Planning beta8 soon

Andrew Bartlett abartlet at samba.org
Wed Aug 29 07:07:24 MDT 2012 

On Wed, 2012-08-29 at 13:29 +0200, Marc Muehlfeld wrote:
> Am 29.08.2012 08:26, schrieb Andrew Bartlett:
> > If you have found any other issues with current master (particularly
> > regressions) please let me know so I can try and fix them for an
> > improved beta tomorrow.
> 
> classicupgrade from 3.5.17 fails with beta7:
> 
> # /usr/local/samba/bin/samba-tool domain classicupgrade 
> --dbdir=/usr/var/locks/ --use-xattrs=yes --realm=MUC.medizinische-genetik.de 
> /etc/samba/smb3.conf
> 
> Reading smb.conf
> Unknown parameter encountered: "display charset"
> Ignoring unknown parameter "display charset"
> Provisioning
> Exporting account policy
> Exporting groups
> Ignoring group 'Print Operators' S-1-5-32-550 listed but then not found: 
> Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
> Ignoring group 'Backup Operators' S-1-5-32-551 listed but then not found: 
> Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
> Ignoring group 'Replicator' S-1-5-32-552 listed but then not found: Unable to 
> enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
> Ignoring group 'Administrators' S-1-5-32-544 listed but then not found: Unable 
> to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
> Ignoring 'well known' group 'Guests' (should already be in AD, and have no 
> members)
> Ignoring group 'Account Operators' S-1-5-32-548 listed but then not found: 
> Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
> Ignoring group 'Server Operators' S-1-5-32-549 listed but then not found: 
> Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
> Ignoring group 'Power Users' S-1-5-32-547 listed but then not found: Unable to 
> enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
> Ignoring group 'Users' S-1-5-32-545 listed but then not found: Unable to 
> enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
> Exporting users
> Next rid = 17079
> ERROR(<type 'exceptions.UnboundLocalError'>): uncaught exception - local 
> variable 'result' referenced before assignment
>    File 
> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py", 
> line 160, in _run
>      return self.run(*args, **kwargs)
>    File 
> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py", line 
> 1013, in run
>      useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
>    File "/usr/local/samba/lib64/python2.6/site-packages/samba/upgrade.py", 
> line 784, in upgrade_from_samba3
>      ldb_object = Ldb(url, session_info=system_session(result.lp), 
> credentials=creds, lp=result.lp)
> 
> 
> 
> 
> 
> 
> 
> 
> 
> The latest git version (4.0.0beta8-GIT-24356f3) crashes on a different position:
> 
> 
> Reading smb.conf
> Unknown parameter encountered: "display charset"
> Ignoring unknown parameter "display charset"
> Provisioning
> Exporting account policy
> Exporting groups
> Ignoring group 'Print Operators' S-1-5-32-550 listed but then not found: 
> Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
> Ignoring group 'Backup Operators' S-1-5-32-551 listed but then not found: 
> Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
> Ignoring group 'Replicator' S-1-5-32-552 listed but then not found: Unable to 
> enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
> Ignoring group 'Administrators' S-1-5-32-544 listed but then not found: Unable 
> to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
> Ignoring 'well known' group 'Guests' (should already be in AD, and have no 
> members)
> Ignoring group 'Account Operators' S-1-5-32-548 listed but then not found: 
> Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
> Ignoring group 'Server Operators' S-1-5-32-549 listed but then not found: 
> Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
> Ignoring group 'Power Users' S-1-5-32-547 listed but then not found: Unable to 
> enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
> Ignoring group 'Users' S-1-5-32-545 listed but then not found: Unable to 
> enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
> Exporting users
> Next rid = 17079
> Exporting posix attributes
> Reading WINS database
> Looking up IPv4 addresses
> More than one IPv4 address found. Using 192.168.10.4
> Looking up IPv6 addresses
> No IPv6 address will be assigned
> Setting up share.ldb
> Setting up secrets.ldb
> Setting up the registry
