Web lists-archives.com

Re: [Samba] classic upgrade woes, ignores realm




On Sun, 31 Mar 2019 14:37:44 +0200
Patrick von der Hagen <patrick.vdhagen@xxxxxxxxxxxx> wrote:

> Am 31.03.19 um 14:08 schrieb Rowland Penny via samba:
> > On Sun, 31 Mar 2019 13:37:44 +0200
> > Patrick von der Hagen via samba <samba@xxxxxxxxxxxxxxx> wrote:
> >  
> >> I am running samba as a fileserver, having some users (LDAP
> >> backend) and lots of files. No machines ever joined this setup.
> >> Now I want to join some clients, but want to upgrade to AD before
> >> I do that. Configuration is quite old, but had no issues so far.
> >> I've been following
> >> https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade)
> >>
> >> Since the LDAP backend runs on the old server and blocks ports
> >> 389/636, I want to follow "Upgrading on a new server" and I want to
> >> follow "Domain Controller name" because the new server has a
> >> different name, which should be "DC1".
> >>
> >> The new server ist running Ubuntu 18.10, which provides samba
> >> 4.8.4. Provisioning a new domain works flawless, no issues there.
> >> But I really want to perform an upgrade, migrating users and
> >> groups.
> >>
> >> In smb.conf, "netbios name = DC1" and "workgroup = WORKGROUP",
> >> hostname returns "dc1", hostname -f returns "dc1.samdom.domain.de".
> >>
> >> I prepared a local slapd and copied the samba-databases.
> >>
> >> I start the process like this:
> >>
> >> samba-tool domain classicupgrade --dbdir=/root/samba/
> >> --realm=samdom.domain.de --dns-backend=SAMBA_INTERNAL -d
> >> 2 /root/smb.conf
> >>
> >> Output:
> >> ...
> >> smbldap_search_domain_info: Searching
> >> for:[(&(objectClass=sambaDomain)(sambaDomainName=DC1))]
> >> ...
> >> sid S-1-5-21-... does not belong to our domain
> >> ...
> >> Cannot open wins database, Ignoring: [Errno 2] No such file or
> >> directory: '/root/samba/wins.dat'
> >> ...
> >> Adding DomainDN: DC=DC1
> >> DN: DC=DC1 is a NC
> >> ...
> >> Admin password:        xxxxxxxxxxxxxxxxxxxxx
> >> Server Role:           standalone server
> >> Hostname:              dc1
> >> NetBIOS Domain:        DC1
> >> DNS Domain:            dc1
> >> DOMAIN SID:            S-1-5-21-2467318493-10260708-2946515883
> >> ...
> >> Cannot open idmap database, Ignoring: [Errno 2] No such file or
> >> directory ...
> >>
> >> Content of /etc/samba/smb.conf (complete!):
> >> [global]
> >>           log level = 2
> >>           netbios name = DC1
> >>           passdb backend = samba_dsdb
> >>           realm = SAMDOM.DOMAIN.DE
> >>           server services = s3fs, rpc, nbt, wrepl, ldap, cldap,
> >> kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
> >>           workgroup = WORKGROUP
> >>           idmap_ldb:use rfc2307 = yes
> >>
> >> Obviously, smb.conf is no complete.
> >>
> >> My questions:
> >>
> >> Documentation says, to change "netbios name" before upgrade if you
> >> want to change the domain controller name. But it is used in the
> >> ldap query for sambaDomainName, so currently I have to change it to
> >> WORKGROUP in order to import the LDAP data. How do I fix that?
> >>
> >> "DNS Domain" should be the realm I specified at the commandline?
> >> Why is it ignored and why is sambaDomainName used instead?
> >>
> >> Is it normal to get a smb.conf file that does not work? Is it
> >> indended as a starting point of should it convert my previous
> >> configuration? At least "server role" is missing and "server
> >> services" contains "dnsupdate" which it should not with
> >> SAMBA_INTERNAL.
> >>
> >> Do I have to worry about wins.dat missing? I don't have such a
> >> file.
> >>
> >> Best regards
> >> Patrick
> >>
> >>  
> > Lets start with the obvious questions:
> >
> > What is the original OS ?
> > What OS are you moving to ?
> > What version of Samba is on the original OS ?
> > and finally and most importantly, What is in the original
> > smb.conf ?  
> 
> the old server runs Ubuntu 18.04 (LTS) and samba 4.7.6-Ubuntu. I'd
> stick with LTS, but it has the same issues, so I upgraded the new
> server to Ubuntu 18.10 and samba 4.8.4
> 
> Configuration:
> 
> [global]
> security = user
>     workgroup = WORKGROUP
>     netbios name = DC1
>     server string = %h server (Samba, Ubuntu)
>     dns proxy = no
>     log file = /var/log/samba/log.%m
>     max log size = 1000
>     panic action = /usr/share/samba/panic-action %d
>     server role = standalone server

Thought so, did you miss this from:

https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade)

[quote]

This guide is only relevant if you have a Samba NT4-style domain, that
you want to upgrade to Samba Active Directory! 

[/quote]

You do not have an NT4-style domain, you have a standalone server.

You could try changing it to be an actual PDC, the changes are minimal,
but depending on how many users you have, it might just be easier to
start with a new AD domain.

Rowland


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba