NT 4.0 auf UCS 2.3-1 migrieren

german

#1

Hallo Zusammen,

ich hab in Zukunft die Ehre einen NT 4.0 auf UCS zu migrieren.

Gibt es dafü eine Doku?

“NT 4.0 Migration leicht gemacht” oder so …

gefunden :slight_smile:

2.2: http://www.univention.de/fileadmin/download/dokumentation_2.2/ucs22_windows_migration.pdf
2.3: http://www.univention.de/fileadmin/download/dokumentation_2.3/ucs-windows-migration.pdf

LG
Franz


#2

Hallo Zusammen ich bekommme folgende Fehlermeldung wenn ich NT 4.0 anzapfen will.

[code]root@horn4null:~# univention-pdc-takeover -w 192.168.0.116
univention-pdc-takeover: Import Accounts and Groups from Windows NT
copyright © 2001-2009 Univention GmbH, Germany

Domainname: martina.local
PDC Hostname: nt4null
Administrator Account: Administrator
Password:
stopping Samba PDC… OK.
deleting local cache… OK.
looking up previous Windows PDC for “martina.local”… OK.
restart nscd… OK.
Join into Domain…OK
Vampire NT Domain…

ERROR during takeover:
Failed to vampire NT domain[/code]

in der Logdatei steht folgendes:

[code]less +F /var/log/univention/pdc-takeover.log
stopping Samba PDC…

  • Stopping Samba daemons: nmbd
  • Stopping Samba daemons: smbd
    …done.
    OK.
    deleting local cache…
    OK.
    looking up previous Windows PDC for “martina.local”…
    192.168.0.116
    OK.
    restart nscd…
  • Restarting NSCD
    .
    OK.
    Setting windows/domain
    Multifile: /etc/samba/smb.conf
    Join into Domain…
    Joined domain MARTINA.LOCAL.
    OK
    Vampire NT Domain…
    [2010/03/19 14:14:32, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel(3377)
    cli_rpc_pipe_open_schannel: failed to get schannel session key from server nt4null for domain MARTINA.LOCAL.
    [2010/03/19 14:14:32, 0] utils/net_rpc.c:run_rpc_command(165)
    Could not initialise schannel netlogon pipe. Error was NT_STATUS_INVALID_NETWORK_RESPONSE
    ERROR during takeover:
    Failed to vampire NT domain
    [/code]

LG
Franz

Schönes Wochenende an alle :slight_smile:


#3

Hallo,

wie ist das Netzwerk der beiden Systeme konfiguriert? Die Ausgaben der folgenden Befehle wären hilfreich:

ucr search interface
ucr search samba

Die Ausgaben können am besten als Anhang bereitgestellt werden.

Mit freundlichen Grüssen
Tobias Scherer


#4

[code]ucr search interface
interfaces/eth0/address: 192.168.0.117
IP address of the network interface
Categories: system-network

interfaces/eth0/broadcast: 192.168.0.255
Broadcase address of the network interface
Categories: system-network

interfaces/eth0/netmask: 255.255.255.0
Netmask of the network interface
Categories: system-network

interfaces/eth0/network: 192.168.0.0
Network of the network interface
Categories: system-network

interfaces/handler: ifplugd

samba/interfaces/bindonly:
Limits Samba to listen only on the interfaces listed in samba/interfaces.
Categories: service-samba

root@horn4null:~# ucr search samba
samba/adminusers: administrator
List of users with administrative rights in samba
Categories: service-samba

samba/autostart: yes
Enable/Disable Samba start on bootup
Categories: service-samba

samba/charset/display:
Charset used to print messages to stdout and stderr (should be the same as the samba/charset/unix)
Categories: service-samba

samba/charset/dos:
Charset used to communicate with DOS SMB clients
Categories: service-samba

samba/charset/unix:
Charset of the machine samba runs on
Categories: service-samba

samba/client_use_spnego: yes
Controls whether Samba clients will try to use Simple and Protected NEGOciation
Categories: service-samba

samba/deadtime: 15
Time span of inactivity in minutes before a connection is considered dead and eventually disconnected
Categories: service-samba

samba/debug/level: 0
Debug level for samba processes
Categories: service-samba

samba/domain/logons: auto
Enables/Disables support for windows 9X network logons and NT4 style domain services (valid values: no/auto/yes)
Categories: service-samba

samba/domainmaster:
Try to acts as domain master browser
Categories: service-samba

samba/enable-msdfs:
Act as a DFS server and allow DFS-aware clients to browse DFS trees
Categories: service-samba

samba/enable-privileges:
Honor privileges assigned to specific SIDs
Categories: service-samba

samba/encrypt_passwords: yes
Negotiate encrypted passwords with the client
Categories: service-samba

samba/generate_smbpasswd: false
Enable/Disable usage of the local TDBSAM database on Samba installation
Categories: service-samba

samba/getwd_cache: yes
Enables a caching algorithm to reduce the time taken for getwd() calls
Categories: service-samba

samba/guest_account: nobody
Username for unauthenticated services (guest ok)
Categories: service-samba

samba/homedirletter: I
Drive for the home directory
Categories: service-samba

samba/homedirpath: %U
Path to the home directory for Win95/98 or NT workstations
Categories: service-samba

samba/homedirserver: horn4null
Fully qualified domain name of the server providing the home directories
Categories: service-samba

samba/idmap/domains:
Domain names of Windows domains for which SID to posix ID mappings should be resolved via idmap_ldap by an authenticated LDAP search in the UCS directory service
Categories: service-samba

samba/interfaces/bindonly:
Limits Samba to listen only on the interfaces listed in samba/interfaces.
Categories: service-samba

samba/invalid_users: daemon bin sys sync games man lp mail news uucp proxy majordom postgres www-data backup msql operator list irc gnats alias qmaild qmails qmailr qmailq qmaill qmailp telnetd identd ftp rwhod gdm fetchmail faxmaster
List of users that are not allowed to login to this samba service
Categories: service-samba

samba/kernel_oplocks: yes
Turns the use of kernel based oplocks on/off
Categories: service-samba

samba/large_readwrite: yes
Enable/disable the 64k streaming read and write varient SMB requests
Categories: service-samba

samba/ldap/replication/sleep:
Milliseconds to wait for the LDAP replication to finish
Categories: service-samba

samba/logonscript:
Path to netlogon script (relative to the [netlogon] service)
Categories: service-samba

samba/map_to_guest: Bad User
What to do with user login requests that don’t match a valid UNIX user
Categories: service-samba

samba/max_xmit: 65535
Maximum packet size that will be negotiated
Categories: service-samba

samba/netbios/aliases:
Additional NetBIOS names under which the Samba server is known
Categories: service-samba

samba/netbios/filter:
Regular expression matching the hosts to appear in the browse list
Categories: service-samba

samba/netlogon/sync: sync
Adjust synchronisation of samba netlogon scripts
Categories: service-samba

samba/oplocks: yes
Issue oplocks to file open requests
Categories: service-samba

samba/os/level: 65
The level Samba advertises itself as for browse elections
Categories: service-samba

samba/preserve_case: yes
Controls if new filenames are created with the case that the client passes, or if they are forced to be the default case
Categories: service-samba

samba/profilepath: %U\windows-profiles%a
Specifies the directory where roaming profiles are stored
Categories: service-samba

samba/profileserver: horn4null
Specifies the samba server where roaming profiles are stored
Categories: service-samba

samba/read_raw: yes
Support 64 kByte packets when transferring data to clients
Categories: service-samba

samba/script/addgroup: true

samba/script/addmachine: true

samba/script/adduser: true

samba/script/addusertogroup: true

samba/script/deletegroup: true

samba/script/deleteuser: true

samba/script/deleteuserfromgroup: true

samba/script/postusermodify: false

samba/script/setprimarygroup: true

samba/serverstring:
String that will show up in printer comment box and ‘net view’
Categories: service-samba

samba/share/groups: no
Enable/Disable the group share
Categories: service-samba

samba/share/home: yes
Enable/Disable the home directory share
Categories: service-samba

samba/short_preserve_case: yes
Controls if new files which conform to 8.3 (DOS) syntax are created upper case, or if they are forced to be the default case
Categories: service-samba

samba/socket_options:
Extra socket options to be used when talking with the client
Categories: service-samba

samba/store_dos_attributes: yes
Attempt to read DOS attributes from a filesystem extended attribute, before mapping DOS attributes to UNIX permission bits
Categories: service-samba

samba/time_server: yes
Advertises samba as a time server to Windows clients
Categories: service-samba

samba/use_spnego: yes
Try to use Simple and Protected NEGOciation with Windows 2000 and XP clients
Categories: service-samba

samba/user: cn=admin,dc=martina,dc=at
Alternative LDAP admin DN
Categories: service-samba

samba/winbind/nested/groups: no
Enables/Disables support for nested groups
Categories: service-samba

samba/winbind/trusted/domains/only: yes
Allow Samba member-servers of a samba domain to use UNIX accounts distributet via LDAP/NIS/rsync as the uid’s for winbindd users
Categories: service-samba

samba/write_raw: yes
Enable the Server to write raw SMBs when transfering data from clients
Categories: service-samba
[/code]

LG
Franz

(geht bei euch dir Signatur? bei mir nicht :frowning: )


#5

Hallo,

kann der Name des NT Servers vom UCS System aus problemlos aufgelöst werden?

Mit freundlichen Grüssen
Tobias Scherer


#6

leider geht der nslookup horn4null
;; Got SERVFAIL reply from 192.168.0.117, trying next server
;; Got SERVFAIL reply from 192.168.0.117, trying next server
Server: 192.168.0.1
Address: 192.168.0.1#53

** server can’t find horn4null: NXDOMAIN

und auf nt4null nicht

reverse Lookup geht also IP auf name.

LG
Franz


#7

Ich werde für meinen Test den Server neu aufsetzten mit der gleichen domäne damit ich ein jungfreuliches System habe.

LG
Franz


#8

Sehr gut jetzt habe ich einen funktionierenden UCS / DNS

nslookup nt4null
;; Got SERVFAIL reply from 192.168.0.117, trying next server
Server:         192.168.0.1
Address:        192.168.0.1#53

** server can't find nt4null: NXDOMAIN

root@horn4null:~# /etc/init.d/univention-bind
univention-bind        univention-bind-proxy
root@horn4null:~# /etc/init.d/univention-bind restart
 * Restarting univention-bind daemon:
ok: run: univention-bind: (pid 9405) 0s, normally down
   ...done.
root@horn4null:~# nslookup nt4null
Server:         192.168.0.117
Address:        192.168.0.117#53

Name:   nt4null.martina.local
Address: 192.168.0.116[/code]

teste jetzt ob es funktioniert.

weiterer Test:
[b]univention-pdc-takeover -w 192.168.0.116 -D martina.local -S nt4null -U Administrator[/b][code]
univention-pdc-takeover: Import Accounts and Groups from Windows NT
copyright (c) 2001-2009 Univention GmbH, Germany

 Password:
stopping Samba PDC... OK.
deleting local cache... OK.
looking up previous Windows PDC for "martina.local"... OK.
restart nscd... OK.
Join into Domain...OK
Vampire NT Domain...


ERROR during takeover:
  Failed to vampire NT domain[/code]

[b]less +F /var/log/univention/pdc-takeover.log[/b]

[code]stopping Samba PDC...
 * Stopping Samba daemons: nmbd
 * Stopping Samba daemons: smbd
   ...done.
OK.
deleting local cache...
OK.
looking up previous Windows PDC for "martina.local"...
ERROR during takeover:
  failed to lookup Windows PDC, check if Domain is reachable
stopping Samba PDC...
 * Stopping Samba daemons: nmbd
 * Stopping Samba daemons: smbd
   ...done.
OK.
deleting local cache...
OK.
looking up previous Windows PDC for "martina.local"...
192.168.0.116
OK.
restart nscd...
 * Restarting NSCD
.
OK.
Setting windows/domain
Multifile: /etc/samba/smb.conf
Join into Domain...
Joined domain MARTINA.LOCAL.
OK
Vampire NT Domain...
[2010/04/12 13:45:17,  0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_schannel(3377)
  cli_rpc_pipe_open_schannel: failed to get schannel session key from server nt4null for domain MARTINA.LOCAL.
[2010/04/12 13:45:17,  0] utils/net_rpc.c:run_rpc_command(165)
  Could not initialise schannel netlogon pipe. Error was NT_STATUS_INVALID_NETWORK_RESPONSE
ERROR during takeover:
  Failed to vampire NT domain

LG
Franz


#9

Hallo,

bin am verzweifeln mit euren UCServern,

hab jetzt einen UCS neu aufgesetzt 2.2.0

versucht die NT 4.0 Domäne zu übernehmen.

Leider liegt es auch nicht an der neueren UCS Version 2.3

DNS stimmt:

[code]root@horn4null:~# nslookup nt4null
Server: 192.168.0.118
Address: 192.168.0.118#53

Name: nt4null.martina.local
Address: 192.168.0.116[/code]

ping geht:

ping nt4null PING nt4null.martina.local (192.168.0.116) 56(84) bytes of data. 64 bytes from nt4null.martina.local (192.168.0.116): icmp_seq=1 ttl=128 time=4.79 ms 64 bytes from nt4null.martina.local (192.168.0.116): icmp_seq=2 ttl=128 time=1.07 ms 64 bytes from nt4null.martina.local (192.168.0.116): icmp_seq=3 ttl=128 time=0.466 ms 64 bytes from nt4null.martina.local (192.168.0.116): icmp_seq=4 ttl=128 time=0.461 ms 64 bytes from nt4null.martina.local (192.168.0.116): icmp_seq=5 ttl=128 time=1.03 ms

egal mit welchen Namen ob kurz oder lang es funktioniert nicht.

[code]univention-pdc-takeover
univention-pdc-takeover: Import Accounts and Groups from Windows NT
copyright © 2001-2009 Univention GmbH, Germany

Domainname: martina.local
PDC Hostname: nt4null
Administrator Account: Administrator
Password:
stopping Samba PDC… OK.
deleting local cache… OK.
looking up previous Windows PDC for “martina.local”…

ERROR during takeover:
failed to lookup Windows PDC, check if Domain is reachable

root@horn4null:~# univention-pdc-takeover
univention-pdc-takeover: Import Accounts and Groups from Windows NT
copyright © 2001-2009 Univention GmbH, Germany

Domainname: martina
PDC Hostname: nt4null
Administrator Account: Administrator
Password:
stopping Samba PDC… OK.
deleting local cache… OK.
looking up previous Windows PDC for “martina”…

ERROR during takeover:
failed to lookup Windows PDC, check if Domain is reachable

[/code]

in der Logdatei less +F /var/log/univention/pdc-takeover.log steht:

stopping Samba PDC... Stopping Samba daemons: nmbd smbd. OK. deleting local cache... OK. looking up previous Windows PDC for "martina.local"... ERROR during takeover: failed to lookup Windows PDC, check if Domain is reachable stopping Samba PDC... Stopping Samba daemons: nmbd smbd. OK. deleting local cache... OK. looking up previous Windows PDC for "martina"... ERROR during takeover: failed to lookup Windows PDC, check if Domain is reachable stopping Samba PDC... Stopping Samba daemons: nmbd smbd. OK. deleting local cache... OK. looking up previous Windows PDC for "martina.local"... ERROR during takeover: failed to lookup Windows PDC, check if Domain is reachable stopping Samba PDC... Stopping Samba daemons: nmbd smbd. OK. deleting local cache... OK. looking up previous Windows PDC for "martina"... ERROR during takeover: failed to lookup Windows PDC, check if Domain is reachable

Bei den Scripten gibt es keinen Versionsunterschied wie ich feststellen konnte:

[code]univention-pdc-takeover.old --version

univention-pdc-takeover: Import Accounts and Groups from Windows NT
copyright © 2001-2009 Univention GmbH, Germany

univention-pdc-takeover 3.0.11-2.173.200903101333
root@horn4null:~# univention-pdc-takeover --version
univention-pdc-takeover: Import Accounts and Groups from Windows NT
copyright © 2001-2009 Univention GmbH, Germany

univention-pdc-takeover 3.0.11-2.173.200903101333[/code]

LG
Franz :frowning:


#10

Hallo,

Handelt es sich bei “nt4null” um den PDC oder einen BDC oder Memberserver der alten Domäne?

Mit freundlichen Grüssen
Tobias Scherer


#11

um einen neu aufgesetzten NT 4.0 PDC Build 1381 SP 1 steht beim Bootvorgang.

ein paar user und ein paar Gruppen angelegt.

ist das ok wenn ich die gleiche Dom bei UCS so wie bei NT 4.0 hab?

UCS ist PDC mit der gleichen Domäne.

hab einen kurzen Test gemacht mit der Version:

[code]univention-pdc-takeover --version
univention-pdc-takeover: Import Accounts and Groups from Windows NT
copyright © 2001-2009 Univention GmbH, Germany

univention-pdc-takeover 3.0.14-1.186.200907071420
root@horn4null:~# univention-pdc-takeover.old --version

univention-pdc-takeover: Import Accounts and Groups from Windows NT
copyright © 2001-2009 Univention GmbH, Germany

univention-pdc-takeover 3.0.14-1.186.200907071420[/code]

leider auch mit dem gleichem ergebniss:

[code]univention-pdc-takeover
univention-pdc-takeover: Import Accounts and Groups from Windows NT
copyright © 2001-2009 Univention GmbH, Germany

Domainname: martina.local
PDC Hostname: nt4null
Administrator Account: Administrator
Password:
stopping Samba PDC… OK.
deleting local cache… OK.
looking up previous Windows PDC for “martina.local”… OK.
restart nscd… OK.
Join into Domain…OK
Vampire NT Domain…

ERROR during takeover:
Failed to vampire NT domain

[/code]

LG
Franz



#12

Hallo,

wenn ich mir die Auszüge der Logdateien anschaue scheint es als wären eine ganze Reihe unterschiedliche Probleme aufgetreten. Um sicher zu stellen dass wir jetzt mit den gleichen Informationen Arbeiten, beantworten Sie bitte die folgenden Punkte:

  • Der NT4 PDC ist “nt4null”?
  • Der DC-Master ist “horn4null”?
  • Die Windows-Domäne beider Systeme ist “MARTINA.LOCAL”?
  • UCS-Version ist 2.3-1?
  • Befinden Sich beide Systeme im gleichen Subnetz?

Bitte hängen Sie zusätzlich die Logdatei des letzten Takeover Prozesses an.

Mit freundlichen Grüßen
Janis Meybohm


#13

Hallo,

soweit bekannt haben wir das Verfahren intern mit NT4.0 SP6 getestet. Besteht die Möglichkeit dass Sie das NT-System auf SP6 aktualisieren und den PDC-Takeover noch einmal durchführen?

Mit freundlichen Grüßen
Janis Meybohm


#14

Na das ist mal ein Ansatz der mich weiterbringt Danke ich werde das testen.

LG
Franz


#15

Windows NT SP6

Beim univention-pdc-takeover tritt ein Fehler auf, kann die Domäne nicht beitreten:

Join into Domain…
[2010/06/22 19:01:53, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(402)
Error in domain join verification (credential setup failed): NT_STATUS_INVALID_COMPUTER_NAME

Unable to join domain KSOFTCOM.
ERROR during takeover:
Failed to join domain

Mit einem Windows XP Client funktionert der Beitritt Problemlos.

Woran kanns liegen??

Danke!


#16

Danke, hat sich erledigt…

Hab Bei Hostname die IP angegeben anstatt des Hostnamens :-)…

lg