergiomb2/sambaadYou have used heimdal and not MIT, haven't you ?> >>> I just migrate the users and his password nothing more ... I had >>> to >>> remove a lot of fields, OU(s) etc for example: [1] . >> Just which user attributes did you migrate ? >> >> The users objectSid would have contained the SID of the old Domain, >> for >> instance. > Not objectSid, here is the complete list of attributes [2] extracted > from the final file that was imported . > > [2] > accountExpires: > badPasswordTime: > badPwdCount: > cn: > description: > displayName: > distinguishedName: > dn: > givenName: > initials: > lastLogoff: > lastLogon: > lastLogonTimestamp: > logonCount: > logonHours: > msDS-SupportedEncryptionTypes: > mSMQDigests: > mSMQSignCertificates: > name: > objectCategory: > objectClass: > sAMAccountName: > servicePrincipalName: > sn: > streetAddress: > unicodePwd: > userAccountControl: > userParameters: > userPrincipalName: > >>> And is working very well, I'm very happy, yesterday I upgrade all >>> DC(s) >>> to samba 4.10.10 and it was very smooth . >> This sure surprises me, people have upgrading correctly and have had >> problems. > No one complained, until now :)OK, you might have got away with it this time, but please don't try it again ;-) Rowland
Seemingly Similar Threads
- security = ads, backend = ad parameter not working in samba 4.10.10
- security = ads, backend = ad parameter not working in samba 4.10.10
- How to compile gnutls to samba-4.12.3
- How to compile gnutls to samba-4.12.3
- security = ads parameter not working in samba 4.9.5