Zentyal Forum, Linux Small Business Server

News and Announcements => News and Announcements => Topic started by: J. A. Calvo on December 27, 2012, 12:25:47 pm

Title: Migration guide from Zentyal 2.2 to Zentyal 3.0 published!
Post by: J. A. Calvo on December 27, 2012, 12:25:47 pm
Hi Zentyal 2.2 users,

We know that many of you were expecting a way to migrate your configuration from a Zentyal 2.2 to the new Zentyal 3.0 server and we're glad to let you know that a migration guide has now been published!

It is important note that due to the mayor changes introduced in Zentyal 3.0 (new distribution base, Kerberos, deep changes in some modules like HTTP Proxy, etc.), migrating everything is not possible. However, the migration guide provides some helpers to ease the migration process and helps to avoid manual configuration from the scratch.

You can find all the information at:

http://trac.zentyal.org/wiki/Documentation/Community/Migrate_2.2_to_3.0

If you are missing some specific information, please do request it through the Forum and we'll do our best to include it. When additional migration information is available, it will be documented on this same page.

We hope you will soon enjoy your new Zentyal 3.0!
Title: Re: Migration guide from Zentyal 2.2 to Zentyal 3.0 published!
Post by: Escorpiom on December 27, 2012, 01:19:00 pm
A huge "thank you"!
I find this configuration export much safer than the previous migration tool. This wil yield cleaner results.

Cheers.
Title: Re: Migration guide from Zentyal 2.2 to Zentyal 3.0 published!
Post by: ian on December 27, 2012, 03:24:01 pm
Hi,

Thanks for the scripts.

Is it also possible to upgrade from release 1.4.9 ?
I suppose that there are changes needed then because teh home structure of 1.4.9 is not the sam as in 2.2.

Only importing the users and groups is al a great advance.

Thanks and best regards,
Ian

Title: Re: Migration guide from Zentyal 2.2 to Zentyal 3.0 published!
Post by: bufke on December 28, 2012, 06:18:13 am
Nice, but can't migrate passwords? Unless your deployment is trivial that's a pretty big deal. I would think one could copy over the hashes manually.

http://lists.samba.org/archive/samba-technical/2012-June/084758.html

Quote
The unicodePwd appears to be same hash as for sambaNTPassword in
samba3 ldap just using base 64 encoding rather than direct hex
printing of the value previously.

So copy the Samba NT password to the samba 4 ldap schema then copy userPassword for plain old ldap. Has anyone tried this? Am I missing something? I'll see if I can do this next week.

Of course if LM passwords are enabled (which is default) you can just use rainbow tables, yay security. Sadly I don't have LM passwords for all my users.
Title: Re: Migration guide from Zentyal 2.2 to Zentyal 3.0 published!
Post by: half_life on January 03, 2013, 11:11:49 pm
Hi Zentyal 2.2 users,

We know that many of you were expecting a way to migrate your configuration from a Zentyal 2.2 to the new Zentyal 3.0 server and we're glad to let you know that a migration guide has now been published!

It is important note that due to the mayor changes introduced in Zentyal 3.0 (new distribution base, Kerberos, deep changes in some modules like HTTP Proxy, etc.), migrating everything is not possible. However, the migration guide provides some helpers to ease the migration process and helps to avoid manual configuration from the scratch.

You can find all the information at:

http://trac.zentyal.org/wiki/Documentation/Community/Migrate_2.2_to_3.0

If you are missing some specific information, please do request it through the Forum and we'll do our best to include it. When additional migration information is available, it will be documented on this same page.

We hope you will soon enjoy your new Zentyal 3.0!

I had a bout with the flu so am just now trying this.  In your documentation you say:
sudo perl dump-users-from-backup confbackupname.tar users.csv
Did you mean?
sudo perl dump-users-from-backup confbackupname.tar >users.csv

Title: Re: Migration guide from Zentyal 2.2 to Zentyal 3.0 published!
Post by: bufke on January 04, 2013, 11:33:34 pm
Ok so LDAP password migration is not so bad. This doesn't include Samba!

1. In your 2.2 ldap server you need to get the userPassword attributes for all users. You can find gui tools or do cli like:
ldapsearch -D 'cn=ebox,dc=domain,dc=org' -w 'password_from_ldap_settings' -b 'dc=domain,dc=org'
That dumps out everything but what you want is the uid and userPassword. Keep in mind userPassword is a base64 of the hash.

