samba3upgrade: Failure to find users when adding group members

Adam Tauno Williams awilliam at whitemice.org
Thu Nov 10 06:31:17 MST 2011 

On Thu, 2011-11-10 at 09:35 +1100, Andrew Bartlett wrote:
> On Wed, 2011-11-09 at 16:40 -0500, Adam Tauno Williams wrote:
> > ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception -
> > ProvisioningError: Could not add member
> > 'S-1-5-21-2037442776-3290224752-88127236-1062' to group
> > 'S-1-5-21-2037442776-3290224752-88127236-514' as either group or user
> > record doesn't exist: Unable to find GUID for DN 
> Thanks for testing the patches, we are now back on to errors in your
> database, or in the import scripts.  Can you look up your original LDAP
> directory, and tell me if S-1-5-21-2037442776-3290224752-88127236-1062
> is a valid user in your LDAP tree, or if not, what it refers to?
> We know that S-1-5-21-2037442776-3290224752-88127236-514 is valid, as
> the trace above indicates that it refers domain guests, and has already
> been added (by provision).  The puzzling thing here is that typically
> normal accounts would not be members of the domain guests group.

That was my bad.  I had setup a 2003SE AD server for the new domain, and
established a trust with the old domain, in an attempt to use ADMT.
I've now deleted that trust and the associated trust account.  The -

samba-tool domain samba3upgrade --dbdir=/tmp/x  /tmp/x/smb.conf

- now completes without error.  Next I'll try testing if this new domain
works.

....
Once the above files are installed, your Samba4 server will be ready to
use
Server Role:           domain controller
Hostname:              BARBEL
NetBIOS Domain:        BACKBONE
DNS Domain:            micore.us
DOMAIN SID:            S-1-5-21-2037442776-3290224752-88127236
Admin password:        None
Importing WINS database
Importing Account policy
Importing idmap database
Cannot open idmap database, Ignoring: [Errno 2] No such file or
directory
Ignoring unknown parameter "server role"
Importing groups
Group already exists sid=S-1-5-21-2037442776-3290224752-88127236-514,
groupname=Domain Guests existing_groupname=Domain Guests, Ignoring.
Group already exists sid=S-1-5-32-544, groupname=Administrators
existing_groupname=Administrators, Ignoring.
Group already exists sid=S-1-5-32-550, groupname=Print Operators
existing_groupname=Print Operators, Ignoring.
Group already exists sid=S-1-5-21-2037442776-3290224752-88127236-512,
groupname=Domain Admins existing_groupname=Domain Admins, Ignoring.
Importing users

More information about the samba-technical mailing list