Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Re: [Samba] Samba4 migration
188 views
Skip to first unread message
alxgrb
Apr 4, 2013, 4:10:01 AM4/4/13
to
I've tried with Apache Directory Studio to export LDAP (Schema) into LDIF
file. Its works.
But convert to (AD ldif) with oLschema2ldif don't work. S. message:
sudo /usr/local/samba/bin/oLschema2ldif -b DN=domainname -I
/home/alxgrb/ldapschemas/old_ldap_schema_250313.ldif -O converted.ldif
malformed entry on line 1265
Converted 0 records with 1 failures
Any Idea? (The line 1265 is empty)
Can I use ldbadd?
Thanks,
Alex
--
View this message in context: http://samba.2283325.n4.nabble.com/Samba4-migration-tp4646168p4646272.html
Sent from the Samba - General mailing list archive at Nabble.com.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
file. Its works.
But convert to (AD ldif) with oLschema2ldif don't work. S. message:
sudo /usr/local/samba/bin/oLschema2ldif -b DN=domainname -I
/home/alxgrb/ldapschemas/old_ldap_schema_250313.ldif -O converted.ldif
malformed entry on line 1265
Converted 0 records with 1 failures
Any Idea? (The line 1265 is empty)
Can I use ldbadd?
Thanks,
Alex
--
View this message in context: http://samba.2283325.n4.nabble.com/Samba4-migration-tp4646168p4646272.html
Sent from the Samba - General mailing list archive at Nabble.com.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
alxgrb
Apr 4, 2013, 4:20:02 AM4/4/13
to
I've tried with Apache Directory Studio to export LDAP (Schema) into LDIF
file. Its works.
But convert to (AD ldif) with oLschema2ldif don't work. S. message:
sudo /usr/local/samba/bin/oLschema2ldif -b DN=domainname -I
/home/alxgrb/ldapschemas/old_ldap_schema_250313.ldif -O converted.ldif
malformed entry on line 1265
Converted 0 records with 1 failures
Any Idea? (The line 1265 is empty)
Can I use ldbadd?
Thanks,
Alex
--
View this message in context: http://samba.2283325.n4.nabble.com/LDAP-Schemas-Users-to-Samba4-migration-tp4646168p4646274.html
file. Its works.
But convert to (AD ldif) with oLschema2ldif don't work. S. message:
sudo /usr/local/samba/bin/oLschema2ldif -b DN=domainname -I
/home/alxgrb/ldapschemas/old_ldap_schema_250313.ldif -O converted.ldif
malformed entry on line 1265
Converted 0 records with 1 failures
Any Idea? (The line 1265 is empty)
Can I use ldbadd?
Thanks,
Alex
--
Andrew Bartlett
Apr 4, 2013, 9:20:04 PM4/4/13
to
On Thu, 2013-04-04 at 01:15 -0700, alxgrb wrote:
> I've tried with Apache Directory Studio to export LDAP (Schema) into LDIF
> file. Its works.
> But convert to (AD ldif) with oLschema2ldif don't work. S. message:
>
> sudo /usr/local/samba/bin/oLschema2ldif -b DN=domainname -I
> /home/alxgrb/ldapschemas/old_ldap_schema_250313.ldif -O converted.ldif
> malformed entry on line 1265
> Converted 0 records with 1 failures
>
> Any Idea? (The line 1265 is empty)
> Can I use ldbadd?
We really need to drop this tool, it has never really worked well, the
> I've tried with Apache Directory Studio to export LDAP (Schema) into LDIF
> file. Its works.
> But convert to (AD ldif) with oLschema2ldif don't work. S. message:
>
> sudo /usr/local/samba/bin/oLschema2ldif -b DN=domainname -I
> /home/alxgrb/ldapschemas/old_ldap_schema_250313.ldif -O converted.ldif
> malformed entry on line 1265
> Converted 0 records with 1 failures
>
> Any Idea? (The line 1265 is empty)
> Can I use ldbadd?
parsing text schema with a C tool was always a bad idea. It would be
faster and more effective to have someone rewrite it in python.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Andrew Bartlett
Apr 8, 2013, 7:30:01 AM4/8/13
to
On Fri, 2013-04-05 at 12:10 +1100, Andrew Bartlett wrote:
> On Thu, 2013-04-04 at 01:15 -0700, alxgrb wrote:
> > I've tried with Apache Directory Studio to export LDAP (Schema) into LDIF
> > file. Its works.
> > But convert to (AD ldif) with oLschema2ldif don't work. S. message:
> >
> > sudo /usr/local/samba/bin/oLschema2ldif -b DN=domainname -I
> > /home/alxgrb/ldapschemas/old_ldap_schema_250313.ldif -O converted.ldif
> > malformed entry on line 1265
> > Converted 0 records with 1 failures
> >
> > Any Idea? (The line 1265 is empty)
> > Can I use ldbadd?
>
> We really need to drop this tool, it has never really worked well, the
> parsing text schema with a C tool was always a bad idea. It would be
> faster and more effective to have someone rewrite it in python.
I should however be clear:
> On Thu, 2013-04-04 at 01:15 -0700, alxgrb wrote:
> > I've tried with Apache Directory Studio to export LDAP (Schema) into LDIF
> > file. Its works.
> > But convert to (AD ldif) with oLschema2ldif don't work. S. message:
> >
> > sudo /usr/local/samba/bin/oLschema2ldif -b DN=domainname -I
> > /home/alxgrb/ldapschemas/old_ldap_schema_250313.ldif -O converted.ldif
> > malformed entry on line 1265
> > Converted 0 records with 1 failures
> >
> > Any Idea? (The line 1265 is empty)
> > Can I use ldbadd?
>
> We really need to drop this tool, it has never really worked well, the
> parsing text schema with a C tool was always a bad idea. It would be
> faster and more effective to have someone rewrite it in python.
To convert existing users and groups, use samba-tool domain
classicupgrade. This is different to if you can convert specific schema
extensions, which you may need to re-create by hand, and then import the
data for.
alxgrb
Apr 8, 2013, 10:10:01 AM4/8/13
to
Ok is clear, but samba-tool domain classicupgrade works only if samba
instance is installed. Is it right?
Our old server has only LDAP/Automount services without any samba's
instances.
I would like to migrate only the LDAP users in the new samba4 server.
Greetings,
Alexander
--
View this message in context: http://samba.2283325.n4.nabble.com/LDAP-Schemas-Users-to-Samba4-migration-tp4646168p4646419.html
instance is installed. Is it right?
Our old server has only LDAP/Automount services without any samba's
instances.
I would like to migrate only the LDAP users in the new samba4 server.
Greetings,
Alexander
--
View this message in context: http://samba.2283325.n4.nabble.com/LDAP-Schemas-Users-to-Samba4-migration-tp4646168p4646419.html
Sent from the Samba - General mailing list archive at Nabble.com.
Andrew Bartlett
Apr 8, 2013, 7:10:01 PM4/8/13
to
On Mon, 2013-04-08 at 07:07 -0700, alxgrb wrote:
> Ok is clear, but samba-tool domain classicupgrade works only if samba
> instance is installed. Is it right?
Correct
> Ok is clear, but samba-tool domain classicupgrade works only if samba
> instance is installed. Is it right?
> Our old server has only LDAP/Automount services without any samba's
> instances.
> I would like to migrate only the LDAP users in the new samba4 server.
anyway. Just migrate the users, manually translating the required
attributes.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
alxgrb
Apr 9, 2013, 9:00:02 AM4/9/13
to
Thank you for support.
OK. If one has 10 users, it goes by hand, but we have ca. 110 users.
Maybe there for it an automatic solution?
--
View this message in context: http://samba.2283325.n4.nabble.com/LDAP-Schemas-Users-to-Samba4-migration-tp4646168p4646470.html
OK. If one has 10 users, it goes by hand, but we have ca. 110 users.
