samba - Nov 2022 - Migrate and Update (Samba 4.1 ADDC to Samba Latest Version on different Server).

I am having some problems accessing the shares of the new member server.
I can access the shares with my domain account but cannot access them with
the administrator account.




El lun, 28 nov 2022 a las 12:14, Juan Ignacio (<juan.ignacio.pazos at
gmail.com>)
escribi?:
> Excelent Rowland,  thank you very match for your support.
> Right now
>
> El s?b, 26 nov 2022 5:47, Rowland Penny via samba <samba at
lists.samba.org>
> escribi?:
>
>>
>>
>> On 26/11/2022 05:59, Juan Ignacio wrote:
>> >
>> >     I do not think you are getting this, you need both sets of the
idmap
>> >     config lines, you have two domains, the default domain
'*' and the
>> >     'OURDOMAIN' domain, so you should have these lines:
>> >
>> > Ok thx,  i corrected the lines and now getent passwd is getting
the
>> > correct uid and gid.
>> > Anyway I got an error when joining the domain using the command.
>> >
>> > samba-tool domain joinOURDOMAIN.ORG  <http://OURDOMAIN.ORG> 
MEMBER -U
>> administrator
>> >
>> >
>> > libnet_join_precreate_machine_acct: Machine account successfully
created
>>
>> So far, the command has worked.
>>
>> > ldb: Unable to open tdb
'/var/lib/samba/private/secrets.ldb': No such
>> > file or directory
>> > ldb: Failed to connect to
'/var/lib/samba/private/secrets.ldb' with
>> > backend 'tdb': Unable to open tdb
'/var/lib/samba/private/secrets.ldb':
>> > No such file or directory
>>
>> You can very safely ignore that. At one time an empty secrets.ldb file
>> was created when a Unix machine joined the domain, but this was stopped
>> quite sometime ago, those lines are just artefacts of the secrets.ldb
>> file no longer being created.
>>
>> >
>> >     You will not, part of which is that 'ourserver' !=
'OURDOMAIN'
>> >
>> >
>> > Sorry was a typing error, the data is correct on the config. I
usually
>> > change the real domain namefor  "OURDOMAIN" i don't
want to share
>> > private information because the samba list is public, I changed it
>> > before and I got confused but it is ok.
>> > Don't pay attention to it.
>>
>> I thought might be the problem, but I also thought I should mention it,
>> just in case it wasn't.
>>
>> >
>> >     Probably if you keep trying, DC2 will reply, Winbind will use
the
>> DC it
>> >     thinks is best, this is influenced by the first nameserver in
>> >     /etc/resolv.conf
>> >
>> >
>> > I shutdown the old server and now shows the DC2, so I'm happy
the
>> > replication seems to work excellent.
>> >
>> > Now about the files I'm thinking of using xCopy on windows to
preserve
>> > permissions, owners and groups of the files and start to migrate
the
>> > data to this unix member on windows.
>> > Don't know if you know another better way, but in old times
that was
>> > what I did to preserve all directories and files and rewrite uid
and
>> gid
>> > on the unix member.
>>
>> It doesn't matter what you use, just as long as it uses names and
not
>> numbers.
>>
>> Rowland
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>

On 28/11/2022 15:18, Juan Ignacio wrote:
> I am having some problems accessing the shares of the new member server.
> I can access the shares with my domain account but cannot access them 
> with the administrator account.

How are you trying to connect as Administrator ?

What is in your username map ?

You should have:

!root = OURDOMAIN\Administrator

This should then map Administrator to root when you connect from Windows.

Never use Administrator on a Linux machine, use root or sudo.

Rowland