[Samba] net rpc vampire not working

Hi,

Can someone help me get "net rpc vampire" in one of its forms working.

The objective is to migrate from an NT4 PDC to a SAMBA 3.0 PDC using
LDAP as a back end. I am trying to migrate the user and machine accounts
across in a lab environment, separate from the main network (I have
replicated the PDC to do this).

I have samba-3.0.20b built from the samba team source RPM on Fedora
Core 3, and I'm trying to follow the steps here:

http://us3.samba.org/samba/docs/man/...Migration.html

also here:

http://samba.idealx.org/smbldap-howto.en.html (section 11.1)

I have seen the problems listed here:

http://lists.samba.org/archive/samba...ne/088448.html
http://lists.samba.org/archive/samba...ly/089147.html

and I'm getting the same thing happening to me. I have also tried
using "net rpc vampire ldif" with similar results:

I started by creating a samba server and setting it up as a BDC:

[global]
workgroup = MYDOMAIN
netbios name = MYSAMBASERVER
server string = Samba Server
security = domain
encrypt passwords = Yes
password server = MYPDC
log file = /var/log/samba/%m.log
max log size = 0
name resolve order = host wins bcast
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = No
domain master = False
dns proxy = No
wins server = 192.168.1.1
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind separator = +
create mask = 0777
directory mask = 0777
hosts allow = 192.168. 127.
printing = lprng
oplocks = No
follow symlinks = No
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/false
winbind use default domain = no

Then I added the following parts to smb.conf to give it the LDAP
information:

ldap suffix = dc=debortoli,dc=local
ldap user suffix = ou=People
ldap machine suffix = ou=Computers
ldap group suffix = ou=Groups

Join the domain:

net rpc join -U Administrator%PASSWORD
service smb start

I can verify the domain is joined by using:

net rpc testjoin

Also, I can see all of the accounts using winbind:

service winbind start
getent passwd

However from this point on nothing in "net rpc vampire" works.

net rpc vampire ldif ./vampire.ldif

fails with:

Could not retrieve domain trust secret

net rpc vampire ldif ./vampire.ldif -S MYPDC -U Administrator%PASSWORD

fails with:

Cannot import users from DBW at this time, as the current domain:
FC3-DBW-3: S-1-5-21-92691229-39247329-4222772032
conflicts with the remote domain
DBW: S-1-5-21-423981254-716712060-315576832

This is a suggested fix:

* http://lists.samba.org/archive/samba...ly/089148.html

but it fails like this:

# net setlocalsid S-1-5-21-423981254-716712060-315576832
# net rpc vampire ldif
Cannot import users from FC3-DBW-3 at this time, as the current domain:
FC3-DBW-3: S-1-5-21-423981254-716712060-315576832
conflicts with the remote domain
FC3-DBW-3: S-1-5-21-92691229-39247329-4222772032

Alternatively, running this:

net rpc vampire ldif ./vampire.ldif -S MYPDC -U Administrator%PASSWORD

.... results in an empty ./vampire.ldif file, and two files /tmp/add.ldif
and /tmp/mod.ldif. /tmp/mod.ldif is empty and /tmp/add.ldif contains
the base LDAP structure but no users other than "root" and "nobody".

I have tried the http://samba.idealx.org/smbldap-howto.en.html method
(making samba a PDC, stopping the other PDC, restarting samba, etc)
but that fails as well with just about the same error messages as above.

Is there any way of getting this net rpc vampire tool to work? Has anyone
had any success with it? What entries do I need in smb.conf etc to get
things working?

--
Del
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba