×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

SAMBA4 DOMAIN NOT SEEING IMPORTED USERS OR GROUPS FROM SAMBA3 DOMAIN

SAMBA4 DOMAIN NOT SEEING IMPORTED USERS OR GROUPS FROM SAMBA3 DOMAIN

SAMBA4 DOMAIN NOT SEEING IMPORTED USERS OR GROUPS FROM SAMBA3 DOMAIN

(OP)
I have ran a Samba4 classicupgrade provision on a server as a test to migrate from a Samba3 domain to a samba4 AD setup.. I followed all the steps as per the samba4wiki site....

when the provision is complete each time none of my users or machine accounts appear in the new Samba4 domain, even though the provision script says that it did import.. when I open ADUC from Win7 none of my accounts from Samba3 appear in Samba4 I also used pdbedit -L -v from the command and nothing appear there as well..

Let me provide more detail on the setup..

The Samba3 Domain is on a 32bit Centos 5.7 server running Samba 3.3.14 PDC mode. with the standard tdb database engine --- No LDAP used in this implementation

The Samba4 Domain server is also a Centos 5.7 32bit server. running Samba 4.0.0 Production

-----

Samba Provisioning Command used:

./samba-tool domain classicupgrade --dbdir=/var/lib/samba/ --use-xattrs=yes --realm=aggeo.local /etc/samba/smb.conf

-----
Results from the Provisioning Below
-----
Reading smb.conf
WARNING: Ignoring invalid value 'cups' for parameter 'printing'
Ignoring unknown parameter "printer admin"
Ignoring unknown parameter "share modes"
Ignoring unknown parameter "printer admin"
Ignoring unknown parameter "printer admin"
Provisioning
Exporting account policy
Exporting groups
Exporting users
Skipping wellknown rid=501 (for username=nobody)
Next rid = 2207
Exporting posix attributes
Reading WINS database
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=aggeo,DC=local
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Setting acl on sysvol skipped
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=aggeo,DC=local
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf
Setting up fake yp server settings
Once the above files are installed, your Samba4 server will be ready to use
Admin password: ?#+%7JZ0Z-D-#g_
Server Role: active directory domain controller
Hostname: fileserver
NetBIOS Domain: AGGEO
DNS Domain: aggeo.local
DOMAIN SID: S-1-5-21-842145922-2861567613-292939348
Importing WINS database
Importing Account policy
Importing idmap database
Importing groups
Group already exists sid=S-1-5-21-842145922-2861567613-292939348-512, groupname=Domain Admins existing_groupname=Domain Admins, Ignoring.
Could not add group name=Print Operators ((68, "samldb: Account name (sAMAccountName) 'Print Operators' already in use!"))
Could not modify AD idmap entry for sid=S-1-5-21-842145922-2861567613-292939348-1009, id=510, type=ID_TYPE_GID ((32, "Base-DN '<SID=S-1-5-21-842145922-2861567613-292939348-1009>' not found"))
Could not add posix attrs for AD entry for sid=S-1-5-21-842145922-2861567613-292939348-1009, ((32, "Base-DN '<SID=S-1-5-21-842145922-2861567613-292939348-1009>' not found"))
Could not add group name=Domain Users ((68, "samldb: Account name (sAMAccountName) 'Domain Users' already in use!"))
Could not modify AD idmap entry for sid=S-1-5-21-842145922-2861567613-292939348-1011, id=511, type=ID_TYPE_GID ((32, "Base-DN '<SID=S-1-5-21-842145922-2861567613-292939348-1011>' not found"))
Could not add posix attrs for AD entry for sid=S-1-5-21-842145922-2861567613-292939348-1011, ((32, "Base-DN '<SID=S-1-5-21-842145922-2861567613-292939348-1011>' not found"))
Importing users
User root has been kept in the directory, it should be removed in favour of the Administrator user
User 'Administrator' in your existing directory has SID S-1-5-21-842145922-2861567613-292939348-2046, expected it to be S-1-5-21-842145922-2861567613-292939348-500
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: User 'Administrator' in your existing directory does not have SID ending in -500
File "/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py", line 175, in _run
return self.run(*args, **kwargs)
File "/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/domain.py", line 1318, in run
useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
File "/usr/local/samba/lib/python2.6/site-packages/samba/upgrade.py", line 883, in upgrade_from_samba3
raise ProvisioningError("User 'Administrator' in your existing directory does not have SID ending in -500")

----
once this was complete the proper krb5.conf file was put in place and the correct smb.conf entires

then started the samba services with the command below

/usr/local/samba/sbin/samba

I used the buildin dns since this was a single server domain..

once this was all done I'm able to join a workstation to the domain without any issues and use windows Admin tools to administer the server ,, this is when I noticed none of my user accounts or machine accounts are imported

Any good info would be greatly appreciated


Tim

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login


Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close