Upgrade from S3 to a Samba4 DC [with LDAPSAM]
Adam Tauno Williams
awilliam at whitemice.org
Thu Sep 8 15:07:05 MDT 2011
Quoting Adam Tauno Williams <awilliam at whitemice.org>:
> Quoting tataia <iongigixx at gmail.com>:
>> It happens for groups that have sambaGroupType =5
>> replace 5 with 4
> Gotcha. And it goes much further. Are users with the same name as
> groups an issue? There is only one uid=bie object in the LDAPSAM.
Hrm... so I manually exclude user "bie" and import users completes.
But then the script fails while adding users to group. I've verified
that sambaSID=S-1-5-21-2037442776-3290224752-88127236-9272 [a user]
and sambaSID=S-1-5-21-2037442776-3290224752-88127236-1201 [a group]
both exist (and both exist only once).
Group already exists sid=S-1-5-21-2037442776-3290224752-88127236-514,
groupname=Domain Guests existing_groupname=Domain Guests, Ignoring.
Group already exists sid=S-1-5-32-544, groupname=Administrators
Could not add group name=Print Operators ((68, "samldb: Account name
(sAMAccountName) 'Print Operators' already in use!"))
Could not add group name=Mor-Value Parts ((68, "samldb: Account name
(sAMAccountName) 'Mor-Value Parts' already in use!"))
Group already exists sid=S-1-5-21-2037442776-3290224752-88127236-512,
groupname=Domain Admins existing_groupname=Domain Admins, Ignoring.
Adding users to groups
ProvisioningError: Could not add member
'S-1-5-21-2037442776-3290224752-88127236-9272' to group
'S-1-5-21-2037442776-3290224752-88127236-1201' as either group or user
record doesn't exist: Unable to find GUID for DN
I've known for awhile that S3 LDAPSAMs, especially ones that have been
around for a long time, can be.... interestingly inconsistent. But
I'm not certain what it is searching for tin this case; I believe
[???] at this point that it has already exported all the data from the
existing SAM and is building the local LDB?
More information about the samba-technical