treedstang
IS-IT--Management
I have ran a Samba4 classicupgrade provision on a server as a test to migrate from a Samba3 domain to a samba4 AD setup.. I followed all the steps as per the samba4wiki site....
when the provision is complete each time none of my users or machine accounts appear in the new Samba4 domain, even though the provision script says that it did import.. when I open ADUC from Win7 none of my accounts from Samba3 appear in Samba4 I also used pdbedit -L -v from the command and nothing appear there as well..
Let me provide more detail on the setup..
The Samba3 Domain is on a 32bit Centos 5.7 server running Samba 3.3.14 PDC mode. with the standard tdb database engine --- No LDAP used in this implementation
The Samba4 Domain server is also a Centos 5.7 32bit server. running Samba 4.0.0 Production
-----
Samba Provisioning Command used:
./samba-tool domain classicupgrade --dbdir=/var/lib/samba/ --use-xattrs=yes --realm=aggeo.local /etc/samba/smb.conf
-----
Results from the Provisioning Below
-----
Reading smb.conf
WARNING: Ignoring invalid value 'cups' for parameter 'printing'
Ignoring unknown parameter "printer admin"
Ignoring unknown parameter "share modes"
Ignoring unknown parameter "printer admin"
Ignoring unknown parameter "printer admin"
Provisioning
Exporting account policy
Exporting groups
Exporting users
Skipping wellknown rid=501 (for username=nobody)
Next rid = 2207
Exporting posix attributes
Reading WINS database
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=aggeo,DC=local
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Setting acl on sysvol skipped
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=aggeo,DC=local
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf
Setting up fake yp server settings
Once the above files are installed, your Samba4 server will be ready to use
Admin password: ?#+%7JZ0Z-D-#g_
Server Role: active directory domain controller
Hostname: fileserver
NetBIOS Domain: AGGEO
DNS Domain: aggeo.local
DOMAIN SID: S-1-5-21-842145922-2861567613-292939348
Importing WINS database
Importing Account policy
Importing idmap database
Importing groups
Group already exists sid=S-1-5-21-842145922-2861567613-292939348-512, groupname=Domain Admins existing_groupname=Domain Admins, Ignoring.
Could not add group name=Print Operators ((68, "samldb: Account name (sAMAccountName) 'Print Operators' already in use!"))
Could not modify AD idmap entry for sid=S-1-5-21-842145922-2861567613-292939348-1009, id=510, type=ID_TYPE_GID ((32, "Base-DN '<SID=S-1-5-21-842145922-2861567613-292939348-1009>' not found"))
Could not add posix attrs for AD entry for sid=S-1-5-21-842145922-2861567613-292939348-1009, ((32, "Base-DN '<SID=S-1-5-21-842145922-2861567613-292939348-1009>' not found"))
Could not add group name=Domain Users ((68, "samldb: Account name (sAMAccountName) 'Domain Users' already in use!"))
Could not modify AD idmap entry for sid=S-1-5-21-842145922-2861567613-292939348-1011, id=511, type=ID_TYPE_GID ((32, "Base-DN '<SID=S-1-5-21-842145922-2861567613-292939348-1011>' not found"))
Could not add posix attrs for AD entry for sid=S-1-5-21-842145922-2861567613-292939348-1011, ((32, "Base-DN '<SID=S-1-5-21-842145922-2861567613-292939348-1011>' not found"))
Importing users
User root has been kept in the directory, it should be removed in favour of the Administrator user
User 'Administrator' in your existing directory has SID S-1-5-21-842145922-2861567613-292939348-2046, expected it to be S-1-5-21-842145922-2861567613-292939348-500
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: User 'Administrator' in your existing directory does not have SID ending in -500
File "/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py", line 175, in _run
return self.run(*args, **kwargs)
File "/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/domain.py", line 1318, in run
useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
File "/usr/local/samba/lib/python2.6/site-packages/samba/upgrade.py", line 883, in upgrade_from_samba3
raise ProvisioningError("User 'Administrator' in your existing directory does not have SID ending in -500")
----
once this was complete the proper krb5.conf file was put in place and the correct smb.conf entires
then started the samba services with the command below
/usr/local/samba/sbin/samba
I used the buildin dns since this was a single server domain..
once this was all done I'm able to join a workstation to the domain without any issues and use windows Admin tools to administer the server ,, this is when I noticed none of my user accounts or machine accounts are imported
Any good info would be greatly appreciated
Tim
when the provision is complete each time none of my users or machine accounts appear in the new Samba4 domain, even though the provision script says that it did import.. when I open ADUC from Win7 none of my accounts from Samba3 appear in Samba4 I also used pdbedit -L -v from the command and nothing appear there as well..
