Web lists-archives.com

[Samba] classic upgrade woes, ignores realm




I am running samba as a fileserver, having some users (LDAP backend) and lots of files. No machines ever joined this setup. Now I want to join some clients, but want to upgrade to AD before I do that. Configuration is quite old, but had no issues so far. I've been following https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade)

Since the LDAP backend runs on the old server and blocks ports 389/636, I want to follow "Upgrading on a new server" and I want to follow "Domain Controller name" because the new server has a different name, which should be "DC1".

The new server ist running Ubuntu 18.10, which provides samba 4.8.4. Provisioning a new domain works flawless, no issues there. But I really want to perform an upgrade, migrating users and groups.

In smb.conf, "netbios name = DC1" and "workgroup = WORKGROUP", hostname returns "dc1", hostname -f returns "dc1.samdom.domain.de".

I prepared a local slapd and copied the samba-databases.

I start the process like this:

samba-tool domain classicupgrade --dbdir=/root/samba/ --realm=samdom.domain.de --dns-backend=SAMBA_INTERNAL -d 2 /root/smb.conf

Output:
...
smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DC1))]
...
sid S-1-5-21-... does not belong to our domain
...
Cannot open wins database, Ignoring: [Errno 2] No such file or directory: '/root/samba/wins.dat'
...
Adding DomainDN: DC=DC1
DN: DC=DC1 is a NC
...
Admin password:        xxxxxxxxxxxxxxxxxxxxx
Server Role:           standalone server
Hostname:              dc1
NetBIOS Domain:        DC1
DNS Domain:            dc1
DOMAIN SID:            S-1-5-21-2467318493-10260708-2946515883
...
Cannot open idmap database, Ignoring: [Errno 2] No such file or directory
...

Content of /etc/samba/smb.conf (complete!):
[global]
        log level = 2
        netbios name = DC1
        passdb backend = samba_dsdb
        realm = SAMDOM.DOMAIN.DE
        server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
        workgroup = WORKGROUP
        idmap_ldb:use rfc2307 = yes

Obviously, smb.conf is no complete.

My questions:

Documentation says, to change "netbios name" before upgrade if you want to change the domain controller name. But it is used in the ldap query for sambaDomainName, so currently I have to change it to WORKGROUP in order to import the LDAP data. How do I fix that?

"DNS Domain" should be the realm I specified at the commandline? Why is it ignored and why is sambaDomainName used instead?

Is it normal to get a smb.conf file that does not work? Is it indended as a starting point of should it convert my previous configuration? At least "server role" is missing and "server services" contains "dnsupdate" which it should not with SAMBA_INTERNAL.

Do I have to worry about wins.dat missing? I don't have such a file.

Best regards
Patrick


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba