Juan Ignacio
2022-Nov-26 05:59 UTC
[Samba] Migrate and Update (Samba 4.1 ADDC to Samba Latest Version on different Server).
I do not think you are getting this, you need both sets of the idmap config lines, you have two domains, the default domain '*' and the 'OURDOMAIN' domain, so you should have these lines: Ok thx, i corrected the lines and now getent passwd is getting the correct uid and gid. Anyway I got an error when joining the domain using the command. samba-tool domain join OURDOMAIN.ORG MEMBER -U administrator libnet_join_precreate_machine_acct: Machine account successfully created ldb: Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory ldb: Failed to connect to '/var/lib/samba/private/secrets.ldb' with backend 'tdb': Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory You will not, part of which is that 'ourserver' != 'OURDOMAIN'>Sorry was a typing error, the data is correct on the config. I usually change the real domain name for "OURDOMAIN" i don't want to share private information because the samba list is public, I changed it before and I got confused but it is ok. Don't pay attention to it. Probably if you keep trying, DC2 will reply, Winbind will use the DC it> thinks is best, this is influenced by the first nameserver in > /etc/resolv.conf >I shutdown the old server and now shows the DC2, so I'm happy the replication seems to work excellent. Now about the files I'm thinking of using xCopy on windows to preserve permissions, owners and groups of the files and start to migrate the data to this unix member on windows. Don't know if you know another better way, but in old times that was what I did to preserve all directories and files and rewrite uid and gid on the unix member. Thx to all for that help and patience. El vie, 25 nov 2022 a las 18:26, Rowland Penny via samba (< samba at lists.samba.org>) escribi?:> > > On 25/11/2022 20:45, Juan Ignacio wrote: > > Rowland I did that setup for a new unix member server and test. > > > > [global] > > log file = /var/log/samba/%m.log > > log level = 1 > > realm = OURDOMAIN.ORG <http://OURSERVER.ORG> > > security = ADS > > server role = member server > > username map = /etc/samba/user.map > > workgroup = OURDOMAIN > > idmap config ourserver: range = 10000-9999999 > > idmap config ourserver: backend = rid > > I do not think you are getting this, you need both sets of the idmap > config lines, you have two domains, the default domain '*' and the > 'OURDOMAIN' domain, so you should have these lines: > > idmap config * : backend = tdb > idmap config * : range = 3000-7999 > idmap config OURDOMAIN : backend = rid > idmap config OURDOMAIN : range = 10000-9999999 > > > > > > > After install everything needed and start services and join i cannot get > > nothing from getent passwd OURDOMAIN\\user > > You will not, part of which is that 'ourserver' != 'OURDOMAIN' > > > > > I got users if i use wbinfo -u > > That is a bit meaningless, wbinfo reads directly from AD, Unix is not > involved. > > > > > Another thing is when i check with the command wbinfo --ping-dc > > > > I got > > > > checking the NETLOGON for domain[OURDOMAIN] dc connection to " > DC1.OURDOMAIN.ORG <http://DC1.OURDOMAIN.ORG>" succeeded > > > > DC1 is the old ad-dc who has Samba 4.1.. > > > > I want the new one DC2 why is not connected to this DC > > Probably if you keep trying, DC2 will reply, Winbind will use the DC it > thinks is best, this is influenced by the first nameserver in > /etc/resolv.conf > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Rowland Penny
2022-Nov-26 08:45 UTC
[Samba] Migrate and Update (Samba 4.1 ADDC to Samba Latest Version on different Server).
On 26/11/2022 05:59, Juan Ignacio wrote:> > I do not think you are getting this, you need both sets of the idmap > config lines, you have two domains, the default domain '*' and the > 'OURDOMAIN' domain, so you should have these lines: > > Ok thx,? i corrected the lines and now getent passwd is getting the > correct uid and gid. > Anyway I got an error when joining the domain using the command. > > samba-tool domain joinOURDOMAIN.ORG <http://OURDOMAIN.ORG> MEMBER -U administrator > > > libnet_join_precreate_machine_acct: Machine account successfully createdSo far, the command has worked.> ldb: Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such > file or directory > ldb: Failed to connect to '/var/lib/samba/private/secrets.ldb' with > backend 'tdb': Unable to open tdb '/var/lib/samba/private/secrets.ldb': > No such file or directoryYou can very safely ignore that. At one time an empty secrets.ldb file was created when a Unix machine joined the domain, but this was stopped quite sometime ago, those lines are just artefacts of the secrets.ldb file no longer being created.> > You will not, part of which is that 'ourserver' != 'OURDOMAIN' > > > Sorry was a typing error, the data is correct on the config. I usually > change the real domain namefor? "OURDOMAIN" i don't want to share > private information because the samba list is public, I changed it > before and I got confused but it is ok. > Don't pay attention to it.I thought might be the problem, but I also thought I should mention it, just in case it wasn't.> > Probably if you keep trying, DC2 will reply, Winbind will use the DC it > thinks is best, this is influenced by the first nameserver in > /etc/resolv.conf > > > I shutdown the old server and now shows the DC2, so I'm happy the > replication seems to work excellent. > > Now about the files I'm thinking of using xCopy on windows to preserve > permissions, owners and groups of the files and start to migrate the > data to this unix member on windows. > Don't know if you know another better way, but in old times that was > what I did to preserve all directories and files and rewrite uid and gid > on the unix member.It doesn't matter what you use, just as long as it uses names and not numbers. Rowland