Maybe there for it an automatic solution?
--
View this message in context: http://samba.2283325.n4.nabble.com/LDAP-Schemas-Users-to-Samba4-migration-tp4646168p4646470.html
Sent from the Samba - General mailing list archive at Nabble.com.
Gémes Géza
Apr 9, 2013, 2:40:02 PM4/9/13
to
2013-04-09 14:56 keltezéssel, alxgrb írta:
> Thank you for support.
>
> OK. If one has 10 users, it goes by hand, but we have ca. 110 users.
> Maybe there for it an automatic solution?
>
>
>
> --
> View this message in context: http://samba.2283325.n4.nabble.com/LDAP-Schemas-Users-to-Samba4-migration-tp4646168p4646470.html
> Sent from the Samba - General mailing list archive at Nabble.com.
The problem is: If you have users with only posixAccount (or similar)
> Thank you for support.
>
> OK. If one has 10 users, it goes by hand, but we have ca. 110 users.
> Maybe there for it an automatic solution?
>
>
>
> --
> View this message in context: http://samba.2283325.n4.nabble.com/LDAP-Schemas-Users-to-Samba4-migration-tp4646168p4646470.html
> Sent from the Samba - General mailing list archive at Nabble.com.
objectClasses (without samba 3.x aka classic attributes) you could add
them by an ldapsearch ldbadd based script, but you won't be able to
transfer the passwords, as OpenLDAP (with posixAccount and similar
objectClasses) uses a differently encrypted userPassword attribute, than
Samba as an AD controller (kerberos keys) can use. As the passwords are
one way encrypted without having an NTPassword attribute (which
correspond to a arcfour-hmac-md5 enctype) you will lose the password
during //migration.
Regards
Geza Gemes
alxgrb
Apr 11, 2013, 4:10:02 AM4/11/13
to
Hi,
please look at this:=>
alxgrb@ubsrv:~ sudo /usr/local/samba/bin/smbclient -L localhost -U%
Domain=[DEMO] OS=[Unix] Server=[Samba 4.0.5]
Sharename Type Comment
--------- ---- -------
netlogon Disk
sysvol Disk
home Disk Home drive
data Disk Data disk
IPC$ IPC IPC Service (Samba 4.0.5)
Domain=[DEMO] OS=[Unix] Server=[Samba 4.0.5]
Server Comment
--------- -------
Workgroup Master
--------- -------
The testuser.ldif file:=>
cat testuser.ldif
dn: uid=bmontag,ou=Users,dc=demo,dc=lan
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
objectClass: top
cn: Brigitte Montag
gidNumber: 10001
homeDirectory: /home/bmontag
sambaSID: -59220
sn: Montag
uid: bmontag
uidNumber: 29110
displayName: Brigitte Montag
givenName: Brigitte
loginShell: /bin/bash
mail: brigitt...@mailserver.com
I have tried add the testuser.ldif file to sam.ldb:=>
sudo /usr/local/samba/bin/ldbadd -H /usr/local/samba/private/sam.ldb
testuser.ldif
ERR: No such object : "objectclass: Cannot add
uid=bmontag,ou=Users,dc=demo,dc=lan, parent does not exist!" on DN
uid=bmontag,ou=Users,dc=demo,dc=lan at block before line 18
Add failed after processing 0 records
What do I have to do to make my ldbadd work??
Thanks,
Alexander
--
View this message in context: http://samba.2283325.n4.nabble.com/LDAP-Schemas-Users-to-Samba4-migration-tp4646168p4646559.html
please look at this:=>
alxgrb@ubsrv:~ sudo /usr/local/samba/bin/smbclient -L localhost -U%
Domain=[DEMO] OS=[Unix] Server=[Samba 4.0.5]
Sharename Type Comment
--------- ---- -------
netlogon Disk
sysvol Disk
home Disk Home drive
data Disk Data disk
IPC$ IPC IPC Service (Samba 4.0.5)
Domain=[DEMO] OS=[Unix] Server=[Samba 4.0.5]
Server Comment
--------- -------
Workgroup Master
--------- -------
The testuser.ldif file:=>
cat testuser.ldif
dn: uid=bmontag,ou=Users,dc=demo,dc=lan
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
objectClass: top
cn: Brigitte Montag
gidNumber: 10001
homeDirectory: /home/bmontag
sambaSID: -59220
sn: Montag
uid: bmontag
uidNumber: 29110
displayName: Brigitte Montag
givenName: Brigitte
loginShell: /bin/bash
mail: brigitt...@mailserver.com
I have tried add the testuser.ldif file to sam.ldb:=>
sudo /usr/local/samba/bin/ldbadd -H /usr/local/samba/private/sam.ldb
testuser.ldif
ERR: No such object : "objectclass: Cannot add
uid=bmontag,ou=Users,dc=demo,dc=lan, parent does not exist!" on DN
uid=bmontag,ou=Users,dc=demo,dc=lan at block before line 18
Add failed after processing 0 records
What do I have to do to make my ldbadd work??
Thanks,
Alexander
--
View this message in context: http://samba.2283325.n4.nabble.com/LDAP-Schemas-Users-to-Samba4-migration-tp4646168p4646559.html
Sent from the Samba - General mailing list archive at Nabble.com.
Andrew Bartlett
Apr 11, 2013, 7:50:02 AM4/11/13
to
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
alxgrb
Apr 11, 2013, 8:10:04 AM4/11/13
to
I have changed...
alxgrb@ubsrv:~ sudo /usr/local/samba/bin/ldbadd -H
/usr/local/samba/private/sam.ldb testuser.ldif
[sudo] password for alxgrb:
ERR: No such attribute : "objectclass_attrs: attribute 'sambaSID' on entry
'UID=bmontag,CN=Users,DC=demo,DC=lan' was not found in the schema!" on DN
uid=bmontag,cn=Users,dc=demo,dc=lan at block before line 18
--
View this message in context: http://samba.2283325.n4.nabble.com/LDAP-Schemas-Users-to-Samba4-migration-tp4646168p4646568.html
alxgrb@ubsrv:~ sudo /usr/local/samba/bin/ldbadd -H
/usr/local/samba/private/sam.ldb testuser.ldif
[sudo] password for alxgrb:
ERR: No such attribute : "objectclass_attrs: attribute 'sambaSID' on entry
'UID=bmontag,CN=Users,DC=demo,DC=lan' was not found in the schema!" on DN
uid=bmontag,cn=Users,dc=demo,dc=lan at block before line 18
Add failed after processing 0 records
Must I create a schema?
--
View this message in context: http://samba.2283325.n4.nabble.com/LDAP-Schemas-Users-to-Samba4-migration-tp4646168p4646568.html
Sent from the Samba - General mailing list archive at Nabble.com.
Andrew Bartlett
Apr 11, 2013, 7:40:01 PM4/11/13
to
On Thu, 2013-04-11 at 05:06 -0700, alxgrb wrote:
> I have changed...
> alxgrb@ubsrv:~ sudo /usr/local/samba/bin/ldbadd -H
> /usr/local/samba/private/sam.ldb testuser.ldif
> [sudo] password for alxgrb:
> ERR: No such attribute : "objectclass_attrs: attribute 'sambaSID' on entry
> 'UID=bmontag,CN=Users,DC=demo,DC=lan' was not found in the schema!" on DN
> uid=bmontag,cn=Users,dc=demo,dc=lan at block before line 18
> Add failed after processing 0 records
>
> Must I create a schema?
At this stage, the discussion is getting quite circular, because I think
> I have changed...
> alxgrb@ubsrv:~ sudo /usr/local/samba/bin/ldbadd -H
> /usr/local/samba/private/sam.ldb testuser.ldif
> [sudo] password for alxgrb:
> ERR: No such attribute : "objectclass_attrs: attribute 'sambaSID' on entry
> 'UID=bmontag,CN=Users,DC=demo,DC=lan' was not found in the schema!" on DN
> uid=bmontag,cn=Users,dc=demo,dc=lan at block before line 18
> Add failed after processing 0 records
>
> Must I create a schema?
you need to go back and do some background research in the difference
between AD and traditional openldap based LDAP configurations.
You seem to be trying to have a bit of both, and that is really causing
you trouble.
If you don't have a Samba domain currently, why do you try and specify a
sambaSID?
If you do have a samba domain (why else do you have sambaSID values),
then please use the classicupgrade script.
In any case, you cannot specify specific SID values in active directory
- except during upgrades that we very carefully handle, this is
prohibited because it would interfere with the distributed allocation
scheme.
I do wish you the best with installing Samba 4.0, but please where
possible follow the already established approaches, as it is that way
that others can help you most, because it will be similar to what they
have done.
Find some examples of adding users via LDIF, and then make your LDIF
look as similar to that as possible.
Please specify as little as possible in your ldif. You actually only
need objectclass: person. AD will fill the other bits, and that will
skip the shadowAccount that also makes no sense. You should also be
aware that the username in AD is samAccountName, not uid.
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
alxgrb
Apr 15, 2013, 9:00:01 AM4/15/13
to
Thanks for your help Andrew!
It works perfectly.
see messages:
>>> cat simpleuser2samba.ldif
dn: cn=firstuser,cn=Users,dc=demo,dc=lan
objectclass: user
sAMAccountName: firstuser
>>> /usr/local/samba/bin/ldbadd -H /usr/local/samba/private/sam.ldb
>>> simpleuser2samba.ldif
Added 1 records successfully
>>> /usr/local/samba/bin/samba-tool user list
Administrator
dns-ubsrv
firstuser
demouser
testuser
alxgrb
krbtgt
Guest
alex
Many thanks again,
Alexander
--
View this message in context: http://samba.2283325.n4.nabble.com/LDAP-Schemas-Users-to-Samba4-migration-tp4646168p4646806.html
It works perfectly.
see messages:
>>> cat simpleuser2samba.ldif
dn: cn=firstuser,cn=Users,dc=demo,dc=lan
objectclass: user
sAMAccountName: firstuser
>>> /usr/local/samba/bin/ldbadd -H /usr/local/samba/private/sam.ldb
>>> simpleuser2samba.ldif
Added 1 records successfully
>>> /usr/local/samba/bin/samba-tool user list
Administrator
dns-ubsrv
firstuser
demouser
testuser
alxgrb
krbtgt
Guest
alex
Many thanks again,
Alexander
--
View this message in context: http://samba.2283325.n4.nabble.com/LDAP-Schemas-Users-to-Samba4-migration-tp4646168p4646806.html
Sent from the Samba - General mailing list archive at Nabble.com.
alxgrb
Apr 29, 2013, 11:20:03 PM4/29/13
to
I have a question ...
How can I migrate existing LDAP users ( or schemas) on Ubuntu 10.04.2 to the
new Samba4 (Ubuntu 12.04.2) server?
Does anyone have an idea?
Thanks for support
Alex
--
View this message in context: http://samba.2283325.n4.nabble.com/Samba4-migration-tp4646168.html
How can I migrate existing LDAP users ( or schemas) on Ubuntu 10.04.2 to the
new Samba4 (Ubuntu 12.04.2) server?
Does anyone have an idea?
Thanks for support
Alex
--
View this message in context: http://samba.2283325.n4.nabble.com/Samba4-migration-tp4646168.html
Andreas Calvo Gómez
Apr 30, 2013, 9:10:02 AM4/30/13
to
Follow the classic upgrade howto:
https://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO
--
Atentamente,
Andreas Calvo
https://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO
Atentamente,
Andreas Calvo
0 new messages