2. Import your users as the guide suggests. Now they have bad passwords.

3. Decode passwords like this

echo crazy_base64_thing_you_got_from_ldapsearch | base64 -d

This decodes it but it's still a hash. It should start with something like {SHA} but could be some other type of hash depending on your setup.

4. Use ldapmodify on the 3.0 server to set the userPassword. By default the userPassword is just a base64 of {K5KEY} which isn't the password at all. I'm guessing it just saying use kerberos?
To do this make a ldif file like

dn: uid=username_here,ou=Users,dc=domain
changetype: modify
replace: userPassword
userPassword: {SHA}fdslfjdsffljsdfljsdfll

where userPassword is what you did base64 -d to. Run it like

ldapmodify -D 'cn=zentyal,dc=domain' -w 'password_from_ldap_settings' -p 390 -h yourhostname -f your_file.ldif

Verify it worked by running the ldapsearch command like you did in 2.2.

Now users can log into User's Corner, use pam_ldap, any other systems that depend on the ldap auth backend. In User's Corner people could change their own passwords and it updates everything! But this still sucks and forcing all employees to reset passwords is a great way to make people hate you.

I'll play with Samba and report back. Maybe I'll even make a script.
Title: Re: Migration guide from Zentyal 2.2 to Zentyal 3.0 published!
Post by: bufke on January 06, 2013, 12:40:30 am
Ok samba guide. This does not include kerberos just basic samba authentication. Please note this is a proof of concept, I haven't tried this in production and neither should you without sufficient testing.

Get a list of uid and SambaNTPassword from Zentyal 2.2 as described in the above ldap guide.

I used python since we need to manipulate the hash a bit. Execute this on the 3.0 server. Fill in the username, password, and domain of course

Code: [Select]
import base64
import binascii
import subprocess

sam_file = "/var/lib/samba/private/sam.ldb.d/DC\=DOMAIN.ldb"
user_dn = "CN=<username goes here>,CN=Users,DC=domain"
ldap_samba_nt_password = "<SambaNTPassword goes here>"
b64_hash = base64.b64encode(binascii.a2b_hex(ldap_samba_nt_password))

cmd = """ldbmodify -H %s --controls=local_oid:1.3.6.1.4.1.7165.4.3.12:0 <<EOF
dn: %s
changetype: modify
replace: unicodePwd
unicodePwd:: %s
EOF""" % (sam_file, user_dn, b64_hash)
subprocess.call(cmd, shell=True)

You can test with smbclient.

I'll probably improve the script to handle a big list of users and passwords. Is there any reason this isn't a good migration strategy? If users weren't using kerberos before, why would they miss it with 3.0? And if they want it they can just change their password at their leisure.

A Linux client with pam_ldap who is mounting samba shares should never notice the change (in theory). I'm less sure about Windows clients, will they attempt to use kerberos and then fail?
Title: Re: Migration guide from Zentyal 2.2 to Zentyal 3.0 published!
Post by: jp.otto on January 21, 2013, 01:37:25 pm
I run into problems while trying to follow the instructions.

When doing the import-basic-modules I get:
Code: [Select]
root@hostname:~# perl import-basic-modules hostname_2013-01-21-101112.tar
Use of uninitialized value in uc at /usr/share/perl5/EBox/Types/DomainName.pm line 76, <GEN0> line 726.
Use of uninitialized value $value in substitution (s///) at /usr/share/perl5/EBox/Types/Host.pm line 169, <GEN0> line 736.

dump-users-from-backup results in:
Code: [Select]
root@hostname:~# perl dump-users-from-backup hostname_2013-01-21-101112.tar users.csv
Use of uninitialized value $description in join or string at dump-users-from-backup line 131, <GEN0> line 120.
Use of uninitialized value $description in join or string at dump-users-from-backup line 131, <GEN0> line 545.
Use of uninitialized value $description in join or string at dump-users-from-backup line 131, <GEN0> line 589.
Use of uninitialized value $description in join or string at dump-users-from-backup line 131, <GEN0> line 633.
Use of uninitialized value $description in join or string at dump-users-from-backup line 131, <GEN0> line 677.
Use of uninitialized value $description in join or string at dump-users-from-backup line 131, <GEN0> line 721.
Use of uninitialized value $description in join or string at dump-users-from-backup line 131, <GEN0> line 765.
Use of uninitialized value $description in join or string at dump-users-from-backup line 131, <GEN0> line 809.
Use of uninitialized value $description in join or string at dump-users-from-backup line 131, <GEN0> line 853.
Use of uninitialized value $description in join or string at dump-users-from-backup line 131, <GEN0> line 897.
Use of uninitialized value $description in join or string at dump-users-from-backup line 131, <GEN0> line 941.
Use of uninitialized value $description in join or string at dump-users-from-backup line 131, <GEN0> line 985.
Use of uninitialized value $description in join or string at dump-users-from-backup line 131, <GEN0> line 1029.
Use of uninitialized value $description in join or string at dump-users-from-backup line 157, <GEN0> line 1047.
Use of uninitialized value $description in join or string at dump-users-from-backup line 157, <GEN0> line 1080.
Use of uninitialized value $description in join or string at dump-users-from-backup line 157, <GEN0> line 1097.
Use of uninitialized value $description in join or string at dump-users-from-backup line 157, <GEN0> line 1115.
Use of uninitialized value $description in join or string at dump-users-from-backup line 157, <GEN0> line 1133.
Use of uninitialized value $description in join or string at dump-users-from-backup line 157, <GEN0> line 1151.
Use of uninitialized value $description in join or string at dump-users-from-backup line 157, <GEN0> line 1168.
Use of uninitialized value $description in join or string at dump-users-from-backup line 157, <GEN0> line 1186.
Use of uninitialized value $description in join or string at dump-users-from-backup line 157, <GEN0> line 1203.
Use of uninitialized value $description in join or string at dump-users-from-backup line 131, <GEN0> line 1635.
write_file 'users.csv' - sysopen: Permission denied at dump-users-from-backup line 110.

The old machine is on 2.2:
Code: [Select]
root@hostname:~# dpkg -l |grep zentyal
[...]
ii  zentyal-antivirus                    2.2.2                                 Zentyal - Antivirus
ii  zentyal-common                       2.2.3                                 Zentyal - Common Library
ii  zentyal-core                         2.2.7                                 Zentyal - Core
ii  zentyal-ebackup                      2.2.5                                 Zentyal - Backup
ii  zentyal-firewall                     2.2.1                                 Zentyal - Firewall
ii  zentyal-network                      2.2.9                                 Zentyal - Network Configuration
ii  zentyal-objects                      2.2                                   Zentyal - Network Objects
ii  zentyal-printers                     2.2.2                                 Zentyal - Printer Sharing Service
ii  zentyal-samba                        2.2                                   Zentyal - File Sharing Service
ii  zentyal-services                     2.2                                   Zentyal - Network Services
ii  zentyal-software                     2.2.7                                 Zentyal - Software Management
ii  zentyal-users                        2.2.8                                 Zentyal - Users and Groups

The new one is a newly installed 3.0.1:
Code: [Select]
root@hostname:~# dpkg -l |grep zentyal
[...]
ii  zentyal                              3.0.1                                   Zentyal - Core metapackage
ii  zentyal-antivirus                    3.0                                     Zentyal - Antivirus
ii  zentyal-common                       3.0.5                                   Zentyal - Common Library
ii  zentyal-core                         3.0.10                                  Zentyal - Core
ii  zentyal-dns                          3.0.4                                   Zentyal - DNS Service
ii  zentyal-ebackup                      3.0.4                                   Zentyal - Backup
ii  zentyal-firewall                     3.0.1                                   Zentyal - Firewall
ii  zentyal-network                      3.0.1                                   Zentyal - Network Configuration
ii  zentyal-ntp                          3.0                                     Zentyal - NTP Service
ii  zentyal-objects                      3.0                                     Zentyal - Network Objects
ii  zentyal-printers                     3.0.1                                   Zentyal - Printer Sharing Service
ii  zentyal-samba                        3.0.12                                  Zentyal - File Sharing and Domain Services
ii  zentyal-services                     3.0.1                                   Zentyal - Network Services
ii  zentyal-software                     3.0.3                                   Zentyal - Software Management
ii  zentyal-users                        3.0.7                                   Zentyal - Users and Groups

Any ideas?
Title: Re: Migration guide from Zentyal 2.2 to Zentyal 3.0 published!
Post by: half_life on January 21, 2013, 05:22:43 pm
I run into problems while trying to follow the instructions.

