Web lists-archives.com

Re: [Samba] Fwd: Migrating server




Hi Rob,

first things first. Thanks for the attached logs.txt!!!


> Hi Harry,
> 
> 
> Here are the outputs. I've attached them as logs with this email too.
> 
> root@sam3dc:/tmp/ldifs-gr# ldapmodify -Y external -H ldapi:///  -f
> olcdbindex.ldif
> SASL/EXTERNAL authentication started
> SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
> SASL SSF: 0
> modifying entry "olcDatabase={1}hdb,cn=config"
> 
> 
> root@sam3dc:/tmp/ldifs-gr# service slapd stop
>  * Stopping OpenLDAP slapd
>                                                                       
>    [ OK ]
> root@sam3dc:/tmp/ldifs-gr# slapindex -v -n 1
> 
> WARNING!
> Runnig as root!
> There's a fair chance slapd will fail to start.
I've overseen this very imortant error message, sorry.

> Check file permissions!
We have run the slapindex command as root. So root becomes
 the owner of the files. That is surely wrong, openldap
 should be the owner.
This happens because of the no so sophistecated install
 scripts of debian/ubuntu. This is not easy fixable without
 breaking thousands of installations.

Do the following:
stop slapd

# chown -R openldap:openldap /etc/ldap/slapd.d/cn\=config/
# chown -R openldap:openldap /var/lib/ldap/ 

start slapd

> indexing id=00000001
> indexing id=00000002
> indexing id=00000003
> indexing id=00000004
> indexing id=00000005
> indexing id=00000006
> It goes on and completes the indexing
Super


> root@sam3dc:/tmp/ldifs-gr# service slapd start
>  * Starting OpenLDAP slapd
>                                                                       
>    [ OK ]
> 
> 
> net getdomainsid
> SID for local machine sam3dc is:
> S-1-5-21-286905455-3929894668-3957719032 SID for domain mydomain is:
> S-1-5-21-3936576374-1604348213-1812465911
And this is why I prefer this command!!!
You have different SIDs for PDC and DOMAIN and that is wrong!
 
> net getlocalsid
> SID for local machine sam3dc is:
> S-1-5-21-286905455-3929894668-3957719032
Nice command but did not help here. Just to show.

> getent passwd sadmin
> sadmin:x:1359:1359::/home/sadmin:/bin/sh
> 
> getent passwd tadmin
> tadmin:x:1262:1150:Temp Admin,,,:/home/tadmin:/bin/bash
> 
> root@sam3dc:/# getent group 512
> root@sam3dc:/#
> root@sam3dc:/# getent group 1359
> sadmin:x:1359:
getent group 1150

and let us look if these groups are in ldap

## a long one liner
# for g in 512 1359 1150; do ldapsearch -xLLL -b dc=mydomain "(&(objectclass=posixgroup)(gidnumber=$g))";done

> SYSLOG during the netdomainsid and getlocalsid

PS
until tuesday i'm offline

-- 

Gruss
	Harry Jede
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba