{"id":128,"date":"2011-11-09T17:36:40","date_gmt":"2011-11-09T17:36:40","guid":{"rendered":"http:\/\/www2.ber10thal.com:8000\/blog\/?p=128"},"modified":"2013-06-12T04:04:57","modified_gmt":"2013-06-12T04:04:57","slug":"samba-domain-migration-to-a-new-machine","status":"publish","type":"post","link":"https:\/\/ber10thal.com\/blog\/samba-domain-migration-to-a-new-machine\/","title":{"rendered":"Samba domain migration (to a new machine)"},"content":{"rendered":"

\"samba\"<\/a><\/p>\n

This project involved migrating a samba domain from an old server to a new server (different machine, different hardware), versions below<\/p>\n

RedHat ES 3 –old server
\nUbuntu 11.04 –new server<\/p>\n

Samba 3.0.9 –old version
\nSamba 3.5.8 –new version<\/p>\n

Mostly I used these instructions:<\/strong>
\nhttp:\/\/www.samba.org\/samba\/docs\/man\/Samba-Guide\/upgrades.html#id2600749
\nSee the –“Replacing a Domain Controller”–<\/em><\/p>\n

Get the SID: <\/strong> (security identifier for the domain)<\/p>\n

Get the SID from the old machine:
\nnet getlocalsid > \/etc\/samba\/my-local-SID<\/p>\n

The contents of the file will look like this
\nS-1-5-21-726309263-4128913605-1168186429<\/p>\n

Restore the SID to the new machine:
\nnet setlocalsid S-1-5-21-726309263-4128913605-1168186429<\/p>\n

Files copied over from the old machine:<\/strong>
\n\/etc\/passwd
\n\/etc\/shadow
\nin the password and shadow make sure to get the user accounts and machine accounts, the machine accounts end with a $ e.g. “computername$”
\n\/etc\/group –I don’t think this this was necessary, but there may be groups you want to move<\/p>\n

It isn’t necessary to use the entire files;
\nI copied the lines for users and machine accounts from old shadow and passwd and put them into the existing file on the new server. You may have to go to each workstation on the domain to get the machine names.<\/p>\n

Make sure the hostname of the new machine matches the old one and there is a mapping in \/etc\/hosts for it if you start getting weird errors after you change the hostname.<\/p>\n

IP address doesn’t matter, it can be different.<\/p>\n

Samba files that need to be copied over;<\/strong>
\nsmb.conf –main samba config file
\nsecrets.tdb –stores machine account passwords
\nsmbpasswd –stores user account and passwords, needs to be converted to tdbsam format “passdb.tdb”<\/p>\n

I used pdbedit to convert the smbpasswd to passdb.tdb adjust your directories as needed;<\/p>\n

pdbedit -i smbpasswd:\/var\/lib\/samba\/smbpasswd -e tdbsam:\/var\/lib\/samba\/passdb.tdb<\/p>\n

To view what users and machine accounts made it to the new passdb.tdb file you can run the command. (The file is database file and cannot be viewed directly)
\npdbedit -L<\/p>\n

Errors you may get:<\/strong><\/p>\n

If you get these errors below:<\/p>\n

idmap will be unable to map foreign SIDs: NT_STATUS_UNSUCCESSFUL <\/p>\n

or<\/p>\n

winbindd\/idmap_tdb.c:341(idmap_tdb_alloc_init)
\n idmap will be unable to map foreign SIDs: NT_STATUS_UNSUCCESSFUL
\n winbindd\/idmap.c:599(idmap_alloc_init)
\n ERROR: Initialization failed for alloc backend, deferred!
\nwinbindd\/idmap.c:201(smb_register_idmap_alloc)
\n idmap_alloc module tdb already registered!
\nwinbindd\/idmap.c:149(smb_register_idmap)
\n Idmap module passdb already registered!
\n winbindd\/idmap.c:149(smb_register_idmap)
\n Idmap module nss already registered!
\nwinbindd\/idmap_tdb.c:214(idmap_tdb_load_ranges)
\n idmap uid missing<\/p>\n

add;<\/p>\n

idmap uid = 10000-15000
\n idmap gid = 10000-15000<\/p>\n

to your smb.conf file and restart samba<\/p>\n

I believe this sets the user and group Id mapping for machine ID’s<\/p>\n

A problem I ran into:<\/strong>
\nThe problem I ran into was finding the correct samba files to move over, for some reason there was a couple locations where the secrets.tdb and other files were, and I moved over the wrong files.<\/p>\n","protected":false},"excerpt":{"rendered":"

This project involved migrating a samba domain from an old server to a new server (different machine, different hardware), versions below RedHat ES 3 –old server Ubuntu 11.04 –new server Samba 3.0.9 –old version Samba 3.5.8 –new version Mostly I used these instructions: http:\/\/www.samba.org\/samba\/docs\/man\/Samba-Guide\/upgrades.html#id2600749 See the –“Replacing a Domain Controller”– Get the SID: (security identifier … Continue reading Samba domain migration (to a new machine)<\/span> →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-128","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/ber10thal.com\/blog\/wp-json\/wp\/v2\/posts\/128","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ber10thal.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ber10thal.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ber10thal.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ber10thal.com\/blog\/wp-json\/wp\/v2\/comments?post=128"}],"version-history":[{"count":2,"href":"https:\/\/ber10thal.com\/blog\/wp-json\/wp\/v2\/posts\/128\/revisions"}],"predecessor-version":[{"id":263,"href":"https:\/\/ber10thal.com\/blog\/wp-json\/wp\/v2\/posts\/128\/revisions\/263"}],"wp:attachment":[{"href":"https:\/\/ber10thal.com\/blog\/wp-json\/wp\/v2\/media?parent=128"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ber10thal.com\/blog\/wp-json\/wp\/v2\/categories?post=128"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ber10thal.com\/blog\/wp-json\/wp\/v2\/tags?post=128"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}