Let me provide more detail on the setup..
The Samba3 Domain is on a 32bit Centos 5.7 server running Samba 3.3.14 PDC mode. with the standard tdb database engine --- No LDAP used in this implementation
The Samba4 Domain server is also a Centos 5.7 32bit server. running Samba 4.0.0 Production
-----
Samba Provisioning Command used:
./samba-tool domain classicupgrade --dbdir=/var/lib/samba/ --use-xattrs=yes --realm=aggeo.local /etc/samba/smb.conf
-----
Results from the Provisioning Below
-----
Reading smb.conf
WARNING: Ignoring invalid value 'cups' for parameter 'printing'
Ignoring unknown parameter "printer admin"
Ignoring unknown parameter "share modes"
Ignoring unknown parameter "printer admin"
Ignoring unknown parameter "printer admin"
Provisioning
Exporting account policy
Exporting groups
Exporting users
Skipping wellknown rid=501 (for username=nobody)
Next rid = 2207
Exporting posix attributes
Reading WINS database
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=aggeo,DC=local
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Setting acl on sysvol skipped
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=aggeo,DC=local
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf
Setting up fake yp server settings
Once the above files are installed, your Samba4 server will be ready to use
Admin password: ?#+%7JZ0Z-D-#g_
Server Role: active directory domain controller
Hostname: fileserver
NetBIOS Domain: AGGEO
DNS Domain: aggeo.local
DOMAIN SID: S-1-5-21-842145922-2861567613-292939348
Importing WINS database
Importing Account policy
Importing idmap database
Importing groups
Group already exists sid=S-1-5-21-842145922-2861567613-292939348-512, groupname=Domain Admins existing_groupname=Domain Admins, Ignoring.
Could not add group name=Print Operators ((68, "samldb: Account name (sAMAccountName) 'Print Operators' already in use!"))
Could not modify AD idmap entry for sid=S-1-5-21-842145922-2861567613-292939348-1009, id=510, type=ID_TYPE_GID ((32, "Base-DN '<SID=S-1-5-21-842145922-2861567613-292939348-1009>' not found"))
Could not add posix attrs for AD entry for sid=S-1-5-21-842145922-2861567613-292939348-1009, ((32, "Base-DN '<SID=S-1-5-21-842145922-2861567613-292939348-1009>' not found"))
Could not add group name=Domain Users ((68, "samldb: Account name (sAMAccountName) 'Domain Users' already in use!"))
Could not modify AD idmap entry for sid=S-1-5-21-842145922-2861567613-292939348-1011, id=511, type=ID_TYPE_GID ((32, "Base-DN '<SID=S-1-5-21-842145922-2861567613-292939348-1011>' not found"))
Could not add posix attrs for AD entry for sid=S-1-5-21-842145922-2861567613-292939348-1011, ((32, "Base-DN '<SID=S-1-5-21-842145922-2861567613-292939348-1011>' not found"))
Importing users
User root has been kept in the directory, it should be removed in favour of the Administrator user
User 'Administrator' in your existing directory has SID S-1-5-21-842145922-2861567613-292939348-2046, expected it to be S-1-5-21-842145922-2861567613-292939348-500
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: User 'Administrator' in your existing directory does not have SID ending in -500
File "/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py", line 175, in _run
return self.run(*args, **kwargs)
File "/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/domain.py", line 1318, in run
useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
File "/usr/local/samba/lib/python2.6/site-packages/samba/upgrade.py", line 883, in upgrade_from_samba3
raise ProvisioningError("User 'Administrator' in your existing directory does not have SID ending in -500")
----
once this was complete the proper krb5.conf file was put in place and the correct smb.conf entires
then started the samba services with the command below
/usr/local/samba/sbin/samba
I used the buildin dns since this was a single server domain..
once this was all done I'm able to join a workstation to the domain without any issues and use windows Admin tools to administer the server ,, this is when I noticed none of my user accounts or machine accounts are imported
Any good info would be greatly appreciated
Tim