LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 01-05-2013, 03:05 PM   #1
treedstang
Member
 
Registered: Jul 2003
Distribution: Suse 9.X Redhat 9.0, Enterprise 3 and 4 Fedora Mandrake
Posts: 79

Rep: Reputation: 15
Samba4 domain not seeing imported users ,Groups and Machine Accounts from samba3 domain


I have ran a Samba4 classicupgrade provision on a server as a test to migrate from a Samba3 domain to a samba4 AD setup.. I followed all the steps as per the samba4wiki site....

when the provision is complete each time none of my users or machine accounts appear in the new Samba4 domain, even though the provision script says that it did import.. when I open ADUC from Win7 none of my accounts from Samba3 appear in Samba4 I also used pdbedit -L -v from the command and nothing appear there as well..

Let me provide more detail on the setup..

The Samba3 Domain is on a 32bit Centos 5.7 server running Samba 3.3.14 PDC mode. with the standard tdb database engine --- No LDAP used in this implementation

The Samba4 Domain server is also a Centos 5.7 32bit server. running Samba 4.0.0 Production

-----

Samba Provisioning Command used:

./samba-tool domain classicupgrade --dbdir=/var/lib/samba/ --use-xattrs=yes --realm=aggeo.local /etc/samba/smb.conf

-----
Results from the Provisioning Below
-----
Reading smb.conf
WARNING: Ignoring invalid value 'cups' for parameter 'printing'
Ignoring unknown parameter "printer admin"
Ignoring unknown parameter "share modes"
Ignoring unknown parameter "printer admin"
Ignoring unknown parameter "printer admin"
Provisioning
Exporting account policy
Exporting groups
Exporting users
Skipping wellknown rid=501 (for username=nobody)
Next rid = 2207
Exporting posix attributes
Reading WINS database
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=aggeo,DC=local
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Setting acl on sysvol skipped
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=aggeo,DC=local
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf
Setting up fake yp server settings
Once the above files are installed, your Samba4 server will be ready to use
Admin password: ?#+%7JZ0Z-D-#g_
Server Role: active directory domain controller
Hostname: fileserver
NetBIOS Domain: AGGEO
DNS Domain: aggeo.local
DOMAIN SID: S-1-5-21-842145922-2861567613-292939348
Importing WINS database
Importing Account policy
Importing idmap database
Importing groups
Group already exists sid=S-1-5-21-842145922-2861567613-292939348-512, groupname=Domain Admins existing_groupname=Domain Admins, Ignoring.
Could not add group name=Print Operators ((68, "samldb: Account name (sAMAccountName) 'Print Operators' already in use!"))
Could not modify AD idmap entry for sid=S-1-5-21-842145922-2861567613-292939348-1009, id=510, type=ID_TYPE_GID ((32, "Base-DN '<SID=S-1-5-21-842145922-2861567613-292939348-1009>' not found"))
Could not add posix attrs for AD entry for sid=S-1-5-21-842145922-2861567613-292939348-1009, ((32, "Base-DN '<SID=S-1-5-21-842145922-2861567613-292939348-1009>' not found"))
Could not add group name=Domain Users ((68, "samldb: Account name (sAMAccountName) 'Domain Users' already in use!"))
Could not modify AD idmap entry for sid=S-1-5-21-842145922-2861567613-292939348-1011, id=511, type=ID_TYPE_GID ((32, "Base-DN '<SID=S-1-5-21-842145922-2861567613-292939348-1011>' not found"))
Could not add posix attrs for AD entry for sid=S-1-5-21-842145922-2861567613-292939348-1011, ((32, "Base-DN '<SID=S-1-5-21-842145922-2861567613-292939348-1011>' not found"))
Importing users
User root has been kept in the directory, it should be removed in favour of the Administrator user
User 'Administrator' in your existing directory has SID S-1-5-21-842145922-2861567613-292939348-2046, expected it to be S-1-5-21-842145922-2861567613-292939348-500
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: User 'Administrator' in your existing directory does not have SID ending in -500
File "/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py", line 175, in _run
return self.run(*args, **kwargs)
File "/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/domain.py", line 1318, in run
useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
File "/usr/local/samba/lib/python2.6/site-packages/samba/upgrade.py", line 883, in upgrade_from_samba3
raise ProvisioningError("User 'Administrator' in your existing directory does not have SID ending in -500")

----
once this was complete the proper krb5.conf file was put in place and the correct smb.conf entires

then started the samba services with the command below

/usr/local/samba/sbin/samba

I used the buildin dns since this was a single server domain..

once this was all done I'm able to join a workstation to the domain without any issues and use windows Admin tools to administer the server ,, this is when I noticed none of my user accounts or machine accounts are imported

Any good info would be greatly appreciated


Tim

Last edited by treedstang; 01-05-2013 at 08:41 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Permission Problem on a Samba3 Share in a Samba4 Domain. varouj Linux - Enterprise 4 12-27-2012 05:06 PM
Server requirement for Domain server using Samba4 for 100 users deep27ak Linux - Server 0 12-15-2012 01:44 PM
domain users can't access samba shares on domain member server noahbeach Linux - Server 1 11-24-2010 05:16 AM
Restrict users of a domain to send/receive mail from one particular domain tanveer Linux - Server 0 09-02-2007 02:01 AM
So can Samba3 emulate an Active Directory domain? trey85stang Linux - Networking 9 04-22-2004 01:08 AM


All times are GMT -5. The time now is 06:42 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration