Upgrade & Samba problem

[NoDoze]

what I don't understand is how zimbra staff can't just say this is the problem, this is how you fix it. Instead they refer you to these tutorials that are inaccurate. I've followed them to the dot and it still isn't working. I get the feeling zimbra staff themselves don't know the problem. NONE of the user accounts AND admin are able to login. Why did zimbra staff decide to change the location and how schemas were handled? It's been working just fine for all of 5.x, right? I'm willing to troubleshoot it with a staff member for the better good for everyone who needs help with this issue, but I have no idea where to start...cause according to their tutorials it should work now....?

[quanah]

Quote:

Originally Posted by NoDoze

I've followed both:
Installing custom ldap schema 6.0 - Zimbra :: Wiki
and
Optimizing 50 to 60 LDAP upgrade - Zimbra :: Wiki

Still no user accounts....

I have no idea what the end result is supposed to look like and how is it any different from the previous version....?

The first wiki is part of the process of the second wiki. Note that things have to be done before running the 6.0 zmsetup.pl or else importing the users into OpenLDAP 2.4 will fail, which could well explain why you don't see any users. If you make any errors with the schema conversion process, the import will also fail. Without seeing your system, I can't really say further as to why your users aren't showing up. And remember that if you are using the domain disclaimer extension, there is currently no upgrade path other than stripping those pieces out prior to upgrade.

[catnipper]

Following this article makes me shivering: I actually run on ZCS 5 NE and have Samba and POSIX installed!

Unfortunately the uninstall process of the admin zimlets "POSIX" and "Samba" does not seem to work for me.

I tried doing by:

1. Stop the Samba server
2. zmzimletctl undeploy...
3. Remove NIS and Samba3 schema from slapd.conf.in
4. Restarted Zimbra

The Admin area seems to work normally until I try to create or modify users not yet having been upgraded with the objectClasses:

Code:

zmprov ma myname@domain.com -objectClass sambaSamAccount -attribute sambaDomainName

Error message in the Admin UI:

Code:

Message: invalid request: LDAP schema violation: [LDAP: error code 65 - attribute 'loginShell' not allowed] Error code: service.INVALID_REQUEST Method: ModifyAccountRequest Details:soap:Sender

My problem is:
- If I have Samba and POSIX installed I can create new users but am not able to change any existing ones. Also all users created will have the objectClasses included and need to be downgraded manually later on.
- Uninstalling Samba & POSIX will remove the ability to create any new users as the AdminUI still looks for the values gidNumber, homeDirectory, etc. but no interface is available.

Along the support I tried the steps above - but still there seems to be leftovers either in the AdminUI or some user templating stuff (code that will not be removed using the undeploy procedure)...

Any of you has experience doing a proper undeploy???

[ArcaneMagus]

As stated in UNIX and Windows Accounts in Zimbra LDAP and Zimbra Admin UI - Zimbra :: Wiki if you have existing users that were created before the Samba/POSIX account information was added to the LDAP schema then you need to run the following commands, modified appropriatly of course, on each of the users so that they get the new attributes that the admin console is now expecting:

Code:

zmprov ma admin@gregzimbra2.zimbra.com +objectClass posixAccount uidNumber 10003 gidNumber 10001 homeDirectory /home/admin loginShell /bin/bash
zmprov ma admin@gregzimbra2.zimbra.com +objectClass sambaSamAccount sambaDomainName GREGZIMBRA1 sambaSID S-1-5-21-3745602466-621825477-2613676135-21006 sambaAcctFlags [UX]

This will make your existing user accounts editable when you have the Samba/POSIX schema installed and listed as a required attribute for an account.

If you still want to undeploy you will need to remove all attributes associated with the Samba/POSIX schema files, remove the objectClasses, and then remove the schema. I could be wrong about needing to remove the attributes added from Samba/POSIX, but that error you were getting leads me to think it is not liking the attributes that are not allowed for the users when they don't have the needed objectClass for those attributes.

[NoDoze]

So if I'm reading this right, I have to uninstall the admin extensions first...?

Then remove the NIS and Samba3 schema from slapd.conf.in before the upgrade...?

Then after the upgrade...

Via the admin ui re-install the admin extentions, and run this command:

Quote:

zmprov ma admin@gregzimbra2.zimbra.com +objectClass posixAccount uidNumber 10003 gidNumber 10001 homeDirectory /home/admin loginShell /bin/bash
zmprov ma admin@gregzimbra2.zimbra.com +objectClass sambaSamAccount sambaDomainName GREGZIMBRA1 sambaSID S-1-5-21-3745602466-621825477-2613676135-21006 sambaAcctFlags [UX]

...to enable access to the old accounts via the admin ui...?

Is that the correct process???

catnipper - you have ZCS 6.0.1 NE and Samba and POSIX successfully working...??? You'd be the first successfull setup I've heard...! LOL You give me hope!

[ArcaneMagus]

If all you are doing is upgrading no you don't need to uninstall the extensions at all. If it helps here are the steps that I used to upgrade and my setup is working perfectly (except for the statistics bug that a lot of other people are having issues with)
5.0.x to 6.0 Upgrade with Samba/Posix Extensions

[NoDoze]

sigh...well, I did that...and it didn't work...

is it possible to run multiple instances of zimbra on one server? So I could run the 5.0.16 production server, and have the 6.0.1 server to test with? Or would they have to be on separate servers...?

The complicated thing about it is the DNS, I don't even know where to start with getting that to work for both instances...?

Any ideas?

Thanks.

[catnipper]

The undeploy issue is solved for me

After an undeploy simply do:

Code:

zimbra@mail1:~> zmprov gacf |grep Extra
zimbraAccountExtraObjectClass: amavisAccount
zimbraAccountExtraObjectClass: posixAccount
zimbraAccountExtraObjectClass: sambaSamAccount
zimbra@mail1:~> zmprov mcf -zimbraAccountExtraObjectClass posixAccount

...to avoid AdminUI still wants to add the Samba and POSIX objectClasses.


@NoDoze: nope sorry - I have 5.0.16 in production and 6.0 for testing. Did not yet try Samba with ZCS 6.0, and probably will never do so! I decided to manage our users on an Mac OS X 10.6 server and have Zimbra 6.0 to authenticate users over LDAP. Managing users separately is far less work compared to the advantages this combination offers (managing VPN, Samba, Mac mobile, Wiki, Blog, etc...). Writing a PHP replication running as nightly cron might be an easy solution to synchronize important user attributes

[ArcaneMagus]

NoDoze it might be possible to run both at the same time by changing every port that Zimbra uses... but I doubt that it will work like that.
As for DNS you could setup a split DNS on your test server so it just grabs "valid" results that point to it. Check out Split DNS - Zimbra :: Wiki for an idea as to how to do that.

[NoDoze]

Hmmm....

Well, I have a primary DNS server that's our web server also.
The zimbra server is on a different server, and when I originally set that up, I used Split DNS - Zimbra :: Wiki . So my zimbra server is ALREADY a secondary DNS server.

The reason I ask if I can run multiple instances is because, this existing 5.0.16 server is on a dual quad cpu with 8GB memory, which is definitely over kill for our company. So to setup a third independent server with 6.0.1 for testing: 1. would I setup a third split DNS, possible? 2. or could I just run multiple instances of zimbra on the existing server? And how would I change all the ports? 3. How would I install 6.0.1 along side/parallel to 5.0.16? ./install.sh -s ?

Thanks!