Re: [Samba] classic upgrade woes, ignores realm
- Date: Sun, 31 Mar 2019 14:37:44 +0200
- From: Patrick von der Hagen via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] classic upgrade woes, ignores realm
Am 31.03.19 um 14:08 schrieb Rowland Penny via samba:
On Sun, 31 Mar 2019 13:37:44 +0200
Patrick von der Hagen via samba <samba@xxxxxxxxxxxxxxx> wrote:
I am running samba as a fileserver, having some users (LDAP backend)
and lots of files. No machines ever joined this setup. Now I want to
join some clients, but want to upgrade to AD before I do that.
Configuration is quite old, but had no issues so far. I've been
Since the LDAP backend runs on the old server and blocks ports
389/636, I want to follow "Upgrading on a new server" and I want to
follow "Domain Controller name" because the new server has a
different name, which should be "DC1".
The new server ist running Ubuntu 18.10, which provides samba 4.8.4.
Provisioning a new domain works flawless, no issues there. But I
really want to perform an upgrade, migrating users and groups.
In smb.conf, "netbios name = DC1" and "workgroup = WORKGROUP",
hostname returns "dc1", hostname -f returns "dc1.samdom.domain.de".
I prepared a local slapd and copied the samba-databases.
I start the process like this:
samba-tool domain classicupgrade --dbdir=/root/samba/
--realm=samdom.domain.de --dns-backend=SAMBA_INTERNAL -d
sid S-1-5-21-... does not belong to our domain
Cannot open wins database, Ignoring: [Errno 2] No such file or
Adding DomainDN: DC=DC1
DN: DC=DC1 is a NC
Admin password: xxxxxxxxxxxxxxxxxxxxx
Server Role: standalone server
NetBIOS Domain: DC1
DNS Domain: dc1
DOMAIN SID: S-1-5-21-2467318493-10260708-2946515883
Cannot open idmap database, Ignoring: [Errno 2] No such file or
Content of /etc/samba/smb.conf (complete!):
log level = 2
netbios name = DC1
passdb backend = samba_dsdb
realm = SAMDOM.DOMAIN.DE
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
drepl, winbindd, ntp_signd, kcc, dnsupdate
workgroup = WORKGROUP
idmap_ldb:use rfc2307 = yes
Obviously, smb.conf is no complete.
Documentation says, to change "netbios name" before upgrade if you
want to change the domain controller name. But it is used in the ldap
query for sambaDomainName, so currently I have to change it to
WORKGROUP in order to import the LDAP data. How do I fix that?
"DNS Domain" should be the realm I specified at the commandline? Why
is it ignored and why is sambaDomainName used instead?
Is it normal to get a smb.conf file that does not work? Is it
indended as a starting point of should it convert my previous
configuration? At least "server role" is missing and "server
services" contains "dnsupdate" which it should not with
Do I have to worry about wins.dat missing? I don't have such a file.
Lets start with the obvious questions:
What is the original OS ?
What OS are you moving to ?
What version of Samba is on the original OS ?
and finally and most importantly, What is in the original smb.conf ?
the old server runs Ubuntu 18.04 (LTS) and samba 4.7.6-Ubuntu. I'd stick
with LTS, but it has the same issues, so I upgraded the new server to
Ubuntu 18.10 and samba 4.8.4
security = user
workgroup = WORKGROUP
netbios name = DC1
server string = %h server (Samba, Ubuntu)
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
panic action = /usr/share/samba/panic-action %d
server role = standalone server
passdb backend = ldapsam:ldap://localhost
ldap suffix = dc=domain,dc=de
ldap user suffix = ou=People
ldap group suffix = ou=Group
ldap machine suffix = ou=machines
ldap idmap suffix = ou=Idmap
ldap admin dn = cn=admin,dc=domain,dc=de
ldap ssl = off
ldap passwd sync = yes
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
and some shares, which should not matter.
To unsubscribe from this list go to the following URL and read the