When doing the import-basic-modules I get:
Code: [Select]
root@hostname:~# perl import-basic-modules hostname_2013-01-21-101112.tar
Use of uninitialized value in uc at /usr/share/perl5/EBox/Types/DomainName.pm line 76, <GEN0> line 726.
Use of uninitialized value $value in substitution (s///) at /usr/share/perl5/EBox/Types/Host.pm line 169, <GEN0> line 736.

dump-users-from-backup results in:
Code: [Select]
root@hostname:~# perl dump-users-from-backup hostname_2013-01-21-101112.tar users.csv
Use of uninitialized value $description in join or string at dump-users-from-backup line 131, <GEN0> line 120.
Use of uninitialized value $description in join or string at dump-users-from-backup line 131, <GEN0> line 545.
Use of uninitialized value $description in join or string at dump-users-from-backup line 131, <GEN0> line 589.
Use of uninitialized value $description in join or string at dump-users-from-backup line 131, <GEN0> line 633.
Use of uninitialized value $description in join or string at dump-users-from-backup line 131, <GEN0> line 677.
Use of uninitialized value $description in join or string at dump-users-from-backup line 131, <GEN0> line 721.
Use of uninitialized value $description in join or string at dump-users-from-backup line 131, <GEN0> line 765.
Use of uninitialized value $description in join or string at dump-users-from-backup line 131, <GEN0> line 809.
Use of uninitialized value $description in join or string at dump-users-from-backup line 131, <GEN0> line 853.
Use of uninitialized value $description in join or string at dump-users-from-backup line 131, <GEN0> line 897.
Use of uninitialized value $description in join or string at dump-users-from-backup line 131, <GEN0> line 941.
Use of uninitialized value $description in join or string at dump-users-from-backup line 131, <GEN0> line 985.
Use of uninitialized value $description in join or string at dump-users-from-backup line 131, <GEN0> line 1029.
Use of uninitialized value $description in join or string at dump-users-from-backup line 157, <GEN0> line 1047.
Use of uninitialized value $description in join or string at dump-users-from-backup line 157, <GEN0> line 1080.
Use of uninitialized value $description in join or string at dump-users-from-backup line 157, <GEN0> line 1097.
Use of uninitialized value $description in join or string at dump-users-from-backup line 157, <GEN0> line 1115.
Use of uninitialized value $description in join or string at dump-users-from-backup line 157, <GEN0> line 1133.
Use of uninitialized value $description in join or string at dump-users-from-backup line 157, <GEN0> line 1151.
Use of uninitialized value $description in join or string at dump-users-from-backup line 157, <GEN0> line 1168.
Use of uninitialized value $description in join or string at dump-users-from-backup line 157, <GEN0> line 1186.
Use of uninitialized value $description in join or string at dump-users-from-backup line 157, <GEN0> line 1203.
Use of uninitialized value $description in join or string at dump-users-from-backup line 131, <GEN0> line 1635.
write_file 'users.csv' - sysopen: Permission denied at dump-users-from-backup line 110.

The old machine is on 2.2:
Code: [Select]
root@hostname:~# dpkg -l |grep zentyal
[...]
ii  zentyal-antivirus                    2.2.2                                 Zentyal - Antivirus
ii  zentyal-common                       2.2.3                                 Zentyal - Common Library
ii  zentyal-core                         2.2.7                                 Zentyal - Core
ii  zentyal-ebackup                      2.2.5                                 Zentyal - Backup
ii  zentyal-firewall                     2.2.1                                 Zentyal - Firewall
ii  zentyal-network                      2.2.9                                 Zentyal - Network Configuration
ii  zentyal-objects                      2.2                                   Zentyal - Network Objects
ii  zentyal-printers                     2.2.2                                 Zentyal - Printer Sharing Service
ii  zentyal-samba                        2.2                                   Zentyal - File Sharing Service
ii  zentyal-services                     2.2                                   Zentyal - Network Services
ii  zentyal-software                     2.2.7                                 Zentyal - Software Management
ii  zentyal-users                        2.2.8                                 Zentyal - Users and Groups

The new one is a newly installed 3.0.1:
Code: [Select]
root@hostname:~# dpkg -l |grep zentyal
[...]
ii  zentyal                              3.0.1                                   Zentyal - Core metapackage
ii  zentyal-antivirus                    3.0                                     Zentyal - Antivirus
ii  zentyal-common                       3.0.5                                   Zentyal - Common Library
ii  zentyal-core                         3.0.10                                  Zentyal - Core
ii  zentyal-dns                          3.0.4                                   Zentyal - DNS Service
ii  zentyal-ebackup                      3.0.4                                   Zentyal - Backup
ii  zentyal-firewall                     3.0.1                                   Zentyal - Firewall
ii  zentyal-network                      3.0.1                                   Zentyal - Network Configuration
ii  zentyal-ntp                          3.0                                     Zentyal - NTP Service
ii  zentyal-objects                      3.0                                     Zentyal - Network Objects
ii  zentyal-printers                     3.0.1                                   Zentyal - Printer Sharing Service
ii  zentyal-samba                        3.0.12                                  Zentyal - File Sharing and Domain Services
ii  zentyal-services                     3.0.1                                   Zentyal - Network Services
ii  zentyal-software                     3.0.3                                   Zentyal - Software Management
ii  zentyal-users                        3.0.7                                   Zentyal - Users and Groups

Any ideas?

See my question above.  My question was actually a gentle "fix the documentation" type question.  They left out the > in the command.

Code: [Select]
sudo perl dump-users-from-backup confbackupname.tar >users.csv
Title: Re: Migration guide from Zentyal 2.2 to Zentyal 3.0 published!
Post by: jp.otto on January 22, 2013, 04:02:35 pm
[...]
Any ideas?

See my question above.  My question was actually a gentle "fix the documentation" type question.  They left out the > in the command.

Code: [Select]
sudo perl dump-users-from-backup confbackupname.tar >users.csv

Thank you, that resulted at least in a users.csv, though the errormessages stay the same.

The "only" remaining problem is, that import-basic-modules seems not to do what I expected it to...
Or is it not its job to configure file sharing, shares and printers with their access rights?
Title: Re: Migration guide from Zentyal 2.2 to Zentyal 3.0 published!
Post by: half_life on January 23, 2013, 01:40:16 am
I am sorry,  it has been too long since I ran the upgrade to remember which modules it carried over but you will have to do significant re-work in the file sharing module for sure.  Wish I had better news but I can see where writing an upgrade tool would have been a huge effort in the samba module.
Title: Re: Migration guide from Zentyal 2.2 to Zentyal 3.0 published!
Post by: jp.otto on January 23, 2013, 09:34:28 am
Too bad, but thank you anyways  :o
Title: Re: Migration guide from Zentyal 2.2 to Zentyal 3.0 published!
Post by: graylion on January 24, 2013, 06:54:36 pm
folks, this is ridiculous. Migration needs to be part of the plan, not something you stick on after.

What about Zarafa for instance? Yes I can migrate emails via IMAP client if need be (gee, thanks), what about address books and calendar info? And no upgrade-in-place? Disappointed I am. If you are planning to do better than the competition, you need to do better than the competition. :(
Title: Re: Migration guide from Zentyal 2.2 to Zentyal 3.0 published!
Post by: friedmar on January 24, 2013, 08:01:47 pm
totally agree!

This is not a migration!
Title: Re: Migration guide from Zentyal 2.2 to Zentyal 3.0 published!
Post by: bufke on January 25, 2013, 12:22:20 am
Yea I'm still trying to plan my migration. Their old desktop debian package would set up pam_ldap for you but in 3.0 it's not compatible because they changed the ldap port, restricted anon searching, and do groups in a very different schema. So even if I redid the entire zentyal server I would have to change each and every client too. I'm no longer recommending Zentyal as a reasonable alternative to AD though. Hope to have a real migration guide for you all soon. I don't use Zarafa though so you are on your own with that. Good to know I should never consider it.
Title: Re: Migration guide from Zentyal 2.2 to Zentyal 3.0 published!
Post by: kenamb on January 29, 2013, 01:14:19 pm
Can't locate EBox/Util/Random.pm in @INC (@INC contains: /etc/perl /usr/local/lib/perl/5.10.1 /usr/local/share/perl/5.10.1 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.10 /usr/share/perl/5.10 /usr/local/lib/site_perl .) at dump-users-from-backup.1 line 27, <DATA> line 134.
BEGIN failed--compilation aborted at dump-users-from-backup.1 line 27, <DATA> line 134.

keep gettig this error everytime i try and export the users to csv
Title: Re: Migration guide from Zentyal 2.2 to Zentyal 3.0 published!
Post by: graylion on March 06, 2013, 10:15:26 am
If you want groupware functionality it actually isn't half bad, but I am really disappointed in Zentyal overall:

Title: Re: Migration guide from Zentyal 2.2 to Zentyal 3.0 published!
Post by: nardial on March 25, 2013, 08:43:04 am
@bufke
I would really appreciate a guide, because I feel some kind of stuck now.
It is absolutely impossible to migrate machines the zentyal way, users and management would not accept that.
Title: Re: Migration guide from Zentyal 2.2 to Zentyal 3.0 published!
Post by: bufke on April 10, 2013, 10:31:15 pm
I work at a school and will wait till summer break as I think this process is dangerous.

In a proof of concept I was able to get a hacky solution together. I don't have it all documented well and it's a temporary solution. My plan is to migrate what I can including passwords for simple samba and ldap authentication (but not kerberos). Then give people a deadline to reset their password to make kerberos work too. After that deadline I'll remove my hacks which include changes to zentyal ldap settings which are probably not upgrade safe.

If you want to work on it you could email me at david at burkesoftware dot com. I do have python scripts that do migrate passwords and other user data. Might be good to have you test them out yourself in a non production environment of course.

I don't have decent enough notes to publish a guide right now. What exactly are you looking to migrate? Passwords? How do your clients connect? A big issue with me is I use pam_ldap to authenticate and they changed a lot of stuff about ldap in 3.0. Even the port is different. If you are using Windows clients I suspect it would be much easier but I haven't tested this.
Title: Re: Migration guide from Zentyal 2.2 to Zentyal 3.0 published!
Post by: christian on April 11, 2013, 07:43:34 am
I'm no longer recommending Zentyal as a reasonable alternative to AD though. Hope to have a real migration guide for you all soon. I don't use Zarafa though so you are on your own with that. Good to know I should never consider it.

The point is that 3.0, thanks, kind of, to Samba 4, better emulates AD (because Samba 3 was not supporting GPO).
Second point is that you do not really look at AD alternative, given what you describe (PAM and basic LDAP support). You even don't use Zarafa  :P

This being said, I'm totally in line with your comment  :)
 => not providing standard LDAP back-end supporting anonymous search on port 389 is really painful for those having already deployed their infrastructure

At least they could have offer different LDAP ports "a la AD") or use 390 as the internal LDAP port  ::)

Anyway, I suppose this will change with the next versions as supporting multiple LDAP servers, multiple DNS etc is also painful for Zentyal team. My fears is that might not be toward more openness but rather toward more "Windows like" landscape.

One question however: as 2.2 fits your needs, why would you need to migrate toward 3.0 ?
Title: Re: Migration guide from Zentyal 2.2 to Zentyal 3.0 published!
Post by: bufke on April 21, 2013, 11:02:50 pm
Quote
One question however: as 2.2 fits your needs, why would you need to migrate toward 3.0 ?

Because I hope my client will still exist after Ubuntu 10.04 support ends.

A windows like landscape is fine with me if it works. Emulate Windows on both server and client. Why not? pam_ldap is a pain to set up. Kerberos is useful. Playing around with it myself I'm sure it is a pain for the Zentyal team. I think more could have been done though.
Title: Re: Migration guide from Zentyal 2.2 to Zentyal 3.0 published!
Post by: christian on April 22, 2013, 05:38:49 am
Quote
One question however: as 2.2 fits your needs, why would you need to migrate toward 3.0 ?

Because I hope my client will still exist after Ubuntu 10.04 support ends.

So you are not in a hurry then  :) Zentyal is based on LTS, L standing for Long, meaning Ubuntu will support it till 2015 and Zentyal 2.2 will be supported for more than one year (2014)

Quote
A windows like landscape is fine with me if it works. Emulate Windows on both server and client. Why not? pam_ldap is a pain to set up. Kerberos is useful. Playing around with it myself I'm sure it is a pain for the Zentyal team. I think more could have been done though.

I really don't understand what "emulating Windows on both server and client" could mean. If you can elaborate on this, it would be very interesting.
Tell me too why you feel PAM to be painful. If you compare to Kerberos, PAM is very very easy  ;)
Title: Re: Migration guide from Zentyal 2.2 to Zentyal 3.0 published!
Post by: Sam Graf on April 23, 2013, 02:22:52 am
Zentyal is based on LTS, L standing for Long, meaning Ubuntu will support it till 2015 and Zentyal 2.2 will be supported for more than one year (2014)

The unspoken assumption here is that the unseen, unknown 3.2 justifies not being in a "hurry." :-\
Title: Re: Migration guide from Zentyal 2.2 to Zentyal 3.0 published!
Post by: christian on April 23, 2013, 08:07:39 am
I do not try to justify anything but express my own personal view that is, by no mean, the absolute true.

There is potentially hundreds of reason for this user to migrate ASAP. This I don't know.
If what triggers migration asap is lack of support from Ubuntu, I'm pretty confident that my sentence makes sense: Canonical will support Ubuntu 10.04 till 2015.

On top of this, I assumed this user is using community edition. So far so good (I'm using this edition too  ;)) but then there is just NO commitment in term of support from Zentyal. So this is not the Zentyal roadmap in term of support that is pushing for migration in a hurry.

Again, perhaps some other reason that I don't know, reason why I was asking "why do you want to migrate?"

As you ask and in order to not let any unspoken assumption grow, I'll try to be even more explicit, even if some may take it the wrong way (I hope they will not  :-[):

1 - there is an obvious - at least to me - trend to always target the very last version or release of every piece of software, from BIOS to end-user application just because this is the new version, quite often without looking at features. When feature are similar or only with bug fix or improvement, I can understand. Unfortunately, there is a huge gap between Zentyal 2.2 and 3.0.  Yes, you're right, from end-user standpoint, this is not that huge (aside potentially SSO) but from admin standpoint, you may know what I mean.
So migration is not easy and 3.0 is not yet as stable as 2.2.  If you want to go there, from 2.2, relying only on community support, you either do it because you want to give a try (excellent good reason) or because there are some features you do need.  Again, therefore my earlier question  8)

2 - the second aspect will be, I know already, more controversial here but I've spent too much time refraining myself to write it many times, and your post triggers it today: I've the very very strong feeling that main goal, for a lot of Zentyal users, is to benefit from Zentyal because this is the free alternative to Windows domain. These users are not going to support Zentyal as a company buying some official support. Most of them even do not support community by providing help, feedback or support to other community members (I know this behaviour is not specific to Zentyal community) but on the other hand, they do push for "migration asap", "support commitment" and other bells and whistles for free. Here again, not all but a lot do even not look at features. They just want to migrate for the very last version with free "support" and expect to put enough pressure on Zentyal with no business perspective behind. My expectation is that those using community edition and hoping Zentyal to bring something to them should at least use Zentyal "community" in different ways that could be development, community support, clear explanation of users cases, projects or or even needs in term of feature, not needs in term of "I need to migrate ASAP, please Zentyal help !"

3 - last but not least, yes you're right I expect next Zentyal version to fit better market needs. To me, 3.0 missed its target. First I'm not convinced (perhaps I'm wrong) that GPO support is the first must for SMBs. Second, GPO with lack of OU support in the back-end (you know the secondary LDAP server emulating AD  ;) ) is pretty useless. So I'm back to my question in term of feature "what is the main trigger from 3.0 migration ?"  New comer will of course install 3.0  I'm fine with this. My point is this "migration" step. Is it that critical that it must be done in a hurry ? Can't you wait for next version that will, from technical standpoint, make more sense or do you need something right now?  If your answer is SSO, fine, that's a good reason. Measure pros and cons and migrate once your decision is made. If this is for support while using community edition, I'm back to my previous answer:
"so you're not in a hurry  ;)"

I know such long post is not expected here, sorry for this, but it was better, at least for me, to write it once  :-[
I will not comment it further  ;)

EDIT: some (too many) typos :-(
Title: Re: Migration guide from Zentyal 2.2 to Zentyal 3.0 published!
Post by: Sam Graf on April 23, 2013, 01:11:43 pm
Since I have also mentioned that users could prefer 2.2 over 3.0 I'm not questioning the idea of sticking with a working server. I was just thinking a couple of things (keeping in mind what I just said):
That said, I appreciate especially your comments in point 2. Some things there that warrant additional discussion, in my opinion.
Title: Re: Migration guide from Zentyal 2.2 to Zentyal 3.0 published!
Post by: bufke on April 24, 2013, 08:14:39 pm
Quote
I really don't understand what "emulating Windows on both server and client" could mean. If you can elaborate on this, it would be very interesting.
Tell me too why you feel PAM to be painful. If you compare to Kerberos, PAM is very very easy 

The "Windows" way is Active Directory. Samba4 provides an Active Directory service.

PAM = Pluggable Authentication Module. Whether you use winbind (samba) or local authentication you are using PAM. pam_ldap I found to be painful to set up. You can read about my experiences in on my blog if you are interested. http://davidmburke.com/2012/04/26/ubuntu-12-04-deployment-with-active-directory/

Hopefully I'll be getting some government funding (I work for a school in America) to purchase Zentyal Support. My main interest in Zentyal is it's free as in freedom. Unlike Active Directory I could very easily replicate one client's set up without thinking about license fees. For just one client, I've found the cost of Zentyal vastly higher than Active Directory.

Here is my WIP migration script. It's unfinished and you should assume it will break everything and kill your dog. https://gist.github.com/bufke/4490120 The idea is to get the hashes out of Zentyal 2.2 and insert them in 3.0 in Samba LDAP and OpenLDAP. It supports only simple authentication not kerberos. It also will ensure ID's match which is very important.
Title: Re: Migration guide from Zentyal 2.2 to Zentyal 3.0 published!
Post by: christian on April 24, 2013, 09:18:37 pm
The "Windows" way is Active Directory. Samba4 provides an Active Directory service.

 is it :'( :'(  or  :D :D ?

I don't know but I've to admit that Microsoft is really the best in the marketing domain.

Joke aside, I don't want to fight to determine if Windows way = AD = Samba4. You're probably right with:
"Samba 4 = Windows way" (of course) and wrong, from my standpoint, thinking that this is because of AD.

AD is no more almost than LDAP server.
This LDAP server as some constraints if you compare to other conventional (and open) LDAP servers because it has been designed, as LDAP server, to server one  specific application that is "Windows Domain".
Windows way is therefore much more than AD and Windows domain will not work without DNS, Kerberos, SMB...

BTW, Samba cornerstone is SMB, not AD.

In the meantime, I read a bit of your blog (thank you for the link) and I understand now better your position and why pam_ldap is not for you.
Do not take it the wrong way, there is no criticism in my comment  ;)
PAM alone to authenticate against LDAP (akak pam_ldap) is not enough. If you don't understand that nss is mandatory, then you will never succeed. What is missing in Linux for Windows users and admins is this abstraction layer that is hiding everything (that's what I call the Windows way  :P) and that would configure pam_ldap and NSS on your behalf.
But even with such tool I don't think it would feet your needs because your real target should rather be kerberos deployment (which doesn't fit nicely with PAM  :-\)

Quote
My main interest in Zentyal is it's free as in freedom. Unlike Active Directory I could very easily replicate one client's set up without thinking about license fees. For just one client, I've found the cost of Zentyal vastly higher than Active Directory.

 ::) ::)
Title: Re: Migration guide from Zentyal 2.2 to Zentyal 3.0 published!
Post by: MOSAiX on September 15, 2014, 10:54:46 am
Sad, that this Guide is offline this quickly.
Is there an archive for older Guides?
Title: Re: Migration guide from Zentyal 2.2 to Zentyal 3.0 published!
Post by: Gopher on September 15, 2014, 01:04:51 pm
http://oldtracker.zentyal.org/wiki/Documentation/Community/Migrate_2.2_to_3.0
Where else?! ;)
Title: Re: Migration guide from Zentyal 2.2 to Zentyal 3.0 published!
Post by: MOSAiX on September 16, 2014, 05:36:49 pm
http://oldtracker.zentyal.org/wiki/Documentation/Community/Migrate_2.2_to_3.0
Where else?! ;)

This is gold! Thank you!