> Setting up the privileges database
> Setting up idmap db
> Setting up SAM db
> Setting up sam.ldb partitions and settings
> Setting up sam.ldb rootDSE
> Pre-loading the Samba 4 and AD schema
> Adding DomainDN: DC=muc,DC=medizinische-genetik,DC=de
> Adding configuration container
> Setting up sam.ldb schema
> Setting up sam.ldb configuration data
> Setting up display specifiers
> Adding users container
> Modifying users container
> Adding computers container
> Modifying computers container
> Setting up sam.ldb data
> Setting up well known security principals
> Setting up sam.ldb users and groups
> Setting up self join
> Adding DNS accounts
> Creating CN=MicrosoftDNS,CN=System,DC=muc,DC=medizinische-genetik,DC=de
> Creating DomainDnsZones and ForestDnsZones partitions
> Populating DomainDnsZones and ForestDnsZones partitions
> See /usr/local/samba/private/named.conf for an example configuration include 
> file for BIND
> and /usr/local/samba/private/named.txt for further documentation required for 
> secure DNS updates
> Setting up sam.ldb rootDSE marking as synchronized
> Fixing provision GUIDs
> A Kerberos configuration suitable for Samba 4 has been generated at 
> /usr/local/samba/private/krb5.conf
> Setting up fake yp server settings
> Once the above files are installed, your Samba4 server will be ready to use
> Admin password:        CQQ0HdN6w93YKaU~i>I97JhZ_
> Server Role:           active directory domain controller
> Hostname:              exon
> NetBIOS Domain:        MUC
> DNS Domain:            muc.medizinische-genetik.de
> DOMAIN SID:            S-1-5-21-1362721961-1801182073-732966438
> A phpLDAPadmin configuration file suitable for administering the Samba 4 LDAP 
> server has been created in /usr/local/samba/private/phpldapadmin-config.php.
> Importing WINS database
> Importing Account policy
> Importing idmap database
> Cannot open idmap database, Ignoring: [Errno 2] No such file or directory
> Importing groups
> Group already exists sid=S-1-5-21-1362721961-1801182073-732966438-512, 
> groupname=Domain Admins existing_groupname=Domain Admins, Ignoring.
> Group already exists sid=S-1-5-21-1362721961-1801182073-732966438-513, 
> groupname=Domain Users existing_groupname=Domain Users, Ignoring.
> Group already exists sid=S-1-5-21-1362721961-1801182073-732966438-514, 
> groupname=Domain Guests existing_groupname=Domain Guests, Ignoring.
> Group already exists sid=S-1-5-32-550, groupname=Print Operators 
> existing_groupname=Print Operators, Ignoring.
> Group already exists sid=S-1-5-32-551, groupname=Backup Operators 
> existing_groupname=Backup Operators, Ignoring.
> Group already exists sid=S-1-5-32-552, groupname=Replicator 
> existing_groupname=Replicator, Ignoring.
> Group already exists sid=S-1-5-32-544, groupname=Administrators 
> existing_groupname=Administrators, Ignoring.
> Could not modify AD idmap entry for 
> sid=S-1-5-21-1362721961-1801182073-732966438-546, id=546, type=ID_TYPE_GID 
> ((32, "Base-DN '<SID=S-1-5-21-1362721961-1801182073-732966438-546>' not found"))
> Could not add posix attrs for AD entry for 
> sid=S-1-5-21-1362721961-1801182073-732966438-546, ((32, "Base-DN 
> '<SID=S-1-5-21-1362721961-1801182073-732966438-546>' not found"))
> Group already exists sid=S-1-5-32-548, groupname=Account Operators 
> existing_groupname=Account Operators, Ignoring.
> Group already exists sid=S-1-5-32-549, groupname=Server Operators 
> existing_groupname=Server Operators, Ignoring.
> Group already exists sid=S-1-5-32-545, groupname=Users 
> existing_groupname=Users, Ignoring.
> Group already exists sid=S-1-5-21-1362721961-1801182073-732966438-515, 
> groupname=Domain Computers  existing_groupname=Domain Computers, Ignoring.
> Importing users
> Adding users to groups
> set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_OWNER.

As I mentioned to Ricky, the issue here is that we need a group to own a
file, but the group has been mapped to a GID only when we upgraded.
This would not have been noticed before, as we only now try and get the
permissions correct.  Running with --use-ntvfs will skip the ACL set,
but gets us back to having wrong permissions instead.

We need to either ignore the GID mapping for domain administrators or
come up with a way to work out what UID it is safe to map 'domain
admins' to. 

Andrew Bartlett
-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list