Web lists-archives.com

[Samba] Migrating from Samba 3: no groups/users are imported ("listed, but then not found", "does not belong to our domain")




Hello,

Going further with migrating NT4 domain (Samba 3) to Samba 4. Thanks for the previous suggestions.

When doing

# samba-tool domain classicupgrade --dbdir=/usr/local/samba.LAN/ --realm=ad-lan.com --dns-backend=BIND9_DLZ /usr/local/samba.LAN/smb.conf --option="interfaces=lo ens3" --option="bind interfaces only=yes"

I see in stderr the below:

Ignoring group 'ossi' S-1-5-21-1411277624-4092985889-3405756581-3001 listed but then not found: Unable to enumerate group members, (-1073741722,The specified group does not exist.)

for every group from existing LDAP backend of Samba 3, and

sid S-1-5-21-1411277624-4092985889-3405756581-2062 does not belong to our domain

for every user ID.

After I start the upgraded domain:

# net getdomainsid
SID for domain AD-LAN is: S-1-5-21-2473926874-590573496-2946143095

and on original Samba 3 domain controller:

# net getdomainsid
SID for local machine PDCLAN is: S-1-5-21-1411277624-402985889-3405756581
SID for domain LAN is: S-1-5-21-1411277624-4092985889-3405756581

I.e., the domains SID are different (which is expected).

How do I make the groups/users be imported?

The smb.conf used is below:
--------------------------------- smb.conf below
[global]
unix charset = UTF8
workgroup = AD-LAN
netbios name = DC
server max protocol = NT1
server string = AD-LAN.COM domain controller
passdb backend =ldapsam:"ldap://10.1.0.10";
username map = /etc/samba/smbusers
interfaces = ens3 lo
bind interfaces only = yes
enable privileges = yes
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 0
name resolve order = wins bcast host
time server = Yes
printcap name = CUPS
add user script = /usr/sbin/smbldap-useradd -m '%u'
delete user script = /usr/sbin/smbldap-userdel '%u'
add group script = /usr/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%g' '%u'
delete user from group script = /usr/sbin/smbldap-groupmod -x '%g' '%u'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
add machine script = /usr/sbin/smbldap-useradd -W '%u'
shutdown script = /var/lib/samba/scripts/shutdown.sh
abort shutdown script = /sbin/shutdown -c
logon script = %u.bat
logon drive = W:
logon home = \\%L\%u
logon path = \\%L\profiles\%u
domain logons = Yes
domain master = Yes
wins support = Yes
ldapsam:trusted = no
ldap ssl = off
ldap suffix = dc=company,dc=lan
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap admin dn = cn=Manager,dc=company,dc=lan
idmap backend = ldap://10.1.0.10
idmap uid = 500-20000
idmap gid = 500-20000
printer admin = root
printing = cups
--------------------------------- smb.conf above

Sincerely,
Konstantin

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba