Enhancement #1657
Feature #1660: Migrate NethService to NethServer
Migrate samba SAM DB in LDAP
| Status: | CLOSED | Start date: | 02/15/2013 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | 02/25/2013 | |
| Assignee: | - | % Done: | 100% | |
| Category: | nethserver-samba | |||
| Target version: | v6.4-alpha2 | |||
| Resolution: | NEEDINFO: |
Description
- NT password hashes into
sambaNTPasswordLDAP field - @sambaSID@s
- machine accounts
- Domain SID
- idmaps
Related issues
Associated revisions
nethserver-samba-migrate action: import Workgroup and ServerRole props and signal nethserver-samba-save event. Refs #1657
nethserver-samba-migrate action: plugged into migration-import event. Refs #1657
smb.conf: use ou=People LDAP branch to store machine accounts. This makes machine accounts visible to libuser. Refs #1657
smb.conf: log level set to default value 0, to silence pdbedit debug messages. Refs #1657
user-create-unix action: small var assignment-and-check refactor. Refs #1657
user-create-unix action: removed some default props setting: (PasswordSet, AllowRSSH VPNClientAccess). Refs #1657
user-create-unix action: a wrong shell executable does not make the action fail. Only warning message is produced. Refs #1657
group-create-unix action: default user uid is set the same as gid. Refs #1657
nethserver-samba-sam-conf: perl syntax fix. Refs #1657
nethserver-samba-machine-create action: create machine account preserving Uid prop and setting primary group to domcomputers. Refs #1657
nethserver-samba-migrate action: migrate users, groups and machines. Refs #1657
nethserver-samba-migrate action: set a netbios alias with old PDC name in smb.conf. Refs #1657
/etc/hosts template: expand smb{NetbiosAliasList} prop during nethserver-samba-migrate action. Refs #1657
/etc/hosts: fixed 01netbios_aliases perl syntax. Refs #1657
configuration DB migrate (30nethserver-samba-workgroup): set workgroup uppercase. Refs #1657
nethserver-samba-migrate action: use concrete DB implementations, otherwise some methods (get_value) are not implemented. Refs #1657
nethserver-samba-migrate action: clean up previous LDAP sambaDomain objects. Refs #1657
nethserver-samba-migrate: warn if a null LDIF entry is returned. Dont know exactly why this should happen... Refs #1657
nethserver-samba-migrate action: Insert user name ids in upper/lower/mixed case as ldb3search (and what else?) normalizes them. Refs #1637
nethserver-samba-migrate action: stop services before start migrating. SID fails to be initialized properly from secrets.tdb if services are running. Refs #1657
nethserver-samba-user-modify: fixed Disabled flag logic. Refs #1657
NethServer::Migrate (parseGroup): read the unix group database from the given file. Refs #1657
/etc/hosts template: add lowercase hostname to localhost alias list. Refs #1657
nethserver-samba-migrate-sam action: added getStaticGroupDb($) function to calculate group RIDs by the algorithmic method. Refs #1657
nethserver-samba-migrate-sam action: set Samba=enabled on user records. Refs #1657
History
#1
Updated by Davide Principi over 8 years ago
- Subject changed from Migrate samba passwords in LDAP to Migrate samba SAM DB in LDAP
- Description updated (diff)
- Estimated time changed from 4.00 to 24.00
#2
Updated by Davide Principi over 8 years ago
- Description updated (diff)
#3
Updated by Davide Principi over 8 years ago
- Status changed from ON_DEV to ON_QA
- % Done changed from 10 to 70
After SAM DB migration clients seems to require the old PDC server name pointing to the new PDC IP address.
As workaround I set an host alias with the old PDC name.
#4
Updated by Davide Principi over 8 years ago
- Tracker changed from Feature to Enhancement
- Parent task set to #1660
#5
Updated by Davide Principi over 8 years ago
- Due date changed from 02/15/2013 to 02/25/2013
#6
Updated by Davide Principi over 8 years ago
To resume SAM from a complete backup the following informations are needed:
- Domain name (smb.conf)
- Domain SID (secrets.tdb)
- User and machine account RIDs (smbpasswd database)
- Group RIDs (group_mapping.ldb)
- Unix/Samba group mappings (winbindd_idmap.tdb,group_mapping.ldb)
- testparm (smb.conf)
- tdbtool (secrets.tdb)
- pdbedit (smbpasswd)
- ldb3search (group_mapping.ldb)
- net idmap dump (winbindd_idmap.tdb,group_mapping.ldb)
#7
Updated by Davide Principi over 8 years ago
- Status changed from ON_QA to CLOSED
- % Done changed from 70 to 100
#8
Updated by Davide Principi over 8 years ago
Stopped smb, nmb, winbind before starting migration action.
If the services are started just before the net getdomainsid command it seems that the domain record in secrets.tdb is not considered for LDAP sambaDomain entry initialization. The machine SID prefix is used instead.
This does not occur if the services are stopped. Don't know exactly what is the reason behind this.
#9
Updated by Davide Principi over 8 years ago
- Status changed from CLOSED to ON_DEV
- % Done changed from 100 to 90
var/lib/samba/group_mapping.ldb is not available in NethService backup. The gid-rid association is stored there, but we also know that gids are calculated by a simple formula
rid = algorithmicRidBase + 1 + (gid*2)
It should not be an issue to assume all rids had been calculated by that formula: only ldap smbpasswd backends generate rids sequentially, smbpasswd and tdb backends use the formula.
See Samba Identity Mapping.
#10
Updated by Davide Principi over 8 years ago
- Status changed from ON_DEV to MODIFIED
- % Done changed from 90 to 100
#11
Updated by Davide Principi over 8 years ago
- Status changed from MODIFIED to ON_DEV
- % Done changed from 100 to 80
TODO: set Samba=enabled in user records
#12
Updated by Davide Principi over 8 years ago
- Status changed from ON_DEV to MODIFIED
- % Done changed from 80 to 100
#13
Updated by Davide Principi over 8 years ago
- Status changed from MODIFIED to CLOSED
#14
Updated by Davide Principi over 8 years ago
State set to closed on NethServer 6.4 alpha2 release