samba3upgrade: Failure to find users when adding group members
Adam Tauno Williams
awilliam at whitemice.org
Thu Nov 10 06:31:17 MST 2011
On Thu, 2011-11-10 at 09:35 +1100, Andrew Bartlett wrote:
> On Wed, 2011-11-09 at 16:40 -0500, Adam Tauno Williams wrote:
> > ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception -
> > ProvisioningError: Could not add member
> > 'S-1-5-21-2037442776-3290224752-88127236-1062' to group
> > 'S-1-5-21-2037442776-3290224752-88127236-514' as either group or user
> > record doesn't exist: Unable to find GUID for DN
> Thanks for testing the patches, we are now back on to errors in your
> database, or in the import scripts. Can you look up your original LDAP
> directory, and tell me if S-1-5-21-2037442776-3290224752-88127236-1062
> is a valid user in your LDAP tree, or if not, what it refers to?
> We know that S-1-5-21-2037442776-3290224752-88127236-514 is valid, as
> the trace above indicates that it refers domain guests, and has already
> been added (by provision). The puzzling thing here is that typically
> normal accounts would not be members of the domain guests group.
That was my bad. I had setup a 2003SE AD server for the new domain, and
established a trust with the old domain, in an attempt to use ADMT.
I've now deleted that trust and the associated trust account. The -
samba-tool domain samba3upgrade --dbdir=/tmp/x /tmp/x/smb.conf
- now completes without error. Next I'll try testing if this new domain
Once the above files are installed, your Samba4 server will be ready to
Server Role: domain controller
NetBIOS Domain: BACKBONE
DNS Domain: micore.us
DOMAIN SID: S-1-5-21-2037442776-3290224752-88127236
Admin password: None
Importing WINS database
Importing Account policy
Importing idmap database
Cannot open idmap database, Ignoring: [Errno 2] No such file or
Ignoring unknown parameter "server role"
Group already exists sid=S-1-5-21-2037442776-3290224752-88127236-514,
groupname=Domain Guests existing_groupname=Domain Guests, Ignoring.
Group already exists sid=S-1-5-32-544, groupname=Administrators
Group already exists sid=S-1-5-32-550, groupname=Print Operators
existing_groupname=Print Operators, Ignoring.
Group already exists sid=S-1-5-21-2037442776-3290224752-88127236-512,
groupname=Domain Admins existing_groupname=Domain Admins, Ignoring.
More information about the